sslapitest.c 233 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982
  1. /*
  2. * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <openssl/opensslconf.h>
  12. #include <openssl/bio.h>
  13. #include <openssl/crypto.h>
  14. #include <openssl/ssl.h>
  15. #include <openssl/ocsp.h>
  16. #include <openssl/srp.h>
  17. #include <openssl/txt_db.h>
  18. #include <openssl/aes.h>
  19. #include <openssl/rand.h>
  20. #include "ssltestlib.h"
  21. #include "testutil.h"
  22. #include "testutil/output.h"
  23. #include "internal/nelem.h"
  24. #include "internal/ktls.h"
  25. #include "../ssl/ssl_local.h"
  26. #ifndef OPENSSL_NO_TLS1_3
  27. static SSL_SESSION *clientpsk = NULL;
  28. static SSL_SESSION *serverpsk = NULL;
  29. static const char *pskid = "Identity";
  30. static const char *srvid;
  31. static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
  32. size_t *idlen, SSL_SESSION **sess);
  33. static int find_session_cb(SSL *ssl, const unsigned char *identity,
  34. size_t identity_len, SSL_SESSION **sess);
  35. static int use_session_cb_cnt = 0;
  36. static int find_session_cb_cnt = 0;
  37. static SSL_SESSION *create_a_psk(SSL *ssl);
  38. #endif
  39. static char *certsdir = NULL;
  40. static char *cert = NULL;
  41. static char *privkey = NULL;
  42. static char *srpvfile = NULL;
  43. static char *tmpfilename = NULL;
  44. #define LOG_BUFFER_SIZE 2048
  45. static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
  46. static size_t server_log_buffer_index = 0;
  47. static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
  48. static size_t client_log_buffer_index = 0;
  49. static int error_writing_log = 0;
  50. #ifndef OPENSSL_NO_OCSP
  51. static const unsigned char orespder[] = "Dummy OCSP Response";
  52. static int ocsp_server_called = 0;
  53. static int ocsp_client_called = 0;
  54. static int cdummyarg = 1;
  55. static X509 *ocspcert = NULL;
  56. #endif
  57. #define NUM_EXTRA_CERTS 40
  58. #define CLIENT_VERSION_LEN 2
  59. /*
  60. * This structure is used to validate that the correct number of log messages
  61. * of various types are emitted when emitting secret logs.
  62. */
  63. struct sslapitest_log_counts {
  64. unsigned int rsa_key_exchange_count;
  65. unsigned int master_secret_count;
  66. unsigned int client_early_secret_count;
  67. unsigned int client_handshake_secret_count;
  68. unsigned int server_handshake_secret_count;
  69. unsigned int client_application_secret_count;
  70. unsigned int server_application_secret_count;
  71. unsigned int early_exporter_secret_count;
  72. unsigned int exporter_secret_count;
  73. };
  74. static unsigned char serverinfov1[] = {
  75. 0xff, 0xff, /* Dummy extension type */
  76. 0x00, 0x01, /* Extension length is 1 byte */
  77. 0xff /* Dummy extension data */
  78. };
  79. static unsigned char serverinfov2[] = {
  80. 0x00, 0x00, 0x00,
  81. (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
  82. 0xff, 0xff, /* Dummy extension type */
  83. 0x00, 0x01, /* Extension length is 1 byte */
  84. 0xff /* Dummy extension data */
  85. };
  86. static void client_keylog_callback(const SSL *ssl, const char *line)
  87. {
  88. int line_length = strlen(line);
  89. /* If the log doesn't fit, error out. */
  90. if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
  91. TEST_info("Client log too full");
  92. error_writing_log = 1;
  93. return;
  94. }
  95. strcat(client_log_buffer, line);
  96. client_log_buffer_index += line_length;
  97. client_log_buffer[client_log_buffer_index++] = '\n';
  98. }
  99. static void server_keylog_callback(const SSL *ssl, const char *line)
  100. {
  101. int line_length = strlen(line);
  102. /* If the log doesn't fit, error out. */
  103. if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
  104. TEST_info("Server log too full");
  105. error_writing_log = 1;
  106. return;
  107. }
  108. strcat(server_log_buffer, line);
  109. server_log_buffer_index += line_length;
  110. server_log_buffer[server_log_buffer_index++] = '\n';
  111. }
  112. static int compare_hex_encoded_buffer(const char *hex_encoded,
  113. size_t hex_length,
  114. const uint8_t *raw,
  115. size_t raw_length)
  116. {
  117. size_t i, j;
  118. char hexed[3];
  119. if (!TEST_size_t_eq(raw_length * 2, hex_length))
  120. return 1;
  121. for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
  122. sprintf(hexed, "%02x", raw[i]);
  123. if (!TEST_int_eq(hexed[0], hex_encoded[j])
  124. || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
  125. return 1;
  126. }
  127. return 0;
  128. }
  129. static int test_keylog_output(char *buffer, const SSL *ssl,
  130. const SSL_SESSION *session,
  131. struct sslapitest_log_counts *expected)
  132. {
  133. char *token = NULL;
  134. unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
  135. size_t client_random_size = SSL3_RANDOM_SIZE;
  136. unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
  137. size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
  138. unsigned int rsa_key_exchange_count = 0;
  139. unsigned int master_secret_count = 0;
  140. unsigned int client_early_secret_count = 0;
  141. unsigned int client_handshake_secret_count = 0;
  142. unsigned int server_handshake_secret_count = 0;
  143. unsigned int client_application_secret_count = 0;
  144. unsigned int server_application_secret_count = 0;
  145. unsigned int early_exporter_secret_count = 0;
  146. unsigned int exporter_secret_count = 0;
  147. for (token = strtok(buffer, " \n"); token != NULL;
  148. token = strtok(NULL, " \n")) {
  149. if (strcmp(token, "RSA") == 0) {
  150. /*
  151. * Premaster secret. Tokens should be: 16 ASCII bytes of
  152. * hex-encoded encrypted secret, then the hex-encoded pre-master
  153. * secret.
  154. */
  155. if (!TEST_ptr(token = strtok(NULL, " \n")))
  156. return 0;
  157. if (!TEST_size_t_eq(strlen(token), 16))
  158. return 0;
  159. if (!TEST_ptr(token = strtok(NULL, " \n")))
  160. return 0;
  161. /*
  162. * We can't sensibly check the log because the premaster secret is
  163. * transient, and OpenSSL doesn't keep hold of it once the master
  164. * secret is generated.
  165. */
  166. rsa_key_exchange_count++;
  167. } else if (strcmp(token, "CLIENT_RANDOM") == 0) {
  168. /*
  169. * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
  170. * client random, then the hex-encoded master secret.
  171. */
  172. client_random_size = SSL_get_client_random(ssl,
  173. actual_client_random,
  174. SSL3_RANDOM_SIZE);
  175. if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
  176. return 0;
  177. if (!TEST_ptr(token = strtok(NULL, " \n")))
  178. return 0;
  179. if (!TEST_size_t_eq(strlen(token), 64))
  180. return 0;
  181. if (!TEST_false(compare_hex_encoded_buffer(token, 64,
  182. actual_client_random,
  183. client_random_size)))
  184. return 0;
  185. if (!TEST_ptr(token = strtok(NULL, " \n")))
  186. return 0;
  187. master_key_size = SSL_SESSION_get_master_key(session,
  188. actual_master_key,
  189. master_key_size);
  190. if (!TEST_size_t_ne(master_key_size, 0))
  191. return 0;
  192. if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
  193. actual_master_key,
  194. master_key_size)))
  195. return 0;
  196. master_secret_count++;
  197. } else if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0
  198. || strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
  199. || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
  200. || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
  201. || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0
  202. || strcmp(token, "EARLY_EXPORTER_SECRET") == 0
  203. || strcmp(token, "EXPORTER_SECRET") == 0) {
  204. /*
  205. * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
  206. * client random, and then the hex-encoded secret. In this case,
  207. * we treat all of these secrets identically and then just
  208. * distinguish between them when counting what we saw.
  209. */
  210. if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0)
  211. client_early_secret_count++;
  212. else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
  213. client_handshake_secret_count++;
  214. else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
  215. server_handshake_secret_count++;
  216. else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
  217. client_application_secret_count++;
  218. else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
  219. server_application_secret_count++;
  220. else if (strcmp(token, "EARLY_EXPORTER_SECRET") == 0)
  221. early_exporter_secret_count++;
  222. else if (strcmp(token, "EXPORTER_SECRET") == 0)
  223. exporter_secret_count++;
  224. client_random_size = SSL_get_client_random(ssl,
  225. actual_client_random,
  226. SSL3_RANDOM_SIZE);
  227. if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
  228. return 0;
  229. if (!TEST_ptr(token = strtok(NULL, " \n")))
  230. return 0;
  231. if (!TEST_size_t_eq(strlen(token), 64))
  232. return 0;
  233. if (!TEST_false(compare_hex_encoded_buffer(token, 64,
  234. actual_client_random,
  235. client_random_size)))
  236. return 0;
  237. if (!TEST_ptr(token = strtok(NULL, " \n")))
  238. return 0;
  239. /*
  240. * TODO(TLS1.3): test that application traffic secrets are what
  241. * we expect */
  242. } else {
  243. TEST_info("Unexpected token %s\n", token);
  244. return 0;
  245. }
  246. }
  247. /* Got what we expected? */
  248. if (!TEST_size_t_eq(rsa_key_exchange_count,
  249. expected->rsa_key_exchange_count)
  250. || !TEST_size_t_eq(master_secret_count,
  251. expected->master_secret_count)
  252. || !TEST_size_t_eq(client_early_secret_count,
  253. expected->client_early_secret_count)
  254. || !TEST_size_t_eq(client_handshake_secret_count,
  255. expected->client_handshake_secret_count)
  256. || !TEST_size_t_eq(server_handshake_secret_count,
  257. expected->server_handshake_secret_count)
  258. || !TEST_size_t_eq(client_application_secret_count,
  259. expected->client_application_secret_count)
  260. || !TEST_size_t_eq(server_application_secret_count,
  261. expected->server_application_secret_count)
  262. || !TEST_size_t_eq(early_exporter_secret_count,
  263. expected->early_exporter_secret_count)
  264. || !TEST_size_t_eq(exporter_secret_count,
  265. expected->exporter_secret_count))
  266. return 0;
  267. return 1;
  268. }
  269. #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
  270. static int test_keylog(void)
  271. {
  272. SSL_CTX *cctx = NULL, *sctx = NULL;
  273. SSL *clientssl = NULL, *serverssl = NULL;
  274. int testresult = 0;
  275. struct sslapitest_log_counts expected;
  276. /* Clean up logging space */
  277. memset(&expected, 0, sizeof(expected));
  278. memset(client_log_buffer, 0, sizeof(client_log_buffer));
  279. memset(server_log_buffer, 0, sizeof(server_log_buffer));
  280. client_log_buffer_index = 0;
  281. server_log_buffer_index = 0;
  282. error_writing_log = 0;
  283. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  284. TLS_client_method(),
  285. TLS1_VERSION, 0,
  286. &sctx, &cctx, cert, privkey)))
  287. return 0;
  288. /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
  289. SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
  290. SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
  291. /* We also want to ensure that we use RSA-based key exchange. */
  292. if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
  293. goto end;
  294. if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
  295. || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
  296. goto end;
  297. SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
  298. if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
  299. == client_keylog_callback))
  300. goto end;
  301. SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
  302. if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
  303. == server_keylog_callback))
  304. goto end;
  305. /* Now do a handshake and check that the logs have been written to. */
  306. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  307. &clientssl, NULL, NULL))
  308. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  309. SSL_ERROR_NONE))
  310. || !TEST_false(error_writing_log)
  311. || !TEST_int_gt(client_log_buffer_index, 0)
  312. || !TEST_int_gt(server_log_buffer_index, 0))
  313. goto end;
  314. /*
  315. * Now we want to test that our output data was vaguely sensible. We
  316. * do that by using strtok and confirming that we have more or less the
  317. * data we expect. For both client and server, we expect to see one master
  318. * secret. The client should also see a RSA key exchange.
  319. */
  320. expected.rsa_key_exchange_count = 1;
  321. expected.master_secret_count = 1;
  322. if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
  323. SSL_get_session(clientssl), &expected)))
  324. goto end;
  325. expected.rsa_key_exchange_count = 0;
  326. if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
  327. SSL_get_session(serverssl), &expected)))
  328. goto end;
  329. testresult = 1;
  330. end:
  331. SSL_free(serverssl);
  332. SSL_free(clientssl);
  333. SSL_CTX_free(sctx);
  334. SSL_CTX_free(cctx);
  335. return testresult;
  336. }
  337. #endif
  338. #ifndef OPENSSL_NO_TLS1_3
  339. static int test_keylog_no_master_key(void)
  340. {
  341. SSL_CTX *cctx = NULL, *sctx = NULL;
  342. SSL *clientssl = NULL, *serverssl = NULL;
  343. SSL_SESSION *sess = NULL;
  344. int testresult = 0;
  345. struct sslapitest_log_counts expected;
  346. unsigned char buf[1];
  347. size_t readbytes, written;
  348. /* Clean up logging space */
  349. memset(&expected, 0, sizeof(expected));
  350. memset(client_log_buffer, 0, sizeof(client_log_buffer));
  351. memset(server_log_buffer, 0, sizeof(server_log_buffer));
  352. client_log_buffer_index = 0;
  353. server_log_buffer_index = 0;
  354. error_writing_log = 0;
  355. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  356. TLS1_VERSION, 0,
  357. &sctx, &cctx, cert, privkey))
  358. || !TEST_true(SSL_CTX_set_max_early_data(sctx,
  359. SSL3_RT_MAX_PLAIN_LENGTH)))
  360. return 0;
  361. if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
  362. || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
  363. goto end;
  364. SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
  365. if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
  366. == client_keylog_callback))
  367. goto end;
  368. SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
  369. if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
  370. == server_keylog_callback))
  371. goto end;
  372. /* Now do a handshake and check that the logs have been written to. */
  373. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  374. &clientssl, NULL, NULL))
  375. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  376. SSL_ERROR_NONE))
  377. || !TEST_false(error_writing_log))
  378. goto end;
  379. /*
  380. * Now we want to test that our output data was vaguely sensible. For this
  381. * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
  382. * TLSv1.3, but we do expect both client and server to emit keys.
  383. */
  384. expected.client_handshake_secret_count = 1;
  385. expected.server_handshake_secret_count = 1;
  386. expected.client_application_secret_count = 1;
  387. expected.server_application_secret_count = 1;
  388. expected.exporter_secret_count = 1;
  389. if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
  390. SSL_get_session(clientssl), &expected))
  391. || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
  392. SSL_get_session(serverssl),
  393. &expected)))
  394. goto end;
  395. /* Terminate old session and resume with early data. */
  396. sess = SSL_get1_session(clientssl);
  397. SSL_shutdown(clientssl);
  398. SSL_shutdown(serverssl);
  399. SSL_free(serverssl);
  400. SSL_free(clientssl);
  401. serverssl = clientssl = NULL;
  402. /* Reset key log */
  403. memset(client_log_buffer, 0, sizeof(client_log_buffer));
  404. memset(server_log_buffer, 0, sizeof(server_log_buffer));
  405. client_log_buffer_index = 0;
  406. server_log_buffer_index = 0;
  407. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  408. &clientssl, NULL, NULL))
  409. || !TEST_true(SSL_set_session(clientssl, sess))
  410. /* Here writing 0 length early data is enough. */
  411. || !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written))
  412. || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  413. &readbytes),
  414. SSL_READ_EARLY_DATA_ERROR)
  415. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  416. SSL_EARLY_DATA_ACCEPTED)
  417. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  418. SSL_ERROR_NONE))
  419. || !TEST_true(SSL_session_reused(clientssl)))
  420. goto end;
  421. /* In addition to the previous entries, expect early secrets. */
  422. expected.client_early_secret_count = 1;
  423. expected.early_exporter_secret_count = 1;
  424. if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
  425. SSL_get_session(clientssl), &expected))
  426. || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
  427. SSL_get_session(serverssl),
  428. &expected)))
  429. goto end;
  430. testresult = 1;
  431. end:
  432. SSL_SESSION_free(sess);
  433. SSL_free(serverssl);
  434. SSL_free(clientssl);
  435. SSL_CTX_free(sctx);
  436. SSL_CTX_free(cctx);
  437. return testresult;
  438. }
  439. #endif
  440. #ifndef OPENSSL_NO_TLS1_2
  441. static int full_client_hello_callback(SSL *s, int *al, void *arg)
  442. {
  443. int *ctr = arg;
  444. const unsigned char *p;
  445. int *exts;
  446. /* We only configure two ciphers, but the SCSV is added automatically. */
  447. #ifdef OPENSSL_NO_EC
  448. const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
  449. #else
  450. const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
  451. 0x2c, 0x00, 0xff};
  452. #endif
  453. const int expected_extensions[] = {
  454. #ifndef OPENSSL_NO_EC
  455. 11, 10,
  456. #endif
  457. 35, 22, 23, 13};
  458. size_t len;
  459. /* Make sure we can defer processing and get called back. */
  460. if ((*ctr)++ == 0)
  461. return SSL_CLIENT_HELLO_RETRY;
  462. len = SSL_client_hello_get0_ciphers(s, &p);
  463. if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
  464. || !TEST_size_t_eq(
  465. SSL_client_hello_get0_compression_methods(s, &p), 1)
  466. || !TEST_int_eq(*p, 0))
  467. return SSL_CLIENT_HELLO_ERROR;
  468. if (!SSL_client_hello_get1_extensions_present(s, &exts, &len))
  469. return SSL_CLIENT_HELLO_ERROR;
  470. if (len != OSSL_NELEM(expected_extensions) ||
  471. memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
  472. printf("ClientHello callback expected extensions mismatch\n");
  473. OPENSSL_free(exts);
  474. return SSL_CLIENT_HELLO_ERROR;
  475. }
  476. OPENSSL_free(exts);
  477. return SSL_CLIENT_HELLO_SUCCESS;
  478. }
  479. static int test_client_hello_cb(void)
  480. {
  481. SSL_CTX *cctx = NULL, *sctx = NULL;
  482. SSL *clientssl = NULL, *serverssl = NULL;
  483. int testctr = 0, testresult = 0;
  484. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  485. TLS1_VERSION, 0,
  486. &sctx, &cctx, cert, privkey)))
  487. goto end;
  488. SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
  489. /* The gimpy cipher list we configure can't do TLS 1.3. */
  490. SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
  491. if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
  492. "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
  493. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  494. &clientssl, NULL, NULL))
  495. || !TEST_false(create_ssl_connection(serverssl, clientssl,
  496. SSL_ERROR_WANT_CLIENT_HELLO_CB))
  497. /*
  498. * Passing a -1 literal is a hack since
  499. * the real value was lost.
  500. * */
  501. || !TEST_int_eq(SSL_get_error(serverssl, -1),
  502. SSL_ERROR_WANT_CLIENT_HELLO_CB)
  503. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  504. SSL_ERROR_NONE)))
  505. goto end;
  506. testresult = 1;
  507. end:
  508. SSL_free(serverssl);
  509. SSL_free(clientssl);
  510. SSL_CTX_free(sctx);
  511. SSL_CTX_free(cctx);
  512. return testresult;
  513. }
  514. static int test_no_ems(void)
  515. {
  516. SSL_CTX *cctx = NULL, *sctx = NULL;
  517. SSL *clientssl = NULL, *serverssl = NULL;
  518. int testresult = 0;
  519. if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  520. TLS1_VERSION, TLS1_2_VERSION,
  521. &sctx, &cctx, cert, privkey)) {
  522. printf("Unable to create SSL_CTX pair\n");
  523. goto end;
  524. }
  525. SSL_CTX_set_options(sctx, SSL_OP_NO_EXTENDED_MASTER_SECRET);
  526. if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
  527. printf("Unable to create SSL objects\n");
  528. goto end;
  529. }
  530. if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
  531. printf("Creating SSL connection failed\n");
  532. goto end;
  533. }
  534. if (SSL_get_extms_support(serverssl)) {
  535. printf("Server reports Extended Master Secret support\n");
  536. goto end;
  537. }
  538. if (SSL_get_extms_support(clientssl)) {
  539. printf("Client reports Extended Master Secret support\n");
  540. goto end;
  541. }
  542. testresult = 1;
  543. end:
  544. SSL_free(serverssl);
  545. SSL_free(clientssl);
  546. SSL_CTX_free(sctx);
  547. SSL_CTX_free(cctx);
  548. return testresult;
  549. }
  550. #endif
  551. static int execute_test_large_message(const SSL_METHOD *smeth,
  552. const SSL_METHOD *cmeth,
  553. int min_version, int max_version,
  554. int read_ahead)
  555. {
  556. SSL_CTX *cctx = NULL, *sctx = NULL;
  557. SSL *clientssl = NULL, *serverssl = NULL;
  558. int testresult = 0;
  559. int i;
  560. BIO *certbio = NULL;
  561. X509 *chaincert = NULL;
  562. int certlen;
  563. if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
  564. goto end;
  565. chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
  566. BIO_free(certbio);
  567. certbio = NULL;
  568. if (!TEST_ptr(chaincert))
  569. goto end;
  570. if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
  571. &sctx, &cctx, cert, privkey)))
  572. goto end;
  573. if (read_ahead) {
  574. /*
  575. * Test that read_ahead works correctly when dealing with large
  576. * records
  577. */
  578. SSL_CTX_set_read_ahead(cctx, 1);
  579. }
  580. /*
  581. * We assume the supplied certificate is big enough so that if we add
  582. * NUM_EXTRA_CERTS it will make the overall message large enough. The
  583. * default buffer size is requested to be 16k, but due to the way BUF_MEM
  584. * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
  585. * test we need to have a message larger than that.
  586. */
  587. certlen = i2d_X509(chaincert, NULL);
  588. OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
  589. (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
  590. for (i = 0; i < NUM_EXTRA_CERTS; i++) {
  591. if (!X509_up_ref(chaincert))
  592. goto end;
  593. if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
  594. X509_free(chaincert);
  595. goto end;
  596. }
  597. }
  598. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  599. NULL, NULL))
  600. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  601. SSL_ERROR_NONE)))
  602. goto end;
  603. /*
  604. * Calling SSL_clear() first is not required but this tests that SSL_clear()
  605. * doesn't leak (when using enable-crypto-mdebug).
  606. */
  607. if (!TEST_true(SSL_clear(serverssl)))
  608. goto end;
  609. testresult = 1;
  610. end:
  611. X509_free(chaincert);
  612. SSL_free(serverssl);
  613. SSL_free(clientssl);
  614. SSL_CTX_free(sctx);
  615. SSL_CTX_free(cctx);
  616. return testresult;
  617. }
  618. #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
  619. && !defined(OPENSSL_NO_SOCK)
  620. /* sock must be connected */
  621. static int ktls_chk_platform(int sock)
  622. {
  623. if (!ktls_enable(sock))
  624. return 0;
  625. return 1;
  626. }
  627. static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd)
  628. {
  629. static char count = 1;
  630. unsigned char cbuf[16000] = {0};
  631. unsigned char sbuf[16000];
  632. size_t err = 0;
  633. char crec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
  634. char crec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
  635. char crec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
  636. char crec_rseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
  637. char srec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
  638. char srec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
  639. char srec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
  640. char srec_rseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
  641. cbuf[0] = count++;
  642. memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence,
  643. TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
  644. memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence,
  645. TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
  646. memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence,
  647. TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
  648. memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence,
  649. TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
  650. if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
  651. goto end;
  652. while ((err = SSL_read(serverssl, &sbuf, sizeof(sbuf))) != sizeof(sbuf)) {
  653. if (SSL_get_error(serverssl, err) != SSL_ERROR_WANT_READ) {
  654. goto end;
  655. }
  656. }
  657. if (!TEST_true(SSL_write(serverssl, sbuf, sizeof(sbuf)) == sizeof(sbuf)))
  658. goto end;
  659. while ((err = SSL_read(clientssl, &cbuf, sizeof(cbuf))) != sizeof(cbuf)) {
  660. if (SSL_get_error(clientssl, err) != SSL_ERROR_WANT_READ) {
  661. goto end;
  662. }
  663. }
  664. memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence,
  665. TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
  666. memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence,
  667. TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
  668. memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence,
  669. TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
  670. memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence,
  671. TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
  672. /* verify the payload */
  673. if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf)))
  674. goto end;
  675. /* ktls is used then kernel sequences are used instead of OpenSSL sequences */
  676. if (clientssl->mode & SSL_MODE_NO_KTLS_TX) {
  677. if (!TEST_mem_ne(crec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
  678. crec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
  679. goto end;
  680. } else {
  681. if (!TEST_mem_eq(crec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
  682. crec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
  683. goto end;
  684. }
  685. if (serverssl->mode & SSL_MODE_NO_KTLS_TX) {
  686. if (!TEST_mem_ne(srec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
  687. srec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
  688. goto end;
  689. } else {
  690. if (!TEST_mem_eq(srec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
  691. srec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
  692. goto end;
  693. }
  694. if (clientssl->mode & SSL_MODE_NO_KTLS_RX) {
  695. if (!TEST_mem_ne(crec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
  696. crec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
  697. goto end;
  698. } else {
  699. if (!TEST_mem_eq(crec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
  700. crec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
  701. goto end;
  702. }
  703. if (serverssl->mode & SSL_MODE_NO_KTLS_RX) {
  704. if (!TEST_mem_ne(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
  705. srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
  706. goto end;
  707. } else {
  708. if (!TEST_mem_eq(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
  709. srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
  710. goto end;
  711. }
  712. return 1;
  713. end:
  714. return 0;
  715. }
  716. static int execute_test_ktls(int cis_ktls_tx, int cis_ktls_rx,
  717. int sis_ktls_tx, int sis_ktls_rx)
  718. {
  719. SSL_CTX *cctx = NULL, *sctx = NULL;
  720. SSL *clientssl = NULL, *serverssl = NULL;
  721. int testresult = 0;
  722. int cfd, sfd;
  723. if (!TEST_true(create_test_sockets(&cfd, &sfd)))
  724. goto end;
  725. /* Skip this test if the platform does not support ktls */
  726. if (!ktls_chk_platform(cfd))
  727. return 1;
  728. /* Create a session based on SHA-256 */
  729. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  730. TLS_client_method(),
  731. TLS1_2_VERSION, TLS1_2_VERSION,
  732. &sctx, &cctx, cert, privkey))
  733. || !TEST_true(SSL_CTX_set_cipher_list(cctx,
  734. "AES128-GCM-SHA256"))
  735. || !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
  736. &clientssl, sfd, cfd)))
  737. goto end;
  738. if (!cis_ktls_tx) {
  739. if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_TX)))
  740. goto end;
  741. }
  742. if (!sis_ktls_tx) {
  743. if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_TX)))
  744. goto end;
  745. }
  746. if (!cis_ktls_rx) {
  747. if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_RX)))
  748. goto end;
  749. }
  750. if (!sis_ktls_rx) {
  751. if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_RX)))
  752. goto end;
  753. }
  754. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  755. SSL_ERROR_NONE)))
  756. goto end;
  757. if (!cis_ktls_tx) {
  758. if (!TEST_false(BIO_get_ktls_send(clientssl->wbio)))
  759. goto end;
  760. } else {
  761. if (!TEST_true(BIO_get_ktls_send(clientssl->wbio)))
  762. goto end;
  763. }
  764. if (!sis_ktls_tx) {
  765. if (!TEST_false(BIO_get_ktls_send(serverssl->wbio)))
  766. goto end;
  767. } else {
  768. if (!TEST_true(BIO_get_ktls_send(serverssl->wbio)))
  769. goto end;
  770. }
  771. if (!cis_ktls_rx) {
  772. if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio)))
  773. goto end;
  774. } else {
  775. if (!TEST_true(BIO_get_ktls_recv(clientssl->rbio)))
  776. goto end;
  777. }
  778. if (!sis_ktls_rx) {
  779. if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio)))
  780. goto end;
  781. } else {
  782. if (!TEST_true(BIO_get_ktls_recv(serverssl->rbio)))
  783. goto end;
  784. }
  785. if (!TEST_true(ping_pong_query(clientssl, serverssl, cfd, sfd)))
  786. goto end;
  787. testresult = 1;
  788. end:
  789. if (clientssl) {
  790. SSL_shutdown(clientssl);
  791. SSL_free(clientssl);
  792. }
  793. if (serverssl) {
  794. SSL_shutdown(serverssl);
  795. SSL_free(serverssl);
  796. }
  797. SSL_CTX_free(sctx);
  798. SSL_CTX_free(cctx);
  799. serverssl = clientssl = NULL;
  800. return testresult;
  801. }
  802. #define SENDFILE_SZ (16 * 4096)
  803. #define SENDFILE_CHUNK (4 * 4096)
  804. #define min(a,b) ((a) > (b) ? (b) : (a))
  805. static int test_ktls_sendfile(void)
  806. {
  807. SSL_CTX *cctx = NULL, *sctx = NULL;
  808. SSL *clientssl = NULL, *serverssl = NULL;
  809. unsigned char *buf, *buf_dst;
  810. BIO *out = NULL, *in = NULL;
  811. int cfd, sfd, ffd, err;
  812. ssize_t chunk_size = 0;
  813. off_t chunk_off = 0;
  814. int testresult = 0;
  815. FILE *ffdp;
  816. buf = OPENSSL_zalloc(SENDFILE_SZ);
  817. buf_dst = OPENSSL_zalloc(SENDFILE_SZ);
  818. if (!TEST_ptr(buf) || !TEST_ptr(buf_dst)
  819. || !TEST_true(create_test_sockets(&cfd, &sfd)))
  820. goto end;
  821. /* Skip this test if the platform does not support ktls */
  822. if (!ktls_chk_platform(sfd)) {
  823. testresult = 1;
  824. goto end;
  825. }
  826. /* Create a session based on SHA-256 */
  827. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  828. TLS_client_method(),
  829. TLS1_2_VERSION, TLS1_2_VERSION,
  830. &sctx, &cctx, cert, privkey))
  831. || !TEST_true(SSL_CTX_set_cipher_list(cctx,
  832. "AES128-GCM-SHA256"))
  833. || !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
  834. &clientssl, sfd, cfd)))
  835. goto end;
  836. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  837. SSL_ERROR_NONE))
  838. || !TEST_true(BIO_get_ktls_send(serverssl->wbio)))
  839. goto end;
  840. RAND_bytes(buf, SENDFILE_SZ);
  841. out = BIO_new_file(tmpfilename, "wb");
  842. if (!TEST_ptr(out))
  843. goto end;
  844. if (BIO_write(out, buf, SENDFILE_SZ) != SENDFILE_SZ)
  845. goto end;
  846. BIO_free(out);
  847. out = NULL;
  848. in = BIO_new_file(tmpfilename, "rb");
  849. BIO_get_fp(in, &ffdp);
  850. ffd = fileno(ffdp);
  851. while (chunk_off < SENDFILE_SZ) {
  852. chunk_size = min(SENDFILE_CHUNK, SENDFILE_SZ - chunk_off);
  853. while ((err = SSL_sendfile(serverssl,
  854. ffd,
  855. chunk_off,
  856. chunk_size,
  857. 0)) != chunk_size) {
  858. if (SSL_get_error(serverssl, err) != SSL_ERROR_WANT_WRITE)
  859. goto end;
  860. }
  861. while ((err = SSL_read(clientssl,
  862. buf_dst + chunk_off,
  863. chunk_size)) != chunk_size) {
  864. if (SSL_get_error(clientssl, err) != SSL_ERROR_WANT_READ)
  865. goto end;
  866. }
  867. /* verify the payload */
  868. if (!TEST_mem_eq(buf_dst + chunk_off,
  869. chunk_size,
  870. buf + chunk_off,
  871. chunk_size))
  872. goto end;
  873. chunk_off += chunk_size;
  874. }
  875. testresult = 1;
  876. end:
  877. if (clientssl) {
  878. SSL_shutdown(clientssl);
  879. SSL_free(clientssl);
  880. }
  881. if (serverssl) {
  882. SSL_shutdown(serverssl);
  883. SSL_free(serverssl);
  884. }
  885. SSL_CTX_free(sctx);
  886. SSL_CTX_free(cctx);
  887. serverssl = clientssl = NULL;
  888. BIO_free(out);
  889. BIO_free(in);
  890. OPENSSL_free(buf);
  891. OPENSSL_free(buf_dst);
  892. return testresult;
  893. }
  894. static int test_ktls_no_txrx_client_no_txrx_server(void)
  895. {
  896. return execute_test_ktls(0, 0, 0, 0);
  897. }
  898. static int test_ktls_no_rx_client_no_txrx_server(void)
  899. {
  900. return execute_test_ktls(1, 0, 0, 0);
  901. }
  902. static int test_ktls_no_tx_client_no_txrx_server(void)
  903. {
  904. return execute_test_ktls(0, 1, 0, 0);
  905. }
  906. static int test_ktls_client_no_txrx_server(void)
  907. {
  908. return execute_test_ktls(1, 1, 0, 0);
  909. }
  910. static int test_ktls_no_txrx_client_no_rx_server(void)
  911. {
  912. return execute_test_ktls(0, 0, 1, 0);
  913. }
  914. static int test_ktls_no_rx_client_no_rx_server(void)
  915. {
  916. return execute_test_ktls(1, 0, 1, 0);
  917. }
  918. static int test_ktls_no_tx_client_no_rx_server(void)
  919. {
  920. return execute_test_ktls(0, 1, 1, 0);
  921. }
  922. static int test_ktls_client_no_rx_server(void)
  923. {
  924. return execute_test_ktls(1, 1, 1, 0);
  925. }
  926. static int test_ktls_no_txrx_client_no_tx_server(void)
  927. {
  928. return execute_test_ktls(0, 0, 0, 1);
  929. }
  930. static int test_ktls_no_rx_client_no_tx_server(void)
  931. {
  932. return execute_test_ktls(1, 0, 0, 1);
  933. }
  934. static int test_ktls_no_tx_client_no_tx_server(void)
  935. {
  936. return execute_test_ktls(0, 1, 0, 1);
  937. }
  938. static int test_ktls_client_no_tx_server(void)
  939. {
  940. return execute_test_ktls(1, 1, 0, 1);
  941. }
  942. static int test_ktls_no_txrx_client_server(void)
  943. {
  944. return execute_test_ktls(0, 0, 1, 1);
  945. }
  946. static int test_ktls_no_rx_client_server(void)
  947. {
  948. return execute_test_ktls(1, 0, 1, 1);
  949. }
  950. static int test_ktls_no_tx_client_server(void)
  951. {
  952. return execute_test_ktls(0, 1, 1, 1);
  953. }
  954. static int test_ktls_client_server(void)
  955. {
  956. return execute_test_ktls(1, 1, 1, 1);
  957. }
  958. #endif
  959. static int test_large_message_tls(void)
  960. {
  961. return execute_test_large_message(TLS_server_method(), TLS_client_method(),
  962. TLS1_VERSION, 0, 0);
  963. }
  964. static int test_large_message_tls_read_ahead(void)
  965. {
  966. return execute_test_large_message(TLS_server_method(), TLS_client_method(),
  967. TLS1_VERSION, 0, 1);
  968. }
  969. #ifndef OPENSSL_NO_DTLS
  970. static int test_large_message_dtls(void)
  971. {
  972. /*
  973. * read_ahead is not relevant to DTLS because DTLS always acts as if
  974. * read_ahead is set.
  975. */
  976. return execute_test_large_message(DTLS_server_method(),
  977. DTLS_client_method(),
  978. DTLS1_VERSION, 0, 0);
  979. }
  980. #endif
  981. #ifndef OPENSSL_NO_OCSP
  982. static int ocsp_server_cb(SSL *s, void *arg)
  983. {
  984. int *argi = (int *)arg;
  985. unsigned char *copy = NULL;
  986. STACK_OF(OCSP_RESPID) *ids = NULL;
  987. OCSP_RESPID *id = NULL;
  988. if (*argi == 2) {
  989. /* In this test we are expecting exactly 1 OCSP_RESPID */
  990. SSL_get_tlsext_status_ids(s, &ids);
  991. if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
  992. return SSL_TLSEXT_ERR_ALERT_FATAL;
  993. id = sk_OCSP_RESPID_value(ids, 0);
  994. if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
  995. return SSL_TLSEXT_ERR_ALERT_FATAL;
  996. } else if (*argi != 1) {
  997. return SSL_TLSEXT_ERR_ALERT_FATAL;
  998. }
  999. if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
  1000. return SSL_TLSEXT_ERR_ALERT_FATAL;
  1001. SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
  1002. ocsp_server_called = 1;
  1003. return SSL_TLSEXT_ERR_OK;
  1004. }
  1005. static int ocsp_client_cb(SSL *s, void *arg)
  1006. {
  1007. int *argi = (int *)arg;
  1008. const unsigned char *respderin;
  1009. size_t len;
  1010. if (*argi != 1 && *argi != 2)
  1011. return 0;
  1012. len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
  1013. if (!TEST_mem_eq(orespder, len, respderin, len))
  1014. return 0;
  1015. ocsp_client_called = 1;
  1016. return 1;
  1017. }
  1018. static int test_tlsext_status_type(void)
  1019. {
  1020. SSL_CTX *cctx = NULL, *sctx = NULL;
  1021. SSL *clientssl = NULL, *serverssl = NULL;
  1022. int testresult = 0;
  1023. STACK_OF(OCSP_RESPID) *ids = NULL;
  1024. OCSP_RESPID *id = NULL;
  1025. BIO *certbio = NULL;
  1026. if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  1027. TLS1_VERSION, 0,
  1028. &sctx, &cctx, cert, privkey))
  1029. return 0;
  1030. if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
  1031. goto end;
  1032. /* First just do various checks getting and setting tlsext_status_type */
  1033. clientssl = SSL_new(cctx);
  1034. if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
  1035. || !TEST_true(SSL_set_tlsext_status_type(clientssl,
  1036. TLSEXT_STATUSTYPE_ocsp))
  1037. || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
  1038. TLSEXT_STATUSTYPE_ocsp))
  1039. goto end;
  1040. SSL_free(clientssl);
  1041. clientssl = NULL;
  1042. if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
  1043. || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
  1044. goto end;
  1045. clientssl = SSL_new(cctx);
  1046. if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
  1047. goto end;
  1048. SSL_free(clientssl);
  1049. clientssl = NULL;
  1050. /*
  1051. * Now actually do a handshake and check OCSP information is exchanged and
  1052. * the callbacks get called
  1053. */
  1054. SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
  1055. SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
  1056. SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
  1057. SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
  1058. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  1059. &clientssl, NULL, NULL))
  1060. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  1061. SSL_ERROR_NONE))
  1062. || !TEST_true(ocsp_client_called)
  1063. || !TEST_true(ocsp_server_called))
  1064. goto end;
  1065. SSL_free(serverssl);
  1066. SSL_free(clientssl);
  1067. serverssl = NULL;
  1068. clientssl = NULL;
  1069. /* Try again but this time force the server side callback to fail */
  1070. ocsp_client_called = 0;
  1071. ocsp_server_called = 0;
  1072. cdummyarg = 0;
  1073. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  1074. &clientssl, NULL, NULL))
  1075. /* This should fail because the callback will fail */
  1076. || !TEST_false(create_ssl_connection(serverssl, clientssl,
  1077. SSL_ERROR_NONE))
  1078. || !TEST_false(ocsp_client_called)
  1079. || !TEST_false(ocsp_server_called))
  1080. goto end;
  1081. SSL_free(serverssl);
  1082. SSL_free(clientssl);
  1083. serverssl = NULL;
  1084. clientssl = NULL;
  1085. /*
  1086. * This time we'll get the client to send an OCSP_RESPID that it will
  1087. * accept.
  1088. */
  1089. ocsp_client_called = 0;
  1090. ocsp_server_called = 0;
  1091. cdummyarg = 2;
  1092. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  1093. &clientssl, NULL, NULL)))
  1094. goto end;
  1095. /*
  1096. * We'll just use any old cert for this test - it doesn't have to be an OCSP
  1097. * specific one. We'll use the server cert.
  1098. */
  1099. if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
  1100. || !TEST_ptr(id = OCSP_RESPID_new())
  1101. || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
  1102. || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
  1103. NULL, NULL, NULL))
  1104. || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
  1105. || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
  1106. goto end;
  1107. id = NULL;
  1108. SSL_set_tlsext_status_ids(clientssl, ids);
  1109. /* Control has been transferred */
  1110. ids = NULL;
  1111. BIO_free(certbio);
  1112. certbio = NULL;
  1113. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  1114. SSL_ERROR_NONE))
  1115. || !TEST_true(ocsp_client_called)
  1116. || !TEST_true(ocsp_server_called))
  1117. goto end;
  1118. testresult = 1;
  1119. end:
  1120. SSL_free(serverssl);
  1121. SSL_free(clientssl);
  1122. SSL_CTX_free(sctx);
  1123. SSL_CTX_free(cctx);
  1124. sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
  1125. OCSP_RESPID_free(id);
  1126. BIO_free(certbio);
  1127. X509_free(ocspcert);
  1128. ocspcert = NULL;
  1129. return testresult;
  1130. }
  1131. #endif
  1132. #if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
  1133. static int new_called, remove_called, get_called;
  1134. static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
  1135. {
  1136. new_called++;
  1137. /*
  1138. * sess has been up-refed for us, but we don't actually need it so free it
  1139. * immediately.
  1140. */
  1141. SSL_SESSION_free(sess);
  1142. return 1;
  1143. }
  1144. static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
  1145. {
  1146. remove_called++;
  1147. }
  1148. static SSL_SESSION *get_sess_val = NULL;
  1149. static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
  1150. int *copy)
  1151. {
  1152. get_called++;
  1153. *copy = 1;
  1154. return get_sess_val;
  1155. }
  1156. static int execute_test_session(int maxprot, int use_int_cache,
  1157. int use_ext_cache)
  1158. {
  1159. SSL_CTX *sctx = NULL, *cctx = NULL;
  1160. SSL *serverssl1 = NULL, *clientssl1 = NULL;
  1161. SSL *serverssl2 = NULL, *clientssl2 = NULL;
  1162. # ifndef OPENSSL_NO_TLS1_1
  1163. SSL *serverssl3 = NULL, *clientssl3 = NULL;
  1164. # endif
  1165. SSL_SESSION *sess1 = NULL, *sess2 = NULL;
  1166. int testresult = 0, numnewsesstick = 1;
  1167. new_called = remove_called = 0;
  1168. /* TLSv1.3 sends 2 NewSessionTickets */
  1169. if (maxprot == TLS1_3_VERSION)
  1170. numnewsesstick = 2;
  1171. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  1172. TLS1_VERSION, 0,
  1173. &sctx, &cctx, cert, privkey)))
  1174. return 0;
  1175. /*
  1176. * Only allow the max protocol version so we can force a connection failure
  1177. * later
  1178. */
  1179. SSL_CTX_set_min_proto_version(cctx, maxprot);
  1180. SSL_CTX_set_max_proto_version(cctx, maxprot);
  1181. /* Set up session cache */
  1182. if (use_ext_cache) {
  1183. SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
  1184. SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
  1185. }
  1186. if (use_int_cache) {
  1187. /* Also covers instance where both are set */
  1188. SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
  1189. } else {
  1190. SSL_CTX_set_session_cache_mode(cctx,
  1191. SSL_SESS_CACHE_CLIENT
  1192. | SSL_SESS_CACHE_NO_INTERNAL_STORE);
  1193. }
  1194. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
  1195. NULL, NULL))
  1196. || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
  1197. SSL_ERROR_NONE))
  1198. || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
  1199. goto end;
  1200. /* Should fail because it should already be in the cache */
  1201. if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
  1202. goto end;
  1203. if (use_ext_cache
  1204. && (!TEST_int_eq(new_called, numnewsesstick)
  1205. || !TEST_int_eq(remove_called, 0)))
  1206. goto end;
  1207. new_called = remove_called = 0;
  1208. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
  1209. &clientssl2, NULL, NULL))
  1210. || !TEST_true(SSL_set_session(clientssl2, sess1))
  1211. || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
  1212. SSL_ERROR_NONE))
  1213. || !TEST_true(SSL_session_reused(clientssl2)))
  1214. goto end;
  1215. if (maxprot == TLS1_3_VERSION) {
  1216. /*
  1217. * In TLSv1.3 we should have created a new session even though we have
  1218. * resumed. Since we attempted a resume we should also have removed the
  1219. * old ticket from the cache so that we try to only use tickets once.
  1220. */
  1221. if (use_ext_cache
  1222. && (!TEST_int_eq(new_called, 1)
  1223. || !TEST_int_eq(remove_called, 1)))
  1224. goto end;
  1225. } else {
  1226. /*
  1227. * In TLSv1.2 we expect to have resumed so no sessions added or
  1228. * removed.
  1229. */
  1230. if (use_ext_cache
  1231. && (!TEST_int_eq(new_called, 0)
  1232. || !TEST_int_eq(remove_called, 0)))
  1233. goto end;
  1234. }
  1235. SSL_SESSION_free(sess1);
  1236. if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2)))
  1237. goto end;
  1238. shutdown_ssl_connection(serverssl2, clientssl2);
  1239. serverssl2 = clientssl2 = NULL;
  1240. new_called = remove_called = 0;
  1241. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
  1242. &clientssl2, NULL, NULL))
  1243. || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
  1244. SSL_ERROR_NONE)))
  1245. goto end;
  1246. if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
  1247. goto end;
  1248. if (use_ext_cache
  1249. && (!TEST_int_eq(new_called, numnewsesstick)
  1250. || !TEST_int_eq(remove_called, 0)))
  1251. goto end;
  1252. new_called = remove_called = 0;
  1253. /*
  1254. * This should clear sess2 from the cache because it is a "bad" session.
  1255. * See SSL_set_session() documentation.
  1256. */
  1257. if (!TEST_true(SSL_set_session(clientssl2, sess1)))
  1258. goto end;
  1259. if (use_ext_cache
  1260. && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
  1261. goto end;
  1262. if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
  1263. goto end;
  1264. if (use_int_cache) {
  1265. /* Should succeeded because it should not already be in the cache */
  1266. if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
  1267. || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
  1268. goto end;
  1269. }
  1270. new_called = remove_called = 0;
  1271. /* This shouldn't be in the cache so should fail */
  1272. if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
  1273. goto end;
  1274. if (use_ext_cache
  1275. && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
  1276. goto end;
  1277. # if !defined(OPENSSL_NO_TLS1_1)
  1278. new_called = remove_called = 0;
  1279. /* Force a connection failure */
  1280. SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
  1281. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
  1282. &clientssl3, NULL, NULL))
  1283. || !TEST_true(SSL_set_session(clientssl3, sess1))
  1284. /* This should fail because of the mismatched protocol versions */
  1285. || !TEST_false(create_ssl_connection(serverssl3, clientssl3,
  1286. SSL_ERROR_NONE)))
  1287. goto end;
  1288. /* We should have automatically removed the session from the cache */
  1289. if (use_ext_cache
  1290. && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
  1291. goto end;
  1292. /* Should succeed because it should not already be in the cache */
  1293. if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2)))
  1294. goto end;
  1295. # endif
  1296. /* Now do some tests for server side caching */
  1297. if (use_ext_cache) {
  1298. SSL_CTX_sess_set_new_cb(cctx, NULL);
  1299. SSL_CTX_sess_set_remove_cb(cctx, NULL);
  1300. SSL_CTX_sess_set_new_cb(sctx, new_session_cb);
  1301. SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb);
  1302. SSL_CTX_sess_set_get_cb(sctx, get_session_cb);
  1303. get_sess_val = NULL;
  1304. }
  1305. SSL_CTX_set_session_cache_mode(cctx, 0);
  1306. /* Internal caching is the default on the server side */
  1307. if (!use_int_cache)
  1308. SSL_CTX_set_session_cache_mode(sctx,
  1309. SSL_SESS_CACHE_SERVER
  1310. | SSL_SESS_CACHE_NO_INTERNAL_STORE);
  1311. SSL_free(serverssl1);
  1312. SSL_free(clientssl1);
  1313. serverssl1 = clientssl1 = NULL;
  1314. SSL_free(serverssl2);
  1315. SSL_free(clientssl2);
  1316. serverssl2 = clientssl2 = NULL;
  1317. SSL_SESSION_free(sess1);
  1318. sess1 = NULL;
  1319. SSL_SESSION_free(sess2);
  1320. sess2 = NULL;
  1321. SSL_CTX_set_max_proto_version(sctx, maxprot);
  1322. if (maxprot == TLS1_2_VERSION)
  1323. SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
  1324. new_called = remove_called = get_called = 0;
  1325. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
  1326. NULL, NULL))
  1327. || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
  1328. SSL_ERROR_NONE))
  1329. || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))
  1330. || !TEST_ptr(sess2 = SSL_get1_session(serverssl1)))
  1331. goto end;
  1332. if (use_int_cache) {
  1333. if (maxprot == TLS1_3_VERSION && !use_ext_cache) {
  1334. /*
  1335. * In TLSv1.3 it should not have been added to the internal cache,
  1336. * except in the case where we also have an external cache (in that
  1337. * case it gets added to the cache in order to generate remove
  1338. * events after timeout).
  1339. */
  1340. if (!TEST_false(SSL_CTX_remove_session(sctx, sess2)))
  1341. goto end;
  1342. } else {
  1343. /* Should fail because it should already be in the cache */
  1344. if (!TEST_false(SSL_CTX_add_session(sctx, sess2)))
  1345. goto end;
  1346. }
  1347. }
  1348. if (use_ext_cache) {
  1349. SSL_SESSION *tmp = sess2;
  1350. if (!TEST_int_eq(new_called, numnewsesstick)
  1351. || !TEST_int_eq(remove_called, 0)
  1352. || !TEST_int_eq(get_called, 0))
  1353. goto end;
  1354. /*
  1355. * Delete the session from the internal cache to force a lookup from
  1356. * the external cache. We take a copy first because
  1357. * SSL_CTX_remove_session() also marks the session as non-resumable.
  1358. */
  1359. if (use_int_cache && maxprot != TLS1_3_VERSION) {
  1360. if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
  1361. || !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
  1362. goto end;
  1363. SSL_SESSION_free(sess2);
  1364. }
  1365. sess2 = tmp;
  1366. }
  1367. new_called = remove_called = get_called = 0;
  1368. get_sess_val = sess2;
  1369. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
  1370. &clientssl2, NULL, NULL))
  1371. || !TEST_true(SSL_set_session(clientssl2, sess1))
  1372. || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
  1373. SSL_ERROR_NONE))
  1374. || !TEST_true(SSL_session_reused(clientssl2)))
  1375. goto end;
  1376. if (use_ext_cache) {
  1377. if (!TEST_int_eq(remove_called, 0))
  1378. goto end;
  1379. if (maxprot == TLS1_3_VERSION) {
  1380. if (!TEST_int_eq(new_called, 1)
  1381. || !TEST_int_eq(get_called, 0))
  1382. goto end;
  1383. } else {
  1384. if (!TEST_int_eq(new_called, 0)
  1385. || !TEST_int_eq(get_called, 1))
  1386. goto end;
  1387. }
  1388. }
  1389. testresult = 1;
  1390. end:
  1391. SSL_free(serverssl1);
  1392. SSL_free(clientssl1);
  1393. SSL_free(serverssl2);
  1394. SSL_free(clientssl2);
  1395. # ifndef OPENSSL_NO_TLS1_1
  1396. SSL_free(serverssl3);
  1397. SSL_free(clientssl3);
  1398. # endif
  1399. SSL_SESSION_free(sess1);
  1400. SSL_SESSION_free(sess2);
  1401. SSL_CTX_free(sctx);
  1402. SSL_CTX_free(cctx);
  1403. return testresult;
  1404. }
  1405. #endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
  1406. static int test_session_with_only_int_cache(void)
  1407. {
  1408. #ifndef OPENSSL_NO_TLS1_3
  1409. if (!execute_test_session(TLS1_3_VERSION, 1, 0))
  1410. return 0;
  1411. #endif
  1412. #ifndef OPENSSL_NO_TLS1_2
  1413. return execute_test_session(TLS1_2_VERSION, 1, 0);
  1414. #else
  1415. return 1;
  1416. #endif
  1417. }
  1418. static int test_session_with_only_ext_cache(void)
  1419. {
  1420. #ifndef OPENSSL_NO_TLS1_3
  1421. if (!execute_test_session(TLS1_3_VERSION, 0, 1))
  1422. return 0;
  1423. #endif
  1424. #ifndef OPENSSL_NO_TLS1_2
  1425. return execute_test_session(TLS1_2_VERSION, 0, 1);
  1426. #else
  1427. return 1;
  1428. #endif
  1429. }
  1430. static int test_session_with_both_cache(void)
  1431. {
  1432. #ifndef OPENSSL_NO_TLS1_3
  1433. if (!execute_test_session(TLS1_3_VERSION, 1, 1))
  1434. return 0;
  1435. #endif
  1436. #ifndef OPENSSL_NO_TLS1_2
  1437. return execute_test_session(TLS1_2_VERSION, 1, 1);
  1438. #else
  1439. return 1;
  1440. #endif
  1441. }
  1442. #ifndef OPENSSL_NO_TLS1_3
  1443. static SSL_SESSION *sesscache[6];
  1444. static int do_cache;
  1445. static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess)
  1446. {
  1447. if (do_cache) {
  1448. sesscache[new_called] = sess;
  1449. } else {
  1450. /* We don't need the reference to the session, so free it */
  1451. SSL_SESSION_free(sess);
  1452. }
  1453. new_called++;
  1454. return 1;
  1455. }
  1456. static int post_handshake_verify(SSL *sssl, SSL *cssl)
  1457. {
  1458. SSL_set_verify(sssl, SSL_VERIFY_PEER, NULL);
  1459. if (!TEST_true(SSL_verify_client_post_handshake(sssl)))
  1460. return 0;
  1461. /* Start handshake on the server and client */
  1462. if (!TEST_int_eq(SSL_do_handshake(sssl), 1)
  1463. || !TEST_int_le(SSL_read(cssl, NULL, 0), 0)
  1464. || !TEST_int_le(SSL_read(sssl, NULL, 0), 0)
  1465. || !TEST_true(create_ssl_connection(sssl, cssl,
  1466. SSL_ERROR_NONE)))
  1467. return 0;
  1468. return 1;
  1469. }
  1470. static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx,
  1471. SSL_CTX **cctx)
  1472. {
  1473. int sess_id_ctx = 1;
  1474. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  1475. TLS1_VERSION, 0, sctx,
  1476. cctx, cert, privkey))
  1477. || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx))
  1478. || !TEST_true(SSL_CTX_set_session_id_context(*sctx,
  1479. (void *)&sess_id_ctx,
  1480. sizeof(sess_id_ctx))))
  1481. return 0;
  1482. if (stateful)
  1483. SSL_CTX_set_options(*sctx, SSL_OP_NO_TICKET);
  1484. SSL_CTX_set_session_cache_mode(*cctx, SSL_SESS_CACHE_CLIENT
  1485. | SSL_SESS_CACHE_NO_INTERNAL_STORE);
  1486. SSL_CTX_sess_set_new_cb(*cctx, new_cachesession_cb);
  1487. return 1;
  1488. }
  1489. static int check_resumption(int idx, SSL_CTX *sctx, SSL_CTX *cctx, int succ)
  1490. {
  1491. SSL *serverssl = NULL, *clientssl = NULL;
  1492. int i;
  1493. /* Test that we can resume with all the tickets we got given */
  1494. for (i = 0; i < idx * 2; i++) {
  1495. new_called = 0;
  1496. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  1497. &clientssl, NULL, NULL))
  1498. || !TEST_true(SSL_set_session(clientssl, sesscache[i])))
  1499. goto end;
  1500. SSL_set_post_handshake_auth(clientssl, 1);
  1501. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  1502. SSL_ERROR_NONE)))
  1503. goto end;
  1504. /*
  1505. * Following a successful resumption we only get 1 ticket. After a
  1506. * failed one we should get idx tickets.
  1507. */
  1508. if (succ) {
  1509. if (!TEST_true(SSL_session_reused(clientssl))
  1510. || !TEST_int_eq(new_called, 1))
  1511. goto end;
  1512. } else {
  1513. if (!TEST_false(SSL_session_reused(clientssl))
  1514. || !TEST_int_eq(new_called, idx))
  1515. goto end;
  1516. }
  1517. new_called = 0;
  1518. /* After a post-handshake authentication we should get 1 new ticket */
  1519. if (succ
  1520. && (!post_handshake_verify(serverssl, clientssl)
  1521. || !TEST_int_eq(new_called, 1)))
  1522. goto end;
  1523. SSL_shutdown(clientssl);
  1524. SSL_shutdown(serverssl);
  1525. SSL_free(serverssl);
  1526. SSL_free(clientssl);
  1527. serverssl = clientssl = NULL;
  1528. SSL_SESSION_free(sesscache[i]);
  1529. sesscache[i] = NULL;
  1530. }
  1531. return 1;
  1532. end:
  1533. SSL_free(clientssl);
  1534. SSL_free(serverssl);
  1535. return 0;
  1536. }
  1537. static int test_tickets(int stateful, int idx)
  1538. {
  1539. SSL_CTX *sctx = NULL, *cctx = NULL;
  1540. SSL *serverssl = NULL, *clientssl = NULL;
  1541. int testresult = 0;
  1542. size_t j;
  1543. /* idx is the test number, but also the number of tickets we want */
  1544. new_called = 0;
  1545. do_cache = 1;
  1546. if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
  1547. goto end;
  1548. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  1549. &clientssl, NULL, NULL)))
  1550. goto end;
  1551. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  1552. SSL_ERROR_NONE))
  1553. /* Check we got the number of tickets we were expecting */
  1554. || !TEST_int_eq(idx, new_called))
  1555. goto end;
  1556. SSL_shutdown(clientssl);
  1557. SSL_shutdown(serverssl);
  1558. SSL_free(serverssl);
  1559. SSL_free(clientssl);
  1560. SSL_CTX_free(sctx);
  1561. SSL_CTX_free(cctx);
  1562. clientssl = serverssl = NULL;
  1563. sctx = cctx = NULL;
  1564. /*
  1565. * Now we try to resume with the tickets we previously created. The
  1566. * resumption attempt is expected to fail (because we're now using a new
  1567. * SSL_CTX). We should see idx number of tickets issued again.
  1568. */
  1569. /* Stop caching sessions - just count them */
  1570. do_cache = 0;
  1571. if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
  1572. goto end;
  1573. if (!check_resumption(idx, sctx, cctx, 0))
  1574. goto end;
  1575. /* Start again with caching sessions */
  1576. new_called = 0;
  1577. do_cache = 1;
  1578. SSL_CTX_free(sctx);
  1579. SSL_CTX_free(cctx);
  1580. sctx = cctx = NULL;
  1581. if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
  1582. goto end;
  1583. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  1584. &clientssl, NULL, NULL)))
  1585. goto end;
  1586. SSL_set_post_handshake_auth(clientssl, 1);
  1587. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  1588. SSL_ERROR_NONE))
  1589. /* Check we got the number of tickets we were expecting */
  1590. || !TEST_int_eq(idx, new_called))
  1591. goto end;
  1592. /* After a post-handshake authentication we should get new tickets issued */
  1593. if (!post_handshake_verify(serverssl, clientssl)
  1594. || !TEST_int_eq(idx * 2, new_called))
  1595. goto end;
  1596. SSL_shutdown(clientssl);
  1597. SSL_shutdown(serverssl);
  1598. SSL_free(serverssl);
  1599. SSL_free(clientssl);
  1600. serverssl = clientssl = NULL;
  1601. /* Stop caching sessions - just count them */
  1602. do_cache = 0;
  1603. /*
  1604. * Check we can resume with all the tickets we created. This time around the
  1605. * resumptions should all be successful.
  1606. */
  1607. if (!check_resumption(idx, sctx, cctx, 1))
  1608. goto end;
  1609. testresult = 1;
  1610. end:
  1611. SSL_free(serverssl);
  1612. SSL_free(clientssl);
  1613. for (j = 0; j < OSSL_NELEM(sesscache); j++) {
  1614. SSL_SESSION_free(sesscache[j]);
  1615. sesscache[j] = NULL;
  1616. }
  1617. SSL_CTX_free(sctx);
  1618. SSL_CTX_free(cctx);
  1619. return testresult;
  1620. }
  1621. static int test_stateless_tickets(int idx)
  1622. {
  1623. return test_tickets(0, idx);
  1624. }
  1625. static int test_stateful_tickets(int idx)
  1626. {
  1627. return test_tickets(1, idx);
  1628. }
  1629. static int test_psk_tickets(void)
  1630. {
  1631. SSL_CTX *sctx = NULL, *cctx = NULL;
  1632. SSL *serverssl = NULL, *clientssl = NULL;
  1633. int testresult = 0;
  1634. int sess_id_ctx = 1;
  1635. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  1636. TLS1_VERSION, 0, &sctx,
  1637. &cctx, NULL, NULL))
  1638. || !TEST_true(SSL_CTX_set_session_id_context(sctx,
  1639. (void *)&sess_id_ctx,
  1640. sizeof(sess_id_ctx))))
  1641. goto end;
  1642. SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT
  1643. | SSL_SESS_CACHE_NO_INTERNAL_STORE);
  1644. SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
  1645. SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
  1646. SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
  1647. use_session_cb_cnt = 0;
  1648. find_session_cb_cnt = 0;
  1649. srvid = pskid;
  1650. new_called = 0;
  1651. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  1652. NULL, NULL)))
  1653. goto end;
  1654. clientpsk = serverpsk = create_a_psk(clientssl);
  1655. if (!TEST_ptr(clientpsk))
  1656. goto end;
  1657. SSL_SESSION_up_ref(clientpsk);
  1658. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  1659. SSL_ERROR_NONE))
  1660. || !TEST_int_eq(1, find_session_cb_cnt)
  1661. || !TEST_int_eq(1, use_session_cb_cnt)
  1662. /* We should always get 1 ticket when using external PSK */
  1663. || !TEST_int_eq(1, new_called))
  1664. goto end;
  1665. testresult = 1;
  1666. end:
  1667. SSL_free(serverssl);
  1668. SSL_free(clientssl);
  1669. SSL_CTX_free(sctx);
  1670. SSL_CTX_free(cctx);
  1671. SSL_SESSION_free(clientpsk);
  1672. SSL_SESSION_free(serverpsk);
  1673. clientpsk = serverpsk = NULL;
  1674. return testresult;
  1675. }
  1676. #endif
  1677. #define USE_NULL 0
  1678. #define USE_BIO_1 1
  1679. #define USE_BIO_2 2
  1680. #define USE_DEFAULT 3
  1681. #define CONNTYPE_CONNECTION_SUCCESS 0
  1682. #define CONNTYPE_CONNECTION_FAIL 1
  1683. #define CONNTYPE_NO_CONNECTION 2
  1684. #define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
  1685. #define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2)
  1686. #if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2)
  1687. # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2)
  1688. #else
  1689. # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0
  1690. #endif
  1691. #define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \
  1692. + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \
  1693. + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS
  1694. static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
  1695. {
  1696. switch (type) {
  1697. case USE_NULL:
  1698. *res = NULL;
  1699. break;
  1700. case USE_BIO_1:
  1701. *res = bio1;
  1702. break;
  1703. case USE_BIO_2:
  1704. *res = bio2;
  1705. break;
  1706. }
  1707. }
  1708. /*
  1709. * Tests calls to SSL_set_bio() under various conditions.
  1710. *
  1711. * For the first 3 * 3 * 3 * 3 = 81 tests we do 2 calls to SSL_set_bio() with
  1712. * various combinations of valid BIOs or NULL being set for the rbio/wbio. We
  1713. * then do more tests where we create a successful connection first using our
  1714. * standard connection setup functions, and then call SSL_set_bio() with
  1715. * various combinations of valid BIOs or NULL. We then repeat these tests
  1716. * following a failed connection. In this last case we are looking to check that
  1717. * SSL_set_bio() functions correctly in the case where s->bbio is not NULL.
  1718. */
  1719. static int test_ssl_set_bio(int idx)
  1720. {
  1721. SSL_CTX *sctx = NULL, *cctx = NULL;
  1722. BIO *bio1 = NULL;
  1723. BIO *bio2 = NULL;
  1724. BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
  1725. SSL *serverssl = NULL, *clientssl = NULL;
  1726. int initrbio, initwbio, newrbio, newwbio, conntype;
  1727. int testresult = 0;
  1728. if (idx < TOTAL_NO_CONN_SSL_SET_BIO_TESTS) {
  1729. initrbio = idx % 3;
  1730. idx /= 3;
  1731. initwbio = idx % 3;
  1732. idx /= 3;
  1733. newrbio = idx % 3;
  1734. idx /= 3;
  1735. newwbio = idx % 3;
  1736. conntype = CONNTYPE_NO_CONNECTION;
  1737. } else {
  1738. idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS;
  1739. initrbio = initwbio = USE_DEFAULT;
  1740. newrbio = idx % 2;
  1741. idx /= 2;
  1742. newwbio = idx % 2;
  1743. idx /= 2;
  1744. conntype = idx % 2;
  1745. }
  1746. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  1747. TLS1_VERSION, 0,
  1748. &sctx, &cctx, cert, privkey)))
  1749. goto end;
  1750. if (conntype == CONNTYPE_CONNECTION_FAIL) {
  1751. /*
  1752. * We won't ever get here if either TLSv1.3 or TLSv1.2 is disabled
  1753. * because we reduced the number of tests in the definition of
  1754. * TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS to avoid this scenario. By setting
  1755. * mismatched protocol versions we will force a connection failure.
  1756. */
  1757. SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION);
  1758. SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
  1759. }
  1760. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  1761. NULL, NULL)))
  1762. goto end;
  1763. if (initrbio == USE_BIO_1
  1764. || initwbio == USE_BIO_1
  1765. || newrbio == USE_BIO_1
  1766. || newwbio == USE_BIO_1) {
  1767. if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
  1768. goto end;
  1769. }
  1770. if (initrbio == USE_BIO_2
  1771. || initwbio == USE_BIO_2
  1772. || newrbio == USE_BIO_2
  1773. || newwbio == USE_BIO_2) {
  1774. if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
  1775. goto end;
  1776. }
  1777. if (initrbio != USE_DEFAULT) {
  1778. setupbio(&irbio, bio1, bio2, initrbio);
  1779. setupbio(&iwbio, bio1, bio2, initwbio);
  1780. SSL_set_bio(clientssl, irbio, iwbio);
  1781. /*
  1782. * We want to maintain our own refs to these BIO, so do an up ref for
  1783. * each BIO that will have ownership transferred in the SSL_set_bio()
  1784. * call
  1785. */
  1786. if (irbio != NULL)
  1787. BIO_up_ref(irbio);
  1788. if (iwbio != NULL && iwbio != irbio)
  1789. BIO_up_ref(iwbio);
  1790. }
  1791. if (conntype != CONNTYPE_NO_CONNECTION
  1792. && !TEST_true(create_ssl_connection(serverssl, clientssl,
  1793. SSL_ERROR_NONE)
  1794. == (conntype == CONNTYPE_CONNECTION_SUCCESS)))
  1795. goto end;
  1796. setupbio(&nrbio, bio1, bio2, newrbio);
  1797. setupbio(&nwbio, bio1, bio2, newwbio);
  1798. /*
  1799. * We will (maybe) transfer ownership again so do more up refs.
  1800. * SSL_set_bio() has some really complicated ownership rules where BIOs have
  1801. * already been set!
  1802. */
  1803. if (nrbio != NULL
  1804. && nrbio != irbio
  1805. && (nwbio != iwbio || nrbio != nwbio))
  1806. BIO_up_ref(nrbio);
  1807. if (nwbio != NULL
  1808. && nwbio != nrbio
  1809. && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
  1810. BIO_up_ref(nwbio);
  1811. SSL_set_bio(clientssl, nrbio, nwbio);
  1812. testresult = 1;
  1813. end:
  1814. BIO_free(bio1);
  1815. BIO_free(bio2);
  1816. /*
  1817. * This test is checking that the ref counting for SSL_set_bio is correct.
  1818. * If we get here and we did too many frees then we will fail in the above
  1819. * functions. If we haven't done enough then this will only be detected in
  1820. * a crypto-mdebug build
  1821. */
  1822. SSL_free(serverssl);
  1823. SSL_free(clientssl);
  1824. SSL_CTX_free(sctx);
  1825. SSL_CTX_free(cctx);
  1826. return testresult;
  1827. }
  1828. typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t;
  1829. static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
  1830. {
  1831. BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
  1832. SSL_CTX *ctx;
  1833. SSL *ssl = NULL;
  1834. int testresult = 0;
  1835. if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
  1836. || !TEST_ptr(ssl = SSL_new(ctx))
  1837. || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
  1838. || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
  1839. goto end;
  1840. BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
  1841. /*
  1842. * If anything goes wrong here then we could leak memory, so this will
  1843. * be caught in a crypto-mdebug build
  1844. */
  1845. BIO_push(sslbio, membio1);
  1846. /* Verify changing the rbio/wbio directly does not cause leaks */
  1847. if (change_bio != NO_BIO_CHANGE) {
  1848. if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
  1849. goto end;
  1850. if (change_bio == CHANGE_RBIO)
  1851. SSL_set0_rbio(ssl, membio2);
  1852. else
  1853. SSL_set0_wbio(ssl, membio2);
  1854. }
  1855. ssl = NULL;
  1856. if (pop_ssl)
  1857. BIO_pop(sslbio);
  1858. else
  1859. BIO_pop(membio1);
  1860. testresult = 1;
  1861. end:
  1862. BIO_free(membio1);
  1863. BIO_free(sslbio);
  1864. SSL_free(ssl);
  1865. SSL_CTX_free(ctx);
  1866. return testresult;
  1867. }
  1868. static int test_ssl_bio_pop_next_bio(void)
  1869. {
  1870. return execute_test_ssl_bio(0, NO_BIO_CHANGE);
  1871. }
  1872. static int test_ssl_bio_pop_ssl_bio(void)
  1873. {
  1874. return execute_test_ssl_bio(1, NO_BIO_CHANGE);
  1875. }
  1876. static int test_ssl_bio_change_rbio(void)
  1877. {
  1878. return execute_test_ssl_bio(0, CHANGE_RBIO);
  1879. }
  1880. static int test_ssl_bio_change_wbio(void)
  1881. {
  1882. return execute_test_ssl_bio(0, CHANGE_WBIO);
  1883. }
  1884. #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
  1885. typedef struct {
  1886. /* The list of sig algs */
  1887. const int *list;
  1888. /* The length of the list */
  1889. size_t listlen;
  1890. /* A sigalgs list in string format */
  1891. const char *liststr;
  1892. /* Whether setting the list should succeed */
  1893. int valid;
  1894. /* Whether creating a connection with the list should succeed */
  1895. int connsuccess;
  1896. } sigalgs_list;
  1897. static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
  1898. # ifndef OPENSSL_NO_EC
  1899. static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
  1900. static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
  1901. # endif
  1902. static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
  1903. static const int invalidlist2[] = {NID_sha256, NID_undef};
  1904. static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
  1905. static const int invalidlist4[] = {NID_sha256};
  1906. static const sigalgs_list testsigalgs[] = {
  1907. {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
  1908. # ifndef OPENSSL_NO_EC
  1909. {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
  1910. {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
  1911. # endif
  1912. {NULL, 0, "RSA+SHA256", 1, 1},
  1913. # ifndef OPENSSL_NO_EC
  1914. {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
  1915. {NULL, 0, "ECDSA+SHA512", 1, 0},
  1916. # endif
  1917. {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
  1918. {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
  1919. {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
  1920. {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
  1921. {NULL, 0, "RSA", 0, 0},
  1922. {NULL, 0, "SHA256", 0, 0},
  1923. {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
  1924. {NULL, 0, "Invalid", 0, 0}
  1925. };
  1926. static int test_set_sigalgs(int idx)
  1927. {
  1928. SSL_CTX *cctx = NULL, *sctx = NULL;
  1929. SSL *clientssl = NULL, *serverssl = NULL;
  1930. int testresult = 0;
  1931. const sigalgs_list *curr;
  1932. int testctx;
  1933. /* Should never happen */
  1934. if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
  1935. return 0;
  1936. testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
  1937. curr = testctx ? &testsigalgs[idx]
  1938. : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
  1939. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  1940. TLS1_VERSION, 0,
  1941. &sctx, &cctx, cert, privkey)))
  1942. return 0;
  1943. /*
  1944. * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
  1945. * for TLSv1.2 for now until we add a new API.
  1946. */
  1947. SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
  1948. if (testctx) {
  1949. int ret;
  1950. if (curr->list != NULL)
  1951. ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
  1952. else
  1953. ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
  1954. if (!ret) {
  1955. if (curr->valid)
  1956. TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
  1957. else
  1958. testresult = 1;
  1959. goto end;
  1960. }
  1961. if (!curr->valid) {
  1962. TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
  1963. goto end;
  1964. }
  1965. }
  1966. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  1967. &clientssl, NULL, NULL)))
  1968. goto end;
  1969. if (!testctx) {
  1970. int ret;
  1971. if (curr->list != NULL)
  1972. ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
  1973. else
  1974. ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
  1975. if (!ret) {
  1976. if (curr->valid)
  1977. TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
  1978. else
  1979. testresult = 1;
  1980. goto end;
  1981. }
  1982. if (!curr->valid)
  1983. goto end;
  1984. }
  1985. if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
  1986. SSL_ERROR_NONE),
  1987. curr->connsuccess))
  1988. goto end;
  1989. testresult = 1;
  1990. end:
  1991. SSL_free(serverssl);
  1992. SSL_free(clientssl);
  1993. SSL_CTX_free(sctx);
  1994. SSL_CTX_free(cctx);
  1995. return testresult;
  1996. }
  1997. #endif
  1998. #ifndef OPENSSL_NO_TLS1_3
  1999. static int psk_client_cb_cnt = 0;
  2000. static int psk_server_cb_cnt = 0;
  2001. static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
  2002. size_t *idlen, SSL_SESSION **sess)
  2003. {
  2004. switch (++use_session_cb_cnt) {
  2005. case 1:
  2006. /* The first call should always have a NULL md */
  2007. if (md != NULL)
  2008. return 0;
  2009. break;
  2010. case 2:
  2011. /* The second call should always have an md */
  2012. if (md == NULL)
  2013. return 0;
  2014. break;
  2015. default:
  2016. /* We should only be called a maximum of twice */
  2017. return 0;
  2018. }
  2019. if (clientpsk != NULL)
  2020. SSL_SESSION_up_ref(clientpsk);
  2021. *sess = clientpsk;
  2022. *id = (const unsigned char *)pskid;
  2023. *idlen = strlen(pskid);
  2024. return 1;
  2025. }
  2026. #ifndef OPENSSL_NO_PSK
  2027. static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id,
  2028. unsigned int max_id_len,
  2029. unsigned char *psk,
  2030. unsigned int max_psk_len)
  2031. {
  2032. unsigned int psklen = 0;
  2033. psk_client_cb_cnt++;
  2034. if (strlen(pskid) + 1 > max_id_len)
  2035. return 0;
  2036. /* We should only ever be called a maximum of twice per connection */
  2037. if (psk_client_cb_cnt > 2)
  2038. return 0;
  2039. if (clientpsk == NULL)
  2040. return 0;
  2041. /* We'll reuse the PSK we set up for TLSv1.3 */
  2042. if (SSL_SESSION_get_master_key(clientpsk, NULL, 0) > max_psk_len)
  2043. return 0;
  2044. psklen = SSL_SESSION_get_master_key(clientpsk, psk, max_psk_len);
  2045. strncpy(id, pskid, max_id_len);
  2046. return psklen;
  2047. }
  2048. #endif /* OPENSSL_NO_PSK */
  2049. static int find_session_cb(SSL *ssl, const unsigned char *identity,
  2050. size_t identity_len, SSL_SESSION **sess)
  2051. {
  2052. find_session_cb_cnt++;
  2053. /* We should only ever be called a maximum of twice per connection */
  2054. if (find_session_cb_cnt > 2)
  2055. return 0;
  2056. if (serverpsk == NULL)
  2057. return 0;
  2058. /* Identity should match that set by the client */
  2059. if (strlen(srvid) != identity_len
  2060. || strncmp(srvid, (const char *)identity, identity_len) != 0) {
  2061. /* No PSK found, continue but without a PSK */
  2062. *sess = NULL;
  2063. return 1;
  2064. }
  2065. SSL_SESSION_up_ref(serverpsk);
  2066. *sess = serverpsk;
  2067. return 1;
  2068. }
  2069. #ifndef OPENSSL_NO_PSK
  2070. static unsigned int psk_server_cb(SSL *ssl, const char *identity,
  2071. unsigned char *psk, unsigned int max_psk_len)
  2072. {
  2073. unsigned int psklen = 0;
  2074. psk_server_cb_cnt++;
  2075. /* We should only ever be called a maximum of twice per connection */
  2076. if (find_session_cb_cnt > 2)
  2077. return 0;
  2078. if (serverpsk == NULL)
  2079. return 0;
  2080. /* Identity should match that set by the client */
  2081. if (strcmp(srvid, identity) != 0) {
  2082. return 0;
  2083. }
  2084. /* We'll reuse the PSK we set up for TLSv1.3 */
  2085. if (SSL_SESSION_get_master_key(serverpsk, NULL, 0) > max_psk_len)
  2086. return 0;
  2087. psklen = SSL_SESSION_get_master_key(serverpsk, psk, max_psk_len);
  2088. return psklen;
  2089. }
  2090. #endif /* OPENSSL_NO_PSK */
  2091. #define MSG1 "Hello"
  2092. #define MSG2 "World."
  2093. #define MSG3 "This"
  2094. #define MSG4 "is"
  2095. #define MSG5 "a"
  2096. #define MSG6 "test"
  2097. #define MSG7 "message."
  2098. #define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
  2099. #define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
  2100. static SSL_SESSION *create_a_psk(SSL *ssl)
  2101. {
  2102. const SSL_CIPHER *cipher = NULL;
  2103. const unsigned char key[] = {
  2104. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
  2105. 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
  2106. 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
  2107. 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
  2108. 0x2c, 0x2d, 0x2e, 0x2f
  2109. };
  2110. SSL_SESSION *sess = NULL;
  2111. cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
  2112. sess = SSL_SESSION_new();
  2113. if (!TEST_ptr(sess)
  2114. || !TEST_ptr(cipher)
  2115. || !TEST_true(SSL_SESSION_set1_master_key(sess, key,
  2116. sizeof(key)))
  2117. || !TEST_true(SSL_SESSION_set_cipher(sess, cipher))
  2118. || !TEST_true(
  2119. SSL_SESSION_set_protocol_version(sess,
  2120. TLS1_3_VERSION))) {
  2121. SSL_SESSION_free(sess);
  2122. return NULL;
  2123. }
  2124. return sess;
  2125. }
  2126. /*
  2127. * Helper method to setup objects for early data test. Caller frees objects on
  2128. * error.
  2129. */
  2130. static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
  2131. SSL **serverssl, SSL_SESSION **sess, int idx)
  2132. {
  2133. if (*sctx == NULL
  2134. && !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  2135. TLS_client_method(),
  2136. TLS1_VERSION, 0,
  2137. sctx, cctx, cert, privkey)))
  2138. return 0;
  2139. if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH)))
  2140. return 0;
  2141. if (idx == 1) {
  2142. /* When idx == 1 we repeat the tests with read_ahead set */
  2143. SSL_CTX_set_read_ahead(*cctx, 1);
  2144. SSL_CTX_set_read_ahead(*sctx, 1);
  2145. } else if (idx == 2) {
  2146. /* When idx == 2 we are doing early_data with a PSK. Set up callbacks */
  2147. SSL_CTX_set_psk_use_session_callback(*cctx, use_session_cb);
  2148. SSL_CTX_set_psk_find_session_callback(*sctx, find_session_cb);
  2149. use_session_cb_cnt = 0;
  2150. find_session_cb_cnt = 0;
  2151. srvid = pskid;
  2152. }
  2153. if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
  2154. NULL, NULL)))
  2155. return 0;
  2156. /*
  2157. * For one of the run throughs (doesn't matter which one), we'll try sending
  2158. * some SNI data in the initial ClientHello. This will be ignored (because
  2159. * there is no SNI cb set up by the server), so it should not impact
  2160. * early_data.
  2161. */
  2162. if (idx == 1
  2163. && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost")))
  2164. return 0;
  2165. if (idx == 2) {
  2166. clientpsk = create_a_psk(*clientssl);
  2167. if (!TEST_ptr(clientpsk)
  2168. /*
  2169. * We just choose an arbitrary value for max_early_data which
  2170. * should be big enough for testing purposes.
  2171. */
  2172. || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk,
  2173. 0x100))
  2174. || !TEST_true(SSL_SESSION_up_ref(clientpsk))) {
  2175. SSL_SESSION_free(clientpsk);
  2176. clientpsk = NULL;
  2177. return 0;
  2178. }
  2179. serverpsk = clientpsk;
  2180. if (sess != NULL) {
  2181. if (!TEST_true(SSL_SESSION_up_ref(clientpsk))) {
  2182. SSL_SESSION_free(clientpsk);
  2183. SSL_SESSION_free(serverpsk);
  2184. clientpsk = serverpsk = NULL;
  2185. return 0;
  2186. }
  2187. *sess = clientpsk;
  2188. }
  2189. return 1;
  2190. }
  2191. if (sess == NULL)
  2192. return 1;
  2193. if (!TEST_true(create_ssl_connection(*serverssl, *clientssl,
  2194. SSL_ERROR_NONE)))
  2195. return 0;
  2196. *sess = SSL_get1_session(*clientssl);
  2197. SSL_shutdown(*clientssl);
  2198. SSL_shutdown(*serverssl);
  2199. SSL_free(*serverssl);
  2200. SSL_free(*clientssl);
  2201. *serverssl = *clientssl = NULL;
  2202. if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
  2203. clientssl, NULL, NULL))
  2204. || !TEST_true(SSL_set_session(*clientssl, *sess)))
  2205. return 0;
  2206. return 1;
  2207. }
  2208. static int test_early_data_read_write(int idx)
  2209. {
  2210. SSL_CTX *cctx = NULL, *sctx = NULL;
  2211. SSL *clientssl = NULL, *serverssl = NULL;
  2212. int testresult = 0;
  2213. SSL_SESSION *sess = NULL;
  2214. unsigned char buf[20], data[1024];
  2215. size_t readbytes, written, eoedlen, rawread, rawwritten;
  2216. BIO *rbio;
  2217. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
  2218. &serverssl, &sess, idx)))
  2219. goto end;
  2220. /* Write and read some early data */
  2221. if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
  2222. &written))
  2223. || !TEST_size_t_eq(written, strlen(MSG1))
  2224. || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
  2225. sizeof(buf), &readbytes),
  2226. SSL_READ_EARLY_DATA_SUCCESS)
  2227. || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
  2228. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  2229. SSL_EARLY_DATA_ACCEPTED))
  2230. goto end;
  2231. /*
  2232. * Server should be able to write data, and client should be able to
  2233. * read it.
  2234. */
  2235. if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
  2236. &written))
  2237. || !TEST_size_t_eq(written, strlen(MSG2))
  2238. || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
  2239. || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
  2240. goto end;
  2241. /* Even after reading normal data, client should be able write early data */
  2242. if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
  2243. &written))
  2244. || !TEST_size_t_eq(written, strlen(MSG3)))
  2245. goto end;
  2246. /* Server should still be able read early data after writing data */
  2247. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2248. &readbytes),
  2249. SSL_READ_EARLY_DATA_SUCCESS)
  2250. || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
  2251. goto end;
  2252. /* Write more data from server and read it from client */
  2253. if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
  2254. &written))
  2255. || !TEST_size_t_eq(written, strlen(MSG4))
  2256. || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
  2257. || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
  2258. goto end;
  2259. /*
  2260. * If client writes normal data it should mean writing early data is no
  2261. * longer possible.
  2262. */
  2263. if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
  2264. || !TEST_size_t_eq(written, strlen(MSG5))
  2265. || !TEST_int_eq(SSL_get_early_data_status(clientssl),
  2266. SSL_EARLY_DATA_ACCEPTED))
  2267. goto end;
  2268. /*
  2269. * At this point the client has written EndOfEarlyData, ClientFinished and
  2270. * normal (fully protected) data. We are going to cause a delay between the
  2271. * arrival of EndOfEarlyData and ClientFinished. We read out all the data
  2272. * in the read BIO, and then just put back the EndOfEarlyData message.
  2273. */
  2274. rbio = SSL_get_rbio(serverssl);
  2275. if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
  2276. || !TEST_size_t_lt(rawread, sizeof(data))
  2277. || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
  2278. goto end;
  2279. /* Record length is in the 4th and 5th bytes of the record header */
  2280. eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
  2281. if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
  2282. || !TEST_size_t_eq(rawwritten, eoedlen))
  2283. goto end;
  2284. /* Server should be told that there is no more early data */
  2285. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2286. &readbytes),
  2287. SSL_READ_EARLY_DATA_FINISH)
  2288. || !TEST_size_t_eq(readbytes, 0))
  2289. goto end;
  2290. /*
  2291. * Server has not finished init yet, so should still be able to write early
  2292. * data.
  2293. */
  2294. if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
  2295. &written))
  2296. || !TEST_size_t_eq(written, strlen(MSG6)))
  2297. goto end;
  2298. /* Push the ClientFinished and the normal data back into the server rbio */
  2299. if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
  2300. &rawwritten))
  2301. || !TEST_size_t_eq(rawwritten, rawread - eoedlen))
  2302. goto end;
  2303. /* Server should be able to read normal data */
  2304. if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
  2305. || !TEST_size_t_eq(readbytes, strlen(MSG5)))
  2306. goto end;
  2307. /* Client and server should not be able to write/read early data now */
  2308. if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
  2309. &written)))
  2310. goto end;
  2311. ERR_clear_error();
  2312. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2313. &readbytes),
  2314. SSL_READ_EARLY_DATA_ERROR))
  2315. goto end;
  2316. ERR_clear_error();
  2317. /* Client should be able to read the data sent by the server */
  2318. if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
  2319. || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
  2320. goto end;
  2321. /*
  2322. * Make sure we process the two NewSessionTickets. These arrive
  2323. * post-handshake. We attempt reads which we do not expect to return any
  2324. * data.
  2325. */
  2326. if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
  2327. || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf),
  2328. &readbytes)))
  2329. goto end;
  2330. /* Server should be able to write normal data */
  2331. if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
  2332. || !TEST_size_t_eq(written, strlen(MSG7))
  2333. || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
  2334. || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
  2335. goto end;
  2336. SSL_SESSION_free(sess);
  2337. sess = SSL_get1_session(clientssl);
  2338. use_session_cb_cnt = 0;
  2339. find_session_cb_cnt = 0;
  2340. SSL_shutdown(clientssl);
  2341. SSL_shutdown(serverssl);
  2342. SSL_free(serverssl);
  2343. SSL_free(clientssl);
  2344. serverssl = clientssl = NULL;
  2345. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  2346. &clientssl, NULL, NULL))
  2347. || !TEST_true(SSL_set_session(clientssl, sess)))
  2348. goto end;
  2349. /* Write and read some early data */
  2350. if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
  2351. &written))
  2352. || !TEST_size_t_eq(written, strlen(MSG1))
  2353. || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2354. &readbytes),
  2355. SSL_READ_EARLY_DATA_SUCCESS)
  2356. || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
  2357. goto end;
  2358. if (!TEST_int_gt(SSL_connect(clientssl), 0)
  2359. || !TEST_int_gt(SSL_accept(serverssl), 0))
  2360. goto end;
  2361. /* Client and server should not be able to write/read early data now */
  2362. if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
  2363. &written)))
  2364. goto end;
  2365. ERR_clear_error();
  2366. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2367. &readbytes),
  2368. SSL_READ_EARLY_DATA_ERROR))
  2369. goto end;
  2370. ERR_clear_error();
  2371. /* Client and server should be able to write/read normal data */
  2372. if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
  2373. || !TEST_size_t_eq(written, strlen(MSG5))
  2374. || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
  2375. || !TEST_size_t_eq(readbytes, strlen(MSG5)))
  2376. goto end;
  2377. testresult = 1;
  2378. end:
  2379. SSL_SESSION_free(sess);
  2380. SSL_SESSION_free(clientpsk);
  2381. SSL_SESSION_free(serverpsk);
  2382. clientpsk = serverpsk = NULL;
  2383. SSL_free(serverssl);
  2384. SSL_free(clientssl);
  2385. SSL_CTX_free(sctx);
  2386. SSL_CTX_free(cctx);
  2387. return testresult;
  2388. }
  2389. static int allow_ed_cb_called = 0;
  2390. static int allow_early_data_cb(SSL *s, void *arg)
  2391. {
  2392. int *usecb = (int *)arg;
  2393. allow_ed_cb_called++;
  2394. if (*usecb == 1)
  2395. return 0;
  2396. return 1;
  2397. }
  2398. /*
  2399. * idx == 0: Standard early_data setup
  2400. * idx == 1: early_data setup using read_ahead
  2401. * usecb == 0: Don't use a custom early data callback
  2402. * usecb == 1: Use a custom early data callback and reject the early data
  2403. * usecb == 2: Use a custom early data callback and accept the early data
  2404. * confopt == 0: Configure anti-replay directly
  2405. * confopt == 1: Configure anti-replay using SSL_CONF
  2406. */
  2407. static int test_early_data_replay_int(int idx, int usecb, int confopt)
  2408. {
  2409. SSL_CTX *cctx = NULL, *sctx = NULL;
  2410. SSL *clientssl = NULL, *serverssl = NULL;
  2411. int testresult = 0;
  2412. SSL_SESSION *sess = NULL;
  2413. size_t readbytes, written;
  2414. unsigned char buf[20];
  2415. allow_ed_cb_called = 0;
  2416. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  2417. TLS1_VERSION, 0, &sctx,
  2418. &cctx, cert, privkey)))
  2419. return 0;
  2420. if (usecb > 0) {
  2421. if (confopt == 0) {
  2422. SSL_CTX_set_options(sctx, SSL_OP_NO_ANTI_REPLAY);
  2423. } else {
  2424. SSL_CONF_CTX *confctx = SSL_CONF_CTX_new();
  2425. if (!TEST_ptr(confctx))
  2426. goto end;
  2427. SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE
  2428. | SSL_CONF_FLAG_SERVER);
  2429. SSL_CONF_CTX_set_ssl_ctx(confctx, sctx);
  2430. if (!TEST_int_eq(SSL_CONF_cmd(confctx, "Options", "-AntiReplay"),
  2431. 2)) {
  2432. SSL_CONF_CTX_free(confctx);
  2433. goto end;
  2434. }
  2435. SSL_CONF_CTX_free(confctx);
  2436. }
  2437. SSL_CTX_set_allow_early_data_cb(sctx, allow_early_data_cb, &usecb);
  2438. }
  2439. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
  2440. &serverssl, &sess, idx)))
  2441. goto end;
  2442. /*
  2443. * The server is configured to accept early data. Create a connection to
  2444. * "use up" the ticket
  2445. */
  2446. if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
  2447. || !TEST_true(SSL_session_reused(clientssl)))
  2448. goto end;
  2449. SSL_shutdown(clientssl);
  2450. SSL_shutdown(serverssl);
  2451. SSL_free(serverssl);
  2452. SSL_free(clientssl);
  2453. serverssl = clientssl = NULL;
  2454. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  2455. &clientssl, NULL, NULL))
  2456. || !TEST_true(SSL_set_session(clientssl, sess)))
  2457. goto end;
  2458. /* Write and read some early data */
  2459. if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
  2460. &written))
  2461. || !TEST_size_t_eq(written, strlen(MSG1)))
  2462. goto end;
  2463. if (usecb <= 1) {
  2464. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2465. &readbytes),
  2466. SSL_READ_EARLY_DATA_FINISH)
  2467. /*
  2468. * The ticket was reused, so the we should have rejected the
  2469. * early data
  2470. */
  2471. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  2472. SSL_EARLY_DATA_REJECTED))
  2473. goto end;
  2474. } else {
  2475. /* In this case the callback decides to accept the early data */
  2476. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2477. &readbytes),
  2478. SSL_READ_EARLY_DATA_SUCCESS)
  2479. || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
  2480. /*
  2481. * Server will have sent its flight so client can now send
  2482. * end of early data and complete its half of the handshake
  2483. */
  2484. || !TEST_int_gt(SSL_connect(clientssl), 0)
  2485. || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2486. &readbytes),
  2487. SSL_READ_EARLY_DATA_FINISH)
  2488. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  2489. SSL_EARLY_DATA_ACCEPTED))
  2490. goto end;
  2491. }
  2492. /* Complete the connection */
  2493. if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
  2494. || !TEST_int_eq(SSL_session_reused(clientssl), (usecb > 0) ? 1 : 0)
  2495. || !TEST_int_eq(allow_ed_cb_called, usecb > 0 ? 1 : 0))
  2496. goto end;
  2497. testresult = 1;
  2498. end:
  2499. SSL_SESSION_free(sess);
  2500. SSL_SESSION_free(clientpsk);
  2501. SSL_SESSION_free(serverpsk);
  2502. clientpsk = serverpsk = NULL;
  2503. SSL_free(serverssl);
  2504. SSL_free(clientssl);
  2505. SSL_CTX_free(sctx);
  2506. SSL_CTX_free(cctx);
  2507. return testresult;
  2508. }
  2509. static int test_early_data_replay(int idx)
  2510. {
  2511. int ret = 1, usecb, confopt;
  2512. for (usecb = 0; usecb < 3; usecb++) {
  2513. for (confopt = 0; confopt < 2; confopt++)
  2514. ret &= test_early_data_replay_int(idx, usecb, confopt);
  2515. }
  2516. return ret;
  2517. }
  2518. /*
  2519. * Helper function to test that a server attempting to read early data can
  2520. * handle a connection from a client where the early data should be skipped.
  2521. * testtype: 0 == No HRR
  2522. * testtype: 1 == HRR
  2523. * testtype: 2 == HRR, invalid early_data sent after HRR
  2524. * testtype: 3 == recv_max_early_data set to 0
  2525. */
  2526. static int early_data_skip_helper(int testtype, int idx)
  2527. {
  2528. SSL_CTX *cctx = NULL, *sctx = NULL;
  2529. SSL *clientssl = NULL, *serverssl = NULL;
  2530. int testresult = 0;
  2531. SSL_SESSION *sess = NULL;
  2532. unsigned char buf[20];
  2533. size_t readbytes, written;
  2534. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
  2535. &serverssl, &sess, idx)))
  2536. goto end;
  2537. if (testtype == 1 || testtype == 2) {
  2538. /* Force an HRR to occur */
  2539. #if defined(OPENSSL_NO_EC)
  2540. if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
  2541. goto end;
  2542. #else
  2543. if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
  2544. goto end;
  2545. #endif
  2546. } else if (idx == 2) {
  2547. /*
  2548. * We force early_data rejection by ensuring the PSK identity is
  2549. * unrecognised
  2550. */
  2551. srvid = "Dummy Identity";
  2552. } else {
  2553. /*
  2554. * Deliberately corrupt the creation time. We take 20 seconds off the
  2555. * time. It could be any value as long as it is not within tolerance.
  2556. * This should mean the ticket is rejected.
  2557. */
  2558. if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20))))
  2559. goto end;
  2560. }
  2561. if (testtype == 3
  2562. && !TEST_true(SSL_set_recv_max_early_data(serverssl, 0)))
  2563. goto end;
  2564. /* Write some early data */
  2565. if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
  2566. &written))
  2567. || !TEST_size_t_eq(written, strlen(MSG1)))
  2568. goto end;
  2569. /* Server should reject the early data */
  2570. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2571. &readbytes),
  2572. SSL_READ_EARLY_DATA_FINISH)
  2573. || !TEST_size_t_eq(readbytes, 0)
  2574. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  2575. SSL_EARLY_DATA_REJECTED))
  2576. goto end;
  2577. switch (testtype) {
  2578. case 0:
  2579. /* Nothing to do */
  2580. break;
  2581. case 1:
  2582. /*
  2583. * Finish off the handshake. We perform the same writes and reads as
  2584. * further down but we expect them to fail due to the incomplete
  2585. * handshake.
  2586. */
  2587. if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
  2588. || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf),
  2589. &readbytes)))
  2590. goto end;
  2591. break;
  2592. case 2:
  2593. {
  2594. BIO *wbio = SSL_get_wbio(clientssl);
  2595. /* A record that will appear as bad early_data */
  2596. const unsigned char bad_early_data[] = {
  2597. 0x17, 0x03, 0x03, 0x00, 0x01, 0x00
  2598. };
  2599. /*
  2600. * We force the client to attempt a write. This will fail because
  2601. * we're still in the handshake. It will cause the second
  2602. * ClientHello to be sent.
  2603. */
  2604. if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2),
  2605. &written)))
  2606. goto end;
  2607. /*
  2608. * Inject some early_data after the second ClientHello. This should
  2609. * cause the server to fail
  2610. */
  2611. if (!TEST_true(BIO_write_ex(wbio, bad_early_data,
  2612. sizeof(bad_early_data), &written)))
  2613. goto end;
  2614. }
  2615. /* fallthrough */
  2616. case 3:
  2617. /*
  2618. * This client has sent more early_data than we are willing to skip
  2619. * (case 3) or sent invalid early_data (case 2) so the connection should
  2620. * abort.
  2621. */
  2622. if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
  2623. || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL))
  2624. goto end;
  2625. /* Connection has failed - nothing more to do */
  2626. testresult = 1;
  2627. goto end;
  2628. default:
  2629. TEST_error("Invalid test type");
  2630. goto end;
  2631. }
  2632. /*
  2633. * Should be able to send normal data despite rejection of early data. The
  2634. * early_data should be skipped.
  2635. */
  2636. if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
  2637. || !TEST_size_t_eq(written, strlen(MSG2))
  2638. || !TEST_int_eq(SSL_get_early_data_status(clientssl),
  2639. SSL_EARLY_DATA_REJECTED)
  2640. || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
  2641. || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
  2642. goto end;
  2643. testresult = 1;
  2644. end:
  2645. SSL_SESSION_free(clientpsk);
  2646. SSL_SESSION_free(serverpsk);
  2647. clientpsk = serverpsk = NULL;
  2648. SSL_SESSION_free(sess);
  2649. SSL_free(serverssl);
  2650. SSL_free(clientssl);
  2651. SSL_CTX_free(sctx);
  2652. SSL_CTX_free(cctx);
  2653. return testresult;
  2654. }
  2655. /*
  2656. * Test that a server attempting to read early data can handle a connection
  2657. * from a client where the early data is not acceptable.
  2658. */
  2659. static int test_early_data_skip(int idx)
  2660. {
  2661. return early_data_skip_helper(0, idx);
  2662. }
  2663. /*
  2664. * Test that a server attempting to read early data can handle a connection
  2665. * from a client where an HRR occurs.
  2666. */
  2667. static int test_early_data_skip_hrr(int idx)
  2668. {
  2669. return early_data_skip_helper(1, idx);
  2670. }
  2671. /*
  2672. * Test that a server attempting to read early data can handle a connection
  2673. * from a client where an HRR occurs and correctly fails if early_data is sent
  2674. * after the HRR
  2675. */
  2676. static int test_early_data_skip_hrr_fail(int idx)
  2677. {
  2678. return early_data_skip_helper(2, idx);
  2679. }
  2680. /*
  2681. * Test that a server attempting to read early data will abort if it tries to
  2682. * skip over too much.
  2683. */
  2684. static int test_early_data_skip_abort(int idx)
  2685. {
  2686. return early_data_skip_helper(3, idx);
  2687. }
  2688. /*
  2689. * Test that a server attempting to read early data can handle a connection
  2690. * from a client that doesn't send any.
  2691. */
  2692. static int test_early_data_not_sent(int idx)
  2693. {
  2694. SSL_CTX *cctx = NULL, *sctx = NULL;
  2695. SSL *clientssl = NULL, *serverssl = NULL;
  2696. int testresult = 0;
  2697. SSL_SESSION *sess = NULL;
  2698. unsigned char buf[20];
  2699. size_t readbytes, written;
  2700. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
  2701. &serverssl, &sess, idx)))
  2702. goto end;
  2703. /* Write some data - should block due to handshake with server */
  2704. SSL_set_connect_state(clientssl);
  2705. if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
  2706. goto end;
  2707. /* Server should detect that early data has not been sent */
  2708. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2709. &readbytes),
  2710. SSL_READ_EARLY_DATA_FINISH)
  2711. || !TEST_size_t_eq(readbytes, 0)
  2712. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  2713. SSL_EARLY_DATA_NOT_SENT)
  2714. || !TEST_int_eq(SSL_get_early_data_status(clientssl),
  2715. SSL_EARLY_DATA_NOT_SENT))
  2716. goto end;
  2717. /* Continue writing the message we started earlier */
  2718. if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
  2719. || !TEST_size_t_eq(written, strlen(MSG1))
  2720. || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
  2721. || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
  2722. || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
  2723. || !TEST_size_t_eq(written, strlen(MSG2)))
  2724. goto end;
  2725. if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
  2726. || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
  2727. goto end;
  2728. testresult = 1;
  2729. end:
  2730. SSL_SESSION_free(sess);
  2731. SSL_SESSION_free(clientpsk);
  2732. SSL_SESSION_free(serverpsk);
  2733. clientpsk = serverpsk = NULL;
  2734. SSL_free(serverssl);
  2735. SSL_free(clientssl);
  2736. SSL_CTX_free(sctx);
  2737. SSL_CTX_free(cctx);
  2738. return testresult;
  2739. }
  2740. static int hostname_cb(SSL *s, int *al, void *arg)
  2741. {
  2742. const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
  2743. if (hostname != NULL && strcmp(hostname, "goodhost") == 0)
  2744. return SSL_TLSEXT_ERR_OK;
  2745. return SSL_TLSEXT_ERR_NOACK;
  2746. }
  2747. static const char *servalpn;
  2748. static int alpn_select_cb(SSL *ssl, const unsigned char **out,
  2749. unsigned char *outlen, const unsigned char *in,
  2750. unsigned int inlen, void *arg)
  2751. {
  2752. unsigned int protlen = 0;
  2753. const unsigned char *prot;
  2754. for (prot = in; prot < in + inlen; prot += protlen) {
  2755. protlen = *prot++;
  2756. if (in + inlen < prot + protlen)
  2757. return SSL_TLSEXT_ERR_NOACK;
  2758. if (protlen == strlen(servalpn)
  2759. && memcmp(prot, servalpn, protlen) == 0) {
  2760. *out = prot;
  2761. *outlen = protlen;
  2762. return SSL_TLSEXT_ERR_OK;
  2763. }
  2764. }
  2765. return SSL_TLSEXT_ERR_NOACK;
  2766. }
  2767. /* Test that a PSK can be used to send early_data */
  2768. static int test_early_data_psk(int idx)
  2769. {
  2770. SSL_CTX *cctx = NULL, *sctx = NULL;
  2771. SSL *clientssl = NULL, *serverssl = NULL;
  2772. int testresult = 0;
  2773. SSL_SESSION *sess = NULL;
  2774. unsigned char alpnlist[] = {
  2775. 0x08, 'g', 'o', 'o', 'd', 'a', 'l', 'p', 'n', 0x07, 'b', 'a', 'd', 'a',
  2776. 'l', 'p', 'n'
  2777. };
  2778. #define GOODALPNLEN 9
  2779. #define BADALPNLEN 8
  2780. #define GOODALPN (alpnlist)
  2781. #define BADALPN (alpnlist + GOODALPNLEN)
  2782. int err = 0;
  2783. unsigned char buf[20];
  2784. size_t readbytes, written;
  2785. int readearlyres = SSL_READ_EARLY_DATA_SUCCESS, connectres = 1;
  2786. int edstatus = SSL_EARLY_DATA_ACCEPTED;
  2787. /* We always set this up with a final parameter of "2" for PSK */
  2788. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
  2789. &serverssl, &sess, 2)))
  2790. goto end;
  2791. servalpn = "goodalpn";
  2792. /*
  2793. * Note: There is no test for inconsistent SNI with late client detection.
  2794. * This is because servers do not acknowledge SNI even if they are using
  2795. * it in a resumption handshake - so it is not actually possible for a
  2796. * client to detect a problem.
  2797. */
  2798. switch (idx) {
  2799. case 0:
  2800. /* Set inconsistent SNI (early client detection) */
  2801. err = SSL_R_INCONSISTENT_EARLY_DATA_SNI;
  2802. if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
  2803. || !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost")))
  2804. goto end;
  2805. break;
  2806. case 1:
  2807. /* Set inconsistent ALPN (early client detection) */
  2808. err = SSL_R_INCONSISTENT_EARLY_DATA_ALPN;
  2809. /* SSL_set_alpn_protos returns 0 for success and 1 for failure */
  2810. if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN,
  2811. GOODALPNLEN))
  2812. || !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN,
  2813. BADALPNLEN)))
  2814. goto end;
  2815. break;
  2816. case 2:
  2817. /*
  2818. * Set invalid protocol version. Technically this affects PSKs without
  2819. * early_data too, but we test it here because it is similar to the
  2820. * SNI/ALPN consistency tests.
  2821. */
  2822. err = SSL_R_BAD_PSK;
  2823. if (!TEST_true(SSL_SESSION_set_protocol_version(sess, TLS1_2_VERSION)))
  2824. goto end;
  2825. break;
  2826. case 3:
  2827. /*
  2828. * Set inconsistent SNI (server detected). In this case the connection
  2829. * will succeed but reject early_data.
  2830. */
  2831. SSL_SESSION_free(serverpsk);
  2832. serverpsk = SSL_SESSION_dup(clientpsk);
  2833. if (!TEST_ptr(serverpsk)
  2834. || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost")))
  2835. goto end;
  2836. edstatus = SSL_EARLY_DATA_REJECTED;
  2837. readearlyres = SSL_READ_EARLY_DATA_FINISH;
  2838. /* Fall through */
  2839. case 4:
  2840. /* Set consistent SNI */
  2841. if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
  2842. || !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost"))
  2843. || !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx,
  2844. hostname_cb)))
  2845. goto end;
  2846. break;
  2847. case 5:
  2848. /*
  2849. * Set inconsistent ALPN (server detected). In this case the connection
  2850. * will succeed but reject early_data.
  2851. */
  2852. servalpn = "badalpn";
  2853. edstatus = SSL_EARLY_DATA_REJECTED;
  2854. readearlyres = SSL_READ_EARLY_DATA_FINISH;
  2855. /* Fall through */
  2856. case 6:
  2857. /*
  2858. * Set consistent ALPN.
  2859. * SSL_set_alpn_protos returns 0 for success and 1 for failure. It
  2860. * accepts a list of protos (each one length prefixed).
  2861. * SSL_set1_alpn_selected accepts a single protocol (not length
  2862. * prefixed)
  2863. */
  2864. if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN + 1,
  2865. GOODALPNLEN - 1))
  2866. || !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN,
  2867. GOODALPNLEN)))
  2868. goto end;
  2869. SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
  2870. break;
  2871. case 7:
  2872. /* Set inconsistent ALPN (late client detection) */
  2873. SSL_SESSION_free(serverpsk);
  2874. serverpsk = SSL_SESSION_dup(clientpsk);
  2875. if (!TEST_ptr(serverpsk)
  2876. || !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk,
  2877. BADALPN + 1,
  2878. BADALPNLEN - 1))
  2879. || !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk,
  2880. GOODALPN + 1,
  2881. GOODALPNLEN - 1))
  2882. || !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist,
  2883. sizeof(alpnlist))))
  2884. goto end;
  2885. SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
  2886. edstatus = SSL_EARLY_DATA_ACCEPTED;
  2887. readearlyres = SSL_READ_EARLY_DATA_SUCCESS;
  2888. /* SSL_connect() call should fail */
  2889. connectres = -1;
  2890. break;
  2891. default:
  2892. TEST_error("Bad test index");
  2893. goto end;
  2894. }
  2895. SSL_set_connect_state(clientssl);
  2896. if (err != 0) {
  2897. if (!TEST_false(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
  2898. &written))
  2899. || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL)
  2900. || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
  2901. goto end;
  2902. } else {
  2903. if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
  2904. &written)))
  2905. goto end;
  2906. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  2907. &readbytes), readearlyres)
  2908. || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS
  2909. && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
  2910. || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
  2911. || !TEST_int_eq(SSL_connect(clientssl), connectres))
  2912. goto end;
  2913. }
  2914. testresult = 1;
  2915. end:
  2916. SSL_SESSION_free(sess);
  2917. SSL_SESSION_free(clientpsk);
  2918. SSL_SESSION_free(serverpsk);
  2919. clientpsk = serverpsk = NULL;
  2920. SSL_free(serverssl);
  2921. SSL_free(clientssl);
  2922. SSL_CTX_free(sctx);
  2923. SSL_CTX_free(cctx);
  2924. return testresult;
  2925. }
  2926. /*
  2927. * Test that a server that doesn't try to read early data can handle a
  2928. * client sending some.
  2929. */
  2930. static int test_early_data_not_expected(int idx)
  2931. {
  2932. SSL_CTX *cctx = NULL, *sctx = NULL;
  2933. SSL *clientssl = NULL, *serverssl = NULL;
  2934. int testresult = 0;
  2935. SSL_SESSION *sess = NULL;
  2936. unsigned char buf[20];
  2937. size_t readbytes, written;
  2938. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
  2939. &serverssl, &sess, idx)))
  2940. goto end;
  2941. /* Write some early data */
  2942. if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
  2943. &written)))
  2944. goto end;
  2945. /*
  2946. * Server should skip over early data and then block waiting for client to
  2947. * continue handshake
  2948. */
  2949. if (!TEST_int_le(SSL_accept(serverssl), 0)
  2950. || !TEST_int_gt(SSL_connect(clientssl), 0)
  2951. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  2952. SSL_EARLY_DATA_REJECTED)
  2953. || !TEST_int_gt(SSL_accept(serverssl), 0)
  2954. || !TEST_int_eq(SSL_get_early_data_status(clientssl),
  2955. SSL_EARLY_DATA_REJECTED))
  2956. goto end;
  2957. /* Send some normal data from client to server */
  2958. if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
  2959. || !TEST_size_t_eq(written, strlen(MSG2)))
  2960. goto end;
  2961. if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
  2962. || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
  2963. goto end;
  2964. testresult = 1;
  2965. end:
  2966. SSL_SESSION_free(sess);
  2967. SSL_SESSION_free(clientpsk);
  2968. SSL_SESSION_free(serverpsk);
  2969. clientpsk = serverpsk = NULL;
  2970. SSL_free(serverssl);
  2971. SSL_free(clientssl);
  2972. SSL_CTX_free(sctx);
  2973. SSL_CTX_free(cctx);
  2974. return testresult;
  2975. }
  2976. # ifndef OPENSSL_NO_TLS1_2
  2977. /*
  2978. * Test that a server attempting to read early data can handle a connection
  2979. * from a TLSv1.2 client.
  2980. */
  2981. static int test_early_data_tls1_2(int idx)
  2982. {
  2983. SSL_CTX *cctx = NULL, *sctx = NULL;
  2984. SSL *clientssl = NULL, *serverssl = NULL;
  2985. int testresult = 0;
  2986. unsigned char buf[20];
  2987. size_t readbytes, written;
  2988. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
  2989. &serverssl, NULL, idx)))
  2990. goto end;
  2991. /* Write some data - should block due to handshake with server */
  2992. SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
  2993. SSL_set_connect_state(clientssl);
  2994. if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
  2995. goto end;
  2996. /*
  2997. * Server should do TLSv1.2 handshake. First it will block waiting for more
  2998. * messages from client after ServerDone. Then SSL_read_early_data should
  2999. * finish and detect that early data has not been sent
  3000. */
  3001. if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  3002. &readbytes),
  3003. SSL_READ_EARLY_DATA_ERROR))
  3004. goto end;
  3005. /*
  3006. * Continue writing the message we started earlier. Will still block waiting
  3007. * for the CCS/Finished from server
  3008. */
  3009. if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
  3010. || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  3011. &readbytes),
  3012. SSL_READ_EARLY_DATA_FINISH)
  3013. || !TEST_size_t_eq(readbytes, 0)
  3014. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  3015. SSL_EARLY_DATA_NOT_SENT))
  3016. goto end;
  3017. /* Continue writing the message we started earlier */
  3018. if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
  3019. || !TEST_size_t_eq(written, strlen(MSG1))
  3020. || !TEST_int_eq(SSL_get_early_data_status(clientssl),
  3021. SSL_EARLY_DATA_NOT_SENT)
  3022. || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
  3023. || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
  3024. || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
  3025. || !TEST_size_t_eq(written, strlen(MSG2))
  3026. || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
  3027. || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
  3028. goto end;
  3029. testresult = 1;
  3030. end:
  3031. SSL_SESSION_free(clientpsk);
  3032. SSL_SESSION_free(serverpsk);
  3033. clientpsk = serverpsk = NULL;
  3034. SSL_free(serverssl);
  3035. SSL_free(clientssl);
  3036. SSL_CTX_free(sctx);
  3037. SSL_CTX_free(cctx);
  3038. return testresult;
  3039. }
  3040. # endif /* OPENSSL_NO_TLS1_2 */
  3041. /*
  3042. * Test configuring the TLSv1.3 ciphersuites
  3043. *
  3044. * Test 0: Set a default ciphersuite in the SSL_CTX (no explicit cipher_list)
  3045. * Test 1: Set a non-default ciphersuite in the SSL_CTX (no explicit cipher_list)
  3046. * Test 2: Set a default ciphersuite in the SSL (no explicit cipher_list)
  3047. * Test 3: Set a non-default ciphersuite in the SSL (no explicit cipher_list)
  3048. * Test 4: Set a default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
  3049. * Test 5: Set a non-default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
  3050. * Test 6: Set a default ciphersuite in the SSL (SSL_CTX cipher_list)
  3051. * Test 7: Set a non-default ciphersuite in the SSL (SSL_CTX cipher_list)
  3052. * Test 8: Set a default ciphersuite in the SSL (SSL cipher_list)
  3053. * Test 9: Set a non-default ciphersuite in the SSL (SSL cipher_list)
  3054. */
  3055. static int test_set_ciphersuite(int idx)
  3056. {
  3057. SSL_CTX *cctx = NULL, *sctx = NULL;
  3058. SSL *clientssl = NULL, *serverssl = NULL;
  3059. int testresult = 0;
  3060. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  3061. TLS1_VERSION, 0,
  3062. &sctx, &cctx, cert, privkey))
  3063. || !TEST_true(SSL_CTX_set_ciphersuites(sctx,
  3064. "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256")))
  3065. goto end;
  3066. if (idx >=4 && idx <= 7) {
  3067. /* SSL_CTX explicit cipher list */
  3068. if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384")))
  3069. goto end;
  3070. }
  3071. if (idx == 0 || idx == 4) {
  3072. /* Default ciphersuite */
  3073. if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
  3074. "TLS_AES_128_GCM_SHA256")))
  3075. goto end;
  3076. } else if (idx == 1 || idx == 5) {
  3077. /* Non default ciphersuite */
  3078. if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
  3079. "TLS_AES_128_CCM_SHA256")))
  3080. goto end;
  3081. }
  3082. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  3083. &clientssl, NULL, NULL)))
  3084. goto end;
  3085. if (idx == 8 || idx == 9) {
  3086. /* SSL explicit cipher list */
  3087. if (!TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")))
  3088. goto end;
  3089. }
  3090. if (idx == 2 || idx == 6 || idx == 8) {
  3091. /* Default ciphersuite */
  3092. if (!TEST_true(SSL_set_ciphersuites(clientssl,
  3093. "TLS_AES_128_GCM_SHA256")))
  3094. goto end;
  3095. } else if (idx == 3 || idx == 7 || idx == 9) {
  3096. /* Non default ciphersuite */
  3097. if (!TEST_true(SSL_set_ciphersuites(clientssl,
  3098. "TLS_AES_128_CCM_SHA256")))
  3099. goto end;
  3100. }
  3101. if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
  3102. goto end;
  3103. testresult = 1;
  3104. end:
  3105. SSL_free(serverssl);
  3106. SSL_free(clientssl);
  3107. SSL_CTX_free(sctx);
  3108. SSL_CTX_free(cctx);
  3109. return testresult;
  3110. }
  3111. static int test_ciphersuite_change(void)
  3112. {
  3113. SSL_CTX *cctx = NULL, *sctx = NULL;
  3114. SSL *clientssl = NULL, *serverssl = NULL;
  3115. SSL_SESSION *clntsess = NULL;
  3116. int testresult = 0;
  3117. const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
  3118. /* Create a session based on SHA-256 */
  3119. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  3120. TLS1_VERSION, 0,
  3121. &sctx, &cctx, cert, privkey))
  3122. || !TEST_true(SSL_CTX_set_ciphersuites(cctx,
  3123. "TLS_AES_128_GCM_SHA256"))
  3124. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  3125. &clientssl, NULL, NULL))
  3126. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  3127. SSL_ERROR_NONE)))
  3128. goto end;
  3129. clntsess = SSL_get1_session(clientssl);
  3130. /* Save for later */
  3131. aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
  3132. SSL_shutdown(clientssl);
  3133. SSL_shutdown(serverssl);
  3134. SSL_free(serverssl);
  3135. SSL_free(clientssl);
  3136. serverssl = clientssl = NULL;
  3137. # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  3138. /* Check we can resume a session with a different SHA-256 ciphersuite */
  3139. if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
  3140. "TLS_CHACHA20_POLY1305_SHA256"))
  3141. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3142. NULL, NULL))
  3143. || !TEST_true(SSL_set_session(clientssl, clntsess))
  3144. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  3145. SSL_ERROR_NONE))
  3146. || !TEST_true(SSL_session_reused(clientssl)))
  3147. goto end;
  3148. SSL_SESSION_free(clntsess);
  3149. clntsess = SSL_get1_session(clientssl);
  3150. SSL_shutdown(clientssl);
  3151. SSL_shutdown(serverssl);
  3152. SSL_free(serverssl);
  3153. SSL_free(clientssl);
  3154. serverssl = clientssl = NULL;
  3155. # endif
  3156. /*
  3157. * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
  3158. * succeeds but does not resume.
  3159. */
  3160. if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
  3161. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3162. NULL, NULL))
  3163. || !TEST_true(SSL_set_session(clientssl, clntsess))
  3164. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  3165. SSL_ERROR_SSL))
  3166. || !TEST_false(SSL_session_reused(clientssl)))
  3167. goto end;
  3168. SSL_SESSION_free(clntsess);
  3169. clntsess = NULL;
  3170. SSL_shutdown(clientssl);
  3171. SSL_shutdown(serverssl);
  3172. SSL_free(serverssl);
  3173. SSL_free(clientssl);
  3174. serverssl = clientssl = NULL;
  3175. /* Create a session based on SHA384 */
  3176. if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
  3177. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  3178. &clientssl, NULL, NULL))
  3179. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  3180. SSL_ERROR_NONE)))
  3181. goto end;
  3182. clntsess = SSL_get1_session(clientssl);
  3183. SSL_shutdown(clientssl);
  3184. SSL_shutdown(serverssl);
  3185. SSL_free(serverssl);
  3186. SSL_free(clientssl);
  3187. serverssl = clientssl = NULL;
  3188. if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
  3189. "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"))
  3190. || !TEST_true(SSL_CTX_set_ciphersuites(sctx,
  3191. "TLS_AES_256_GCM_SHA384"))
  3192. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3193. NULL, NULL))
  3194. || !TEST_true(SSL_set_session(clientssl, clntsess))
  3195. /*
  3196. * We use SSL_ERROR_WANT_READ below so that we can pause the
  3197. * connection after the initial ClientHello has been sent to
  3198. * enable us to make some session changes.
  3199. */
  3200. || !TEST_false(create_ssl_connection(serverssl, clientssl,
  3201. SSL_ERROR_WANT_READ)))
  3202. goto end;
  3203. /* Trick the client into thinking this session is for a different digest */
  3204. clntsess->cipher = aes_128_gcm_sha256;
  3205. clntsess->cipher_id = clntsess->cipher->id;
  3206. /*
  3207. * Continue the previously started connection. Server has selected a SHA-384
  3208. * ciphersuite, but client thinks the session is for SHA-256, so it should
  3209. * bail out.
  3210. */
  3211. if (!TEST_false(create_ssl_connection(serverssl, clientssl,
  3212. SSL_ERROR_SSL))
  3213. || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
  3214. SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
  3215. goto end;
  3216. testresult = 1;
  3217. end:
  3218. SSL_SESSION_free(clntsess);
  3219. SSL_free(serverssl);
  3220. SSL_free(clientssl);
  3221. SSL_CTX_free(sctx);
  3222. SSL_CTX_free(cctx);
  3223. return testresult;
  3224. }
  3225. /*
  3226. * Test TLSv1.3 Key exchange
  3227. * Test 0 = Test all ECDHE Key exchange with TLSv1.3 client and server
  3228. * Test 1 = Test NID_X9_62_prime256v1 with TLSv1.3 client and server
  3229. * Test 2 = Test NID_secp384r1 with TLSv1.3 client and server
  3230. * Test 3 = Test NID_secp521r1 with TLSv1.3 client and server
  3231. * Test 4 = Test NID_X25519 with TLSv1.3 client and server
  3232. * Test 5 = Test NID_X448 with TLSv1.3 client and server
  3233. * Test 6 = Test all FFDHE Key exchange with TLSv1.3 client and server
  3234. * Test 7 = Test NID_ffdhe2048 with TLSv1.3 client and server
  3235. * Test 8 = Test NID_ffdhe3072 with TLSv1.3 client and server
  3236. * Test 9 = Test NID_ffdhe4096 with TLSv1.3 client and server
  3237. * Test 10 = Test NID_ffdhe6144 with TLSv1.3 client and server
  3238. * Test 11 = Test NID_ffdhe8192 with TLSv1.3 client and server
  3239. * Test 12 = Test all ECDHE with TLSv1.2 client and server
  3240. * Test 13 = Test all FFDHE with TLSv1.2 client and server
  3241. */
  3242. static int test_key_exchange(int idx)
  3243. {
  3244. SSL_CTX *sctx = NULL, *cctx = NULL;
  3245. SSL *serverssl = NULL, *clientssl = NULL;
  3246. int testresult = 0;
  3247. # ifndef OPENSSL_NO_EC
  3248. int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1,
  3249. NID_secp521r1, NID_X25519, NID_X448};
  3250. # endif
  3251. # ifndef OPENSSL_NO_DH
  3252. int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
  3253. NID_ffdhe6144, NID_ffdhe8192};
  3254. # endif
  3255. int kexch_alg;
  3256. int *kexch_groups = &kexch_alg;
  3257. int kexch_groups_size = 1;
  3258. int max_version = TLS1_3_VERSION;
  3259. switch (idx) {
  3260. # ifndef OPENSSL_NO_EC
  3261. # ifndef OPENSSL_NO_TLS1_2
  3262. case 12:
  3263. max_version = TLS1_2_VERSION;
  3264. # endif
  3265. /* Fall through */
  3266. case 0:
  3267. kexch_groups = ecdhe_kexch_groups;
  3268. kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
  3269. break;
  3270. case 1:
  3271. kexch_alg = NID_X9_62_prime256v1;
  3272. break;
  3273. case 2:
  3274. kexch_alg = NID_secp384r1;
  3275. break;
  3276. case 3:
  3277. kexch_alg = NID_secp521r1;
  3278. break;
  3279. case 4:
  3280. kexch_alg = NID_X25519;
  3281. break;
  3282. case 5:
  3283. kexch_alg = NID_X448;
  3284. break;
  3285. # endif
  3286. # ifndef OPENSSL_NO_DH
  3287. # ifndef OPENSSL_NO_TLS1_2
  3288. case 13:
  3289. max_version = TLS1_2_VERSION;
  3290. # endif
  3291. /* Fall through */
  3292. case 6:
  3293. kexch_groups = ffdhe_kexch_groups;
  3294. kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
  3295. break;
  3296. case 7:
  3297. kexch_alg = NID_ffdhe2048;
  3298. break;
  3299. case 8:
  3300. kexch_alg = NID_ffdhe3072;
  3301. break;
  3302. case 9:
  3303. kexch_alg = NID_ffdhe4096;
  3304. break;
  3305. case 10:
  3306. kexch_alg = NID_ffdhe6144;
  3307. break;
  3308. case 11:
  3309. kexch_alg = NID_ffdhe8192;
  3310. break;
  3311. # endif
  3312. default:
  3313. /* We're skipping this test */
  3314. return 1;
  3315. }
  3316. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  3317. TLS1_VERSION, max_version,
  3318. &sctx, &cctx, cert, privkey)))
  3319. goto end;
  3320. if (!TEST_true(SSL_CTX_set_ciphersuites(sctx,
  3321. TLS1_3_RFC_AES_128_GCM_SHA256)))
  3322. goto end;
  3323. if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
  3324. TLS1_3_RFC_AES_128_GCM_SHA256)))
  3325. goto end;
  3326. if (!TEST_true(SSL_CTX_set_cipher_list(sctx,
  3327. TLS1_TXT_RSA_WITH_AES_128_SHA)))
  3328. goto end;
  3329. /*
  3330. * Must include an EC ciphersuite so that we send supported groups in
  3331. * TLSv1.2
  3332. */
  3333. # ifndef OPENSSL_NO_TLS1_2
  3334. if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
  3335. TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM ":"
  3336. TLS1_TXT_RSA_WITH_AES_128_SHA)))
  3337. goto end;
  3338. # endif
  3339. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3340. NULL, NULL)))
  3341. goto end;
  3342. if (!TEST_true(SSL_set1_groups(serverssl, kexch_groups, kexch_groups_size))
  3343. || !TEST_true(SSL_set1_groups(clientssl, kexch_groups, kexch_groups_size)))
  3344. goto end;
  3345. if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
  3346. goto end;
  3347. /*
  3348. * If Handshake succeeds the negotiated kexch alg should be the first one in
  3349. * configured, except in the case of FFDHE groups (idx 13), which are
  3350. * TLSv1.3 only so we expect no shared group to exist.
  3351. */
  3352. if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0),
  3353. idx == 13 ? 0 : kexch_groups[0]))
  3354. goto end;
  3355. if (max_version == TLS1_3_VERSION) {
  3356. if (!TEST_int_eq(SSL_get_negotiated_group(serverssl), kexch_groups[0]))
  3357. goto end;
  3358. if (!TEST_int_eq(SSL_get_negotiated_group(clientssl), kexch_groups[0]))
  3359. goto end;
  3360. }
  3361. testresult = 1;
  3362. end:
  3363. SSL_free(serverssl);
  3364. SSL_free(clientssl);
  3365. SSL_CTX_free(sctx);
  3366. SSL_CTX_free(cctx);
  3367. return testresult;
  3368. }
  3369. /*
  3370. * Test TLSv1.3 Cipher Suite
  3371. * Test 0 = Set TLS1.3 cipher on context
  3372. * Test 1 = Set TLS1.3 cipher on SSL
  3373. * Test 2 = Set TLS1.3 and TLS1.2 cipher on context
  3374. * Test 3 = Set TLS1.3 and TLS1.2 cipher on SSL
  3375. */
  3376. static int test_tls13_ciphersuite(int idx)
  3377. {
  3378. SSL_CTX *sctx = NULL, *cctx = NULL;
  3379. SSL *serverssl = NULL, *clientssl = NULL;
  3380. static const char *t13_ciphers[] = {
  3381. TLS1_3_RFC_AES_128_GCM_SHA256,
  3382. TLS1_3_RFC_AES_256_GCM_SHA384,
  3383. TLS1_3_RFC_AES_128_CCM_SHA256,
  3384. # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  3385. TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
  3386. TLS1_3_RFC_AES_256_GCM_SHA384 ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
  3387. # endif
  3388. TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256
  3389. };
  3390. const char *t13_cipher = NULL;
  3391. const char *t12_cipher = NULL;
  3392. const char *negotiated_scipher;
  3393. const char *negotiated_ccipher;
  3394. int set_at_ctx = 0;
  3395. int set_at_ssl = 0;
  3396. int testresult = 0;
  3397. int max_ver;
  3398. size_t i;
  3399. switch (idx) {
  3400. case 0:
  3401. set_at_ctx = 1;
  3402. break;
  3403. case 1:
  3404. set_at_ssl = 1;
  3405. break;
  3406. case 2:
  3407. set_at_ctx = 1;
  3408. t12_cipher = TLS1_TXT_RSA_WITH_AES_128_SHA256;
  3409. break;
  3410. case 3:
  3411. set_at_ssl = 1;
  3412. t12_cipher = TLS1_TXT_RSA_WITH_AES_128_SHA256;
  3413. break;
  3414. }
  3415. for (max_ver = TLS1_2_VERSION; max_ver <= TLS1_3_VERSION; max_ver++) {
  3416. # ifdef OPENSSL_NO_TLS1_2
  3417. if (max_ver == TLS1_2_VERSION)
  3418. continue;
  3419. # endif
  3420. for (i = 0; i < OSSL_NELEM(t13_ciphers); i++) {
  3421. t13_cipher = t13_ciphers[i];
  3422. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  3423. TLS_client_method(),
  3424. TLS1_VERSION, max_ver,
  3425. &sctx, &cctx, cert, privkey)))
  3426. goto end;
  3427. if (set_at_ctx) {
  3428. if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, t13_cipher))
  3429. || !TEST_true(SSL_CTX_set_ciphersuites(cctx, t13_cipher)))
  3430. goto end;
  3431. if (t12_cipher != NULL) {
  3432. if (!TEST_true(SSL_CTX_set_cipher_list(sctx, t12_cipher))
  3433. || !TEST_true(SSL_CTX_set_cipher_list(cctx,
  3434. t12_cipher)))
  3435. goto end;
  3436. }
  3437. }
  3438. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  3439. &clientssl, NULL, NULL)))
  3440. goto end;
  3441. if (set_at_ssl) {
  3442. if (!TEST_true(SSL_set_ciphersuites(serverssl, t13_cipher))
  3443. || !TEST_true(SSL_set_ciphersuites(clientssl, t13_cipher)))
  3444. goto end;
  3445. if (t12_cipher != NULL) {
  3446. if (!TEST_true(SSL_set_cipher_list(serverssl, t12_cipher))
  3447. || !TEST_true(SSL_set_cipher_list(clientssl,
  3448. t12_cipher)))
  3449. goto end;
  3450. }
  3451. }
  3452. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  3453. SSL_ERROR_NONE)))
  3454. goto end;
  3455. negotiated_scipher = SSL_CIPHER_get_name(SSL_get_current_cipher(
  3456. serverssl));
  3457. negotiated_ccipher = SSL_CIPHER_get_name(SSL_get_current_cipher(
  3458. clientssl));
  3459. if (!TEST_str_eq(negotiated_scipher, negotiated_ccipher))
  3460. goto end;
  3461. /*
  3462. * TEST_strn_eq is used below because t13_cipher can contain
  3463. * multiple ciphersuites
  3464. */
  3465. if (max_ver == TLS1_3_VERSION
  3466. && !TEST_strn_eq(t13_cipher, negotiated_scipher,
  3467. strlen(negotiated_scipher)))
  3468. goto end;
  3469. # ifndef OPENSSL_NO_TLS1_2
  3470. /* Below validation is not done when t12_cipher is NULL */
  3471. if (max_ver == TLS1_2_VERSION && t12_cipher != NULL
  3472. && !TEST_str_eq(t12_cipher, negotiated_scipher))
  3473. goto end;
  3474. # endif
  3475. SSL_free(serverssl);
  3476. serverssl = NULL;
  3477. SSL_free(clientssl);
  3478. clientssl = NULL;
  3479. SSL_CTX_free(sctx);
  3480. sctx = NULL;
  3481. SSL_CTX_free(cctx);
  3482. cctx = NULL;
  3483. }
  3484. }
  3485. testresult = 1;
  3486. end:
  3487. SSL_free(serverssl);
  3488. SSL_free(clientssl);
  3489. SSL_CTX_free(sctx);
  3490. SSL_CTX_free(cctx);
  3491. return testresult;
  3492. }
  3493. /*
  3494. * Test TLSv1.3 PSKs
  3495. * Test 0 = Test new style callbacks
  3496. * Test 1 = Test both new and old style callbacks
  3497. * Test 2 = Test old style callbacks
  3498. * Test 3 = Test old style callbacks with no certificate
  3499. */
  3500. static int test_tls13_psk(int idx)
  3501. {
  3502. SSL_CTX *sctx = NULL, *cctx = NULL;
  3503. SSL *serverssl = NULL, *clientssl = NULL;
  3504. const SSL_CIPHER *cipher = NULL;
  3505. const unsigned char key[] = {
  3506. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  3507. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  3508. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
  3509. 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
  3510. };
  3511. int testresult = 0;
  3512. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  3513. TLS1_VERSION, 0,
  3514. &sctx, &cctx, idx == 3 ? NULL : cert,
  3515. idx == 3 ? NULL : privkey)))
  3516. goto end;
  3517. if (idx != 3) {
  3518. /*
  3519. * We use a ciphersuite with SHA256 to ease testing old style PSK
  3520. * callbacks which will always default to SHA256. This should not be
  3521. * necessary if we have no cert/priv key. In that case the server should
  3522. * prefer SHA256 automatically.
  3523. */
  3524. if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
  3525. "TLS_AES_128_GCM_SHA256")))
  3526. goto end;
  3527. }
  3528. /*
  3529. * Test 0: New style callbacks only
  3530. * Test 1: New and old style callbacks (only the new ones should be used)
  3531. * Test 2: Old style callbacks only
  3532. */
  3533. if (idx == 0 || idx == 1) {
  3534. SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
  3535. SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
  3536. }
  3537. #ifndef OPENSSL_NO_PSK
  3538. if (idx >= 1) {
  3539. SSL_CTX_set_psk_client_callback(cctx, psk_client_cb);
  3540. SSL_CTX_set_psk_server_callback(sctx, psk_server_cb);
  3541. }
  3542. #endif
  3543. srvid = pskid;
  3544. use_session_cb_cnt = 0;
  3545. find_session_cb_cnt = 0;
  3546. psk_client_cb_cnt = 0;
  3547. psk_server_cb_cnt = 0;
  3548. if (idx != 3) {
  3549. /*
  3550. * Check we can create a connection if callback decides not to send a
  3551. * PSK
  3552. */
  3553. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3554. NULL, NULL))
  3555. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  3556. SSL_ERROR_NONE))
  3557. || !TEST_false(SSL_session_reused(clientssl))
  3558. || !TEST_false(SSL_session_reused(serverssl)))
  3559. goto end;
  3560. if (idx == 0 || idx == 1) {
  3561. if (!TEST_true(use_session_cb_cnt == 1)
  3562. || !TEST_true(find_session_cb_cnt == 0)
  3563. /*
  3564. * If no old style callback then below should be 0
  3565. * otherwise 1
  3566. */
  3567. || !TEST_true(psk_client_cb_cnt == idx)
  3568. || !TEST_true(psk_server_cb_cnt == 0))
  3569. goto end;
  3570. } else {
  3571. if (!TEST_true(use_session_cb_cnt == 0)
  3572. || !TEST_true(find_session_cb_cnt == 0)
  3573. || !TEST_true(psk_client_cb_cnt == 1)
  3574. || !TEST_true(psk_server_cb_cnt == 0))
  3575. goto end;
  3576. }
  3577. shutdown_ssl_connection(serverssl, clientssl);
  3578. serverssl = clientssl = NULL;
  3579. use_session_cb_cnt = psk_client_cb_cnt = 0;
  3580. }
  3581. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3582. NULL, NULL)))
  3583. goto end;
  3584. /* Create the PSK */
  3585. cipher = SSL_CIPHER_find(clientssl, TLS13_AES_128_GCM_SHA256_BYTES);
  3586. clientpsk = SSL_SESSION_new();
  3587. if (!TEST_ptr(clientpsk)
  3588. || !TEST_ptr(cipher)
  3589. || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key,
  3590. sizeof(key)))
  3591. || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher))
  3592. || !TEST_true(SSL_SESSION_set_protocol_version(clientpsk,
  3593. TLS1_3_VERSION))
  3594. || !TEST_true(SSL_SESSION_up_ref(clientpsk)))
  3595. goto end;
  3596. serverpsk = clientpsk;
  3597. /* Check we can create a connection and the PSK is used */
  3598. if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
  3599. || !TEST_true(SSL_session_reused(clientssl))
  3600. || !TEST_true(SSL_session_reused(serverssl)))
  3601. goto end;
  3602. if (idx == 0 || idx == 1) {
  3603. if (!TEST_true(use_session_cb_cnt == 1)
  3604. || !TEST_true(find_session_cb_cnt == 1)
  3605. || !TEST_true(psk_client_cb_cnt == 0)
  3606. || !TEST_true(psk_server_cb_cnt == 0))
  3607. goto end;
  3608. } else {
  3609. if (!TEST_true(use_session_cb_cnt == 0)
  3610. || !TEST_true(find_session_cb_cnt == 0)
  3611. || !TEST_true(psk_client_cb_cnt == 1)
  3612. || !TEST_true(psk_server_cb_cnt == 1))
  3613. goto end;
  3614. }
  3615. shutdown_ssl_connection(serverssl, clientssl);
  3616. serverssl = clientssl = NULL;
  3617. use_session_cb_cnt = find_session_cb_cnt = 0;
  3618. psk_client_cb_cnt = psk_server_cb_cnt = 0;
  3619. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3620. NULL, NULL)))
  3621. goto end;
  3622. /* Force an HRR */
  3623. #if defined(OPENSSL_NO_EC)
  3624. if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
  3625. goto end;
  3626. #else
  3627. if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
  3628. goto end;
  3629. #endif
  3630. /*
  3631. * Check we can create a connection, the PSK is used and the callbacks are
  3632. * called twice.
  3633. */
  3634. if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
  3635. || !TEST_true(SSL_session_reused(clientssl))
  3636. || !TEST_true(SSL_session_reused(serverssl)))
  3637. goto end;
  3638. if (idx == 0 || idx == 1) {
  3639. if (!TEST_true(use_session_cb_cnt == 2)
  3640. || !TEST_true(find_session_cb_cnt == 2)
  3641. || !TEST_true(psk_client_cb_cnt == 0)
  3642. || !TEST_true(psk_server_cb_cnt == 0))
  3643. goto end;
  3644. } else {
  3645. if (!TEST_true(use_session_cb_cnt == 0)
  3646. || !TEST_true(find_session_cb_cnt == 0)
  3647. || !TEST_true(psk_client_cb_cnt == 2)
  3648. || !TEST_true(psk_server_cb_cnt == 2))
  3649. goto end;
  3650. }
  3651. shutdown_ssl_connection(serverssl, clientssl);
  3652. serverssl = clientssl = NULL;
  3653. use_session_cb_cnt = find_session_cb_cnt = 0;
  3654. psk_client_cb_cnt = psk_server_cb_cnt = 0;
  3655. if (idx != 3) {
  3656. /*
  3657. * Check that if the server rejects the PSK we can still connect, but with
  3658. * a full handshake
  3659. */
  3660. srvid = "Dummy Identity";
  3661. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3662. NULL, NULL))
  3663. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  3664. SSL_ERROR_NONE))
  3665. || !TEST_false(SSL_session_reused(clientssl))
  3666. || !TEST_false(SSL_session_reused(serverssl)))
  3667. goto end;
  3668. if (idx == 0 || idx == 1) {
  3669. if (!TEST_true(use_session_cb_cnt == 1)
  3670. || !TEST_true(find_session_cb_cnt == 1)
  3671. || !TEST_true(psk_client_cb_cnt == 0)
  3672. /*
  3673. * If no old style callback then below should be 0
  3674. * otherwise 1
  3675. */
  3676. || !TEST_true(psk_server_cb_cnt == idx))
  3677. goto end;
  3678. } else {
  3679. if (!TEST_true(use_session_cb_cnt == 0)
  3680. || !TEST_true(find_session_cb_cnt == 0)
  3681. || !TEST_true(psk_client_cb_cnt == 1)
  3682. || !TEST_true(psk_server_cb_cnt == 1))
  3683. goto end;
  3684. }
  3685. shutdown_ssl_connection(serverssl, clientssl);
  3686. serverssl = clientssl = NULL;
  3687. }
  3688. testresult = 1;
  3689. end:
  3690. SSL_SESSION_free(clientpsk);
  3691. SSL_SESSION_free(serverpsk);
  3692. clientpsk = serverpsk = NULL;
  3693. SSL_free(serverssl);
  3694. SSL_free(clientssl);
  3695. SSL_CTX_free(sctx);
  3696. SSL_CTX_free(cctx);
  3697. return testresult;
  3698. }
  3699. static unsigned char cookie_magic_value[] = "cookie magic";
  3700. static int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
  3701. unsigned int *cookie_len)
  3702. {
  3703. /*
  3704. * Not suitable as a real cookie generation function but good enough for
  3705. * testing!
  3706. */
  3707. memcpy(cookie, cookie_magic_value, sizeof(cookie_magic_value) - 1);
  3708. *cookie_len = sizeof(cookie_magic_value) - 1;
  3709. return 1;
  3710. }
  3711. static int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
  3712. unsigned int cookie_len)
  3713. {
  3714. if (cookie_len == sizeof(cookie_magic_value) - 1
  3715. && memcmp(cookie, cookie_magic_value, cookie_len) == 0)
  3716. return 1;
  3717. return 0;
  3718. }
  3719. static int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
  3720. size_t *cookie_len)
  3721. {
  3722. unsigned int temp;
  3723. int res = generate_cookie_callback(ssl, cookie, &temp);
  3724. *cookie_len = temp;
  3725. return res;
  3726. }
  3727. static int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
  3728. size_t cookie_len)
  3729. {
  3730. return verify_cookie_callback(ssl, cookie, cookie_len);
  3731. }
  3732. static int test_stateless(void)
  3733. {
  3734. SSL_CTX *sctx = NULL, *cctx = NULL;
  3735. SSL *serverssl = NULL, *clientssl = NULL;
  3736. int testresult = 0;
  3737. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  3738. TLS1_VERSION, 0,
  3739. &sctx, &cctx, cert, privkey)))
  3740. goto end;
  3741. /* The arrival of CCS messages can confuse the test */
  3742. SSL_CTX_clear_options(cctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
  3743. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3744. NULL, NULL))
  3745. /* Send the first ClientHello */
  3746. || !TEST_false(create_ssl_connection(serverssl, clientssl,
  3747. SSL_ERROR_WANT_READ))
  3748. /*
  3749. * This should fail with a -1 return because we have no callbacks
  3750. * set up
  3751. */
  3752. || !TEST_int_eq(SSL_stateless(serverssl), -1))
  3753. goto end;
  3754. /* Fatal error so abandon the connection from this client */
  3755. SSL_free(clientssl);
  3756. clientssl = NULL;
  3757. /* Set up the cookie generation and verification callbacks */
  3758. SSL_CTX_set_stateless_cookie_generate_cb(sctx, generate_stateless_cookie_callback);
  3759. SSL_CTX_set_stateless_cookie_verify_cb(sctx, verify_stateless_cookie_callback);
  3760. /*
  3761. * Create a new connection from the client (we can reuse the server SSL
  3762. * object).
  3763. */
  3764. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3765. NULL, NULL))
  3766. /* Send the first ClientHello */
  3767. || !TEST_false(create_ssl_connection(serverssl, clientssl,
  3768. SSL_ERROR_WANT_READ))
  3769. /* This should fail because there is no cookie */
  3770. || !TEST_int_eq(SSL_stateless(serverssl), 0))
  3771. goto end;
  3772. /* Abandon the connection from this client */
  3773. SSL_free(clientssl);
  3774. clientssl = NULL;
  3775. /*
  3776. * Now create a connection from a new client but with the same server SSL
  3777. * object
  3778. */
  3779. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  3780. NULL, NULL))
  3781. /* Send the first ClientHello */
  3782. || !TEST_false(create_ssl_connection(serverssl, clientssl,
  3783. SSL_ERROR_WANT_READ))
  3784. /* This should fail because there is no cookie */
  3785. || !TEST_int_eq(SSL_stateless(serverssl), 0)
  3786. /* Send the second ClientHello */
  3787. || !TEST_false(create_ssl_connection(serverssl, clientssl,
  3788. SSL_ERROR_WANT_READ))
  3789. /* This should succeed because a cookie is now present */
  3790. || !TEST_int_eq(SSL_stateless(serverssl), 1)
  3791. /* Complete the connection */
  3792. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  3793. SSL_ERROR_NONE)))
  3794. goto end;
  3795. shutdown_ssl_connection(serverssl, clientssl);
  3796. serverssl = clientssl = NULL;
  3797. testresult = 1;
  3798. end:
  3799. SSL_free(serverssl);
  3800. SSL_free(clientssl);
  3801. SSL_CTX_free(sctx);
  3802. SSL_CTX_free(cctx);
  3803. return testresult;
  3804. }
  3805. #endif /* OPENSSL_NO_TLS1_3 */
  3806. static int clntaddoldcb = 0;
  3807. static int clntparseoldcb = 0;
  3808. static int srvaddoldcb = 0;
  3809. static int srvparseoldcb = 0;
  3810. static int clntaddnewcb = 0;
  3811. static int clntparsenewcb = 0;
  3812. static int srvaddnewcb = 0;
  3813. static int srvparsenewcb = 0;
  3814. static int snicb = 0;
  3815. #define TEST_EXT_TYPE1 0xff00
  3816. static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
  3817. size_t *outlen, int *al, void *add_arg)
  3818. {
  3819. int *server = (int *)add_arg;
  3820. unsigned char *data;
  3821. if (SSL_is_server(s))
  3822. srvaddoldcb++;
  3823. else
  3824. clntaddoldcb++;
  3825. if (*server != SSL_is_server(s)
  3826. || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
  3827. return -1;
  3828. *data = 1;
  3829. *out = data;
  3830. *outlen = sizeof(char);
  3831. return 1;
  3832. }
  3833. static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
  3834. void *add_arg)
  3835. {
  3836. OPENSSL_free((unsigned char *)out);
  3837. }
  3838. static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
  3839. size_t inlen, int *al, void *parse_arg)
  3840. {
  3841. int *server = (int *)parse_arg;
  3842. if (SSL_is_server(s))
  3843. srvparseoldcb++;
  3844. else
  3845. clntparseoldcb++;
  3846. if (*server != SSL_is_server(s)
  3847. || inlen != sizeof(char)
  3848. || *in != 1)
  3849. return -1;
  3850. return 1;
  3851. }
  3852. static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
  3853. const unsigned char **out, size_t *outlen, X509 *x,
  3854. size_t chainidx, int *al, void *add_arg)
  3855. {
  3856. int *server = (int *)add_arg;
  3857. unsigned char *data;
  3858. if (SSL_is_server(s))
  3859. srvaddnewcb++;
  3860. else
  3861. clntaddnewcb++;
  3862. if (*server != SSL_is_server(s)
  3863. || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
  3864. return -1;
  3865. *data = 1;
  3866. *out = data;
  3867. *outlen = sizeof(*data);
  3868. return 1;
  3869. }
  3870. static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
  3871. const unsigned char *out, void *add_arg)
  3872. {
  3873. OPENSSL_free((unsigned char *)out);
  3874. }
  3875. static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
  3876. const unsigned char *in, size_t inlen, X509 *x,
  3877. size_t chainidx, int *al, void *parse_arg)
  3878. {
  3879. int *server = (int *)parse_arg;
  3880. if (SSL_is_server(s))
  3881. srvparsenewcb++;
  3882. else
  3883. clntparsenewcb++;
  3884. if (*server != SSL_is_server(s)
  3885. || inlen != sizeof(char) || *in != 1)
  3886. return -1;
  3887. return 1;
  3888. }
  3889. static int sni_cb(SSL *s, int *al, void *arg)
  3890. {
  3891. SSL_CTX *ctx = (SSL_CTX *)arg;
  3892. if (SSL_set_SSL_CTX(s, ctx) == NULL) {
  3893. *al = SSL_AD_INTERNAL_ERROR;
  3894. return SSL_TLSEXT_ERR_ALERT_FATAL;
  3895. }
  3896. snicb++;
  3897. return SSL_TLSEXT_ERR_OK;
  3898. }
  3899. /*
  3900. * Custom call back tests.
  3901. * Test 0: Old style callbacks in TLSv1.2
  3902. * Test 1: New style callbacks in TLSv1.2
  3903. * Test 2: New style callbacks in TLSv1.2 with SNI
  3904. * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
  3905. * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
  3906. */
  3907. static int test_custom_exts(int tst)
  3908. {
  3909. SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
  3910. SSL *clientssl = NULL, *serverssl = NULL;
  3911. int testresult = 0;
  3912. static int server = 1;
  3913. static int client = 0;
  3914. SSL_SESSION *sess = NULL;
  3915. unsigned int context;
  3916. #if defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3)
  3917. /* Skip tests for TLSv1.2 and below in this case */
  3918. if (tst < 3)
  3919. return 1;
  3920. #endif
  3921. /* Reset callback counters */
  3922. clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
  3923. clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
  3924. snicb = 0;
  3925. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  3926. TLS1_VERSION, 0,
  3927. &sctx, &cctx, cert, privkey)))
  3928. goto end;
  3929. if (tst == 2
  3930. && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
  3931. TLS1_VERSION, 0,
  3932. &sctx2, NULL, cert, privkey)))
  3933. goto end;
  3934. if (tst < 3) {
  3935. SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
  3936. SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
  3937. if (sctx2 != NULL)
  3938. SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
  3939. }
  3940. if (tst == 4) {
  3941. context = SSL_EXT_CLIENT_HELLO
  3942. | SSL_EXT_TLS1_2_SERVER_HELLO
  3943. | SSL_EXT_TLS1_3_SERVER_HELLO
  3944. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
  3945. | SSL_EXT_TLS1_3_CERTIFICATE
  3946. | SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
  3947. } else {
  3948. context = SSL_EXT_CLIENT_HELLO
  3949. | SSL_EXT_TLS1_2_SERVER_HELLO
  3950. | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
  3951. }
  3952. /* Create a client side custom extension */
  3953. if (tst == 0) {
  3954. if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
  3955. old_add_cb, old_free_cb,
  3956. &client, old_parse_cb,
  3957. &client)))
  3958. goto end;
  3959. } else {
  3960. if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
  3961. new_add_cb, new_free_cb,
  3962. &client, new_parse_cb, &client)))
  3963. goto end;
  3964. }
  3965. /* Should not be able to add duplicates */
  3966. if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
  3967. old_add_cb, old_free_cb,
  3968. &client, old_parse_cb,
  3969. &client))
  3970. || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
  3971. context, new_add_cb,
  3972. new_free_cb, &client,
  3973. new_parse_cb, &client)))
  3974. goto end;
  3975. /* Create a server side custom extension */
  3976. if (tst == 0) {
  3977. if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
  3978. old_add_cb, old_free_cb,
  3979. &server, old_parse_cb,
  3980. &server)))
  3981. goto end;
  3982. } else {
  3983. if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
  3984. new_add_cb, new_free_cb,
  3985. &server, new_parse_cb, &server)))
  3986. goto end;
  3987. if (sctx2 != NULL
  3988. && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
  3989. context, new_add_cb,
  3990. new_free_cb, &server,
  3991. new_parse_cb, &server)))
  3992. goto end;
  3993. }
  3994. /* Should not be able to add duplicates */
  3995. if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
  3996. old_add_cb, old_free_cb,
  3997. &server, old_parse_cb,
  3998. &server))
  3999. || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
  4000. context, new_add_cb,
  4001. new_free_cb, &server,
  4002. new_parse_cb, &server)))
  4003. goto end;
  4004. if (tst == 2) {
  4005. /* Set up SNI */
  4006. if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
  4007. || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
  4008. goto end;
  4009. }
  4010. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  4011. &clientssl, NULL, NULL))
  4012. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  4013. SSL_ERROR_NONE)))
  4014. goto end;
  4015. if (tst == 0) {
  4016. if (clntaddoldcb != 1
  4017. || clntparseoldcb != 1
  4018. || srvaddoldcb != 1
  4019. || srvparseoldcb != 1)
  4020. goto end;
  4021. } else if (tst == 1 || tst == 2 || tst == 3) {
  4022. if (clntaddnewcb != 1
  4023. || clntparsenewcb != 1
  4024. || srvaddnewcb != 1
  4025. || srvparsenewcb != 1
  4026. || (tst != 2 && snicb != 0)
  4027. || (tst == 2 && snicb != 1))
  4028. goto end;
  4029. } else {
  4030. /* In this case there 2 NewSessionTicket messages created */
  4031. if (clntaddnewcb != 1
  4032. || clntparsenewcb != 5
  4033. || srvaddnewcb != 5
  4034. || srvparsenewcb != 1)
  4035. goto end;
  4036. }
  4037. sess = SSL_get1_session(clientssl);
  4038. SSL_shutdown(clientssl);
  4039. SSL_shutdown(serverssl);
  4040. SSL_free(serverssl);
  4041. SSL_free(clientssl);
  4042. serverssl = clientssl = NULL;
  4043. if (tst == 3) {
  4044. /* We don't bother with the resumption aspects for this test */
  4045. testresult = 1;
  4046. goto end;
  4047. }
  4048. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  4049. NULL, NULL))
  4050. || !TEST_true(SSL_set_session(clientssl, sess))
  4051. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  4052. SSL_ERROR_NONE)))
  4053. goto end;
  4054. /*
  4055. * For a resumed session we expect to add the ClientHello extension. For the
  4056. * old style callbacks we ignore it on the server side because they set
  4057. * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
  4058. * them.
  4059. */
  4060. if (tst == 0) {
  4061. if (clntaddoldcb != 2
  4062. || clntparseoldcb != 1
  4063. || srvaddoldcb != 1
  4064. || srvparseoldcb != 1)
  4065. goto end;
  4066. } else if (tst == 1 || tst == 2 || tst == 3) {
  4067. if (clntaddnewcb != 2
  4068. || clntparsenewcb != 2
  4069. || srvaddnewcb != 2
  4070. || srvparsenewcb != 2)
  4071. goto end;
  4072. } else {
  4073. /*
  4074. * No Certificate message extensions in the resumption handshake,
  4075. * 2 NewSessionTickets in the initial handshake, 1 in the resumption
  4076. */
  4077. if (clntaddnewcb != 2
  4078. || clntparsenewcb != 8
  4079. || srvaddnewcb != 8
  4080. || srvparsenewcb != 2)
  4081. goto end;
  4082. }
  4083. testresult = 1;
  4084. end:
  4085. SSL_SESSION_free(sess);
  4086. SSL_free(serverssl);
  4087. SSL_free(clientssl);
  4088. SSL_CTX_free(sctx2);
  4089. SSL_CTX_free(sctx);
  4090. SSL_CTX_free(cctx);
  4091. return testresult;
  4092. }
  4093. /*
  4094. * Test loading of serverinfo data in various formats. test_sslmessages actually
  4095. * tests to make sure the extensions appear in the handshake
  4096. */
  4097. static int test_serverinfo(int tst)
  4098. {
  4099. unsigned int version;
  4100. unsigned char *sibuf;
  4101. size_t sibuflen;
  4102. int ret, expected, testresult = 0;
  4103. SSL_CTX *ctx;
  4104. ctx = SSL_CTX_new(TLS_method());
  4105. if (!TEST_ptr(ctx))
  4106. goto end;
  4107. if ((tst & 0x01) == 0x01)
  4108. version = SSL_SERVERINFOV2;
  4109. else
  4110. version = SSL_SERVERINFOV1;
  4111. if ((tst & 0x02) == 0x02) {
  4112. sibuf = serverinfov2;
  4113. sibuflen = sizeof(serverinfov2);
  4114. expected = (version == SSL_SERVERINFOV2);
  4115. } else {
  4116. sibuf = serverinfov1;
  4117. sibuflen = sizeof(serverinfov1);
  4118. expected = (version == SSL_SERVERINFOV1);
  4119. }
  4120. if ((tst & 0x04) == 0x04) {
  4121. ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
  4122. } else {
  4123. ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
  4124. /*
  4125. * The version variable is irrelevant in this case - it's what is in the
  4126. * buffer that matters
  4127. */
  4128. if ((tst & 0x02) == 0x02)
  4129. expected = 0;
  4130. else
  4131. expected = 1;
  4132. }
  4133. if (!TEST_true(ret == expected))
  4134. goto end;
  4135. testresult = 1;
  4136. end:
  4137. SSL_CTX_free(ctx);
  4138. return testresult;
  4139. }
  4140. /*
  4141. * Test that SSL_export_keying_material() produces expected results. There are
  4142. * no test vectors so all we do is test that both sides of the communication
  4143. * produce the same results for different protocol versions.
  4144. */
  4145. #define SMALL_LABEL_LEN 10
  4146. #define LONG_LABEL_LEN 249
  4147. static int test_export_key_mat(int tst)
  4148. {
  4149. int testresult = 0;
  4150. SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
  4151. SSL *clientssl = NULL, *serverssl = NULL;
  4152. const char label[LONG_LABEL_LEN + 1] = "test label";
  4153. const unsigned char context[] = "context";
  4154. const unsigned char *emptycontext = NULL;
  4155. unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
  4156. unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
  4157. size_t labellen;
  4158. const int protocols[] = {
  4159. TLS1_VERSION,
  4160. TLS1_1_VERSION,
  4161. TLS1_2_VERSION,
  4162. TLS1_3_VERSION,
  4163. TLS1_3_VERSION,
  4164. TLS1_3_VERSION
  4165. };
  4166. #ifdef OPENSSL_NO_TLS1
  4167. if (tst == 0)
  4168. return 1;
  4169. #endif
  4170. #ifdef OPENSSL_NO_TLS1_1
  4171. if (tst == 1)
  4172. return 1;
  4173. #endif
  4174. #ifdef OPENSSL_NO_TLS1_2
  4175. if (tst == 2)
  4176. return 1;
  4177. #endif
  4178. #ifdef OPENSSL_NO_TLS1_3
  4179. if (tst >= 3)
  4180. return 1;
  4181. #endif
  4182. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  4183. TLS1_VERSION, 0,
  4184. &sctx, &cctx, cert, privkey)))
  4185. goto end;
  4186. OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
  4187. SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
  4188. SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
  4189. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
  4190. NULL))
  4191. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  4192. SSL_ERROR_NONE)))
  4193. goto end;
  4194. if (tst == 5) {
  4195. /*
  4196. * TLSv1.3 imposes a maximum label len of 249 bytes. Check we fail if we
  4197. * go over that.
  4198. */
  4199. if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
  4200. sizeof(ckeymat1), label,
  4201. LONG_LABEL_LEN + 1, context,
  4202. sizeof(context) - 1, 1), 0))
  4203. goto end;
  4204. testresult = 1;
  4205. goto end;
  4206. } else if (tst == 4) {
  4207. labellen = LONG_LABEL_LEN;
  4208. } else {
  4209. labellen = SMALL_LABEL_LEN;
  4210. }
  4211. if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
  4212. sizeof(ckeymat1), label,
  4213. labellen, context,
  4214. sizeof(context) - 1, 1), 1)
  4215. || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
  4216. sizeof(ckeymat2), label,
  4217. labellen,
  4218. emptycontext,
  4219. 0, 1), 1)
  4220. || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
  4221. sizeof(ckeymat3), label,
  4222. labellen,
  4223. NULL, 0, 0), 1)
  4224. || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
  4225. sizeof(skeymat1), label,
  4226. labellen,
  4227. context,
  4228. sizeof(context) -1, 1),
  4229. 1)
  4230. || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
  4231. sizeof(skeymat2), label,
  4232. labellen,
  4233. emptycontext,
  4234. 0, 1), 1)
  4235. || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
  4236. sizeof(skeymat3), label,
  4237. labellen,
  4238. NULL, 0, 0), 1)
  4239. /*
  4240. * Check that both sides created the same key material with the
  4241. * same context.
  4242. */
  4243. || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
  4244. sizeof(skeymat1))
  4245. /*
  4246. * Check that both sides created the same key material with an
  4247. * empty context.
  4248. */
  4249. || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
  4250. sizeof(skeymat2))
  4251. /*
  4252. * Check that both sides created the same key material without a
  4253. * context.
  4254. */
  4255. || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3,
  4256. sizeof(skeymat3))
  4257. /* Different contexts should produce different results */
  4258. || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
  4259. sizeof(ckeymat2)))
  4260. goto end;
  4261. /*
  4262. * Check that an empty context and no context produce different results in
  4263. * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
  4264. */
  4265. if ((tst < 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
  4266. sizeof(ckeymat3)))
  4267. || (tst >= 3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
  4268. sizeof(ckeymat3))))
  4269. goto end;
  4270. testresult = 1;
  4271. end:
  4272. SSL_free(serverssl);
  4273. SSL_free(clientssl);
  4274. SSL_CTX_free(sctx2);
  4275. SSL_CTX_free(sctx);
  4276. SSL_CTX_free(cctx);
  4277. return testresult;
  4278. }
  4279. #ifndef OPENSSL_NO_TLS1_3
  4280. /*
  4281. * Test that SSL_export_keying_material_early() produces expected
  4282. * results. There are no test vectors so all we do is test that both
  4283. * sides of the communication produce the same results for different
  4284. * protocol versions.
  4285. */
  4286. static int test_export_key_mat_early(int idx)
  4287. {
  4288. static const char label[] = "test label";
  4289. static const unsigned char context[] = "context";
  4290. int testresult = 0;
  4291. SSL_CTX *cctx = NULL, *sctx = NULL;
  4292. SSL *clientssl = NULL, *serverssl = NULL;
  4293. SSL_SESSION *sess = NULL;
  4294. const unsigned char *emptycontext = NULL;
  4295. unsigned char ckeymat1[80], ckeymat2[80];
  4296. unsigned char skeymat1[80], skeymat2[80];
  4297. unsigned char buf[1];
  4298. size_t readbytes, written;
  4299. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl,
  4300. &sess, idx)))
  4301. goto end;
  4302. /* Here writing 0 length early data is enough. */
  4303. if (!TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written))
  4304. || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
  4305. &readbytes),
  4306. SSL_READ_EARLY_DATA_ERROR)
  4307. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  4308. SSL_EARLY_DATA_ACCEPTED))
  4309. goto end;
  4310. if (!TEST_int_eq(SSL_export_keying_material_early(
  4311. clientssl, ckeymat1, sizeof(ckeymat1), label,
  4312. sizeof(label) - 1, context, sizeof(context) - 1), 1)
  4313. || !TEST_int_eq(SSL_export_keying_material_early(
  4314. clientssl, ckeymat2, sizeof(ckeymat2), label,
  4315. sizeof(label) - 1, emptycontext, 0), 1)
  4316. || !TEST_int_eq(SSL_export_keying_material_early(
  4317. serverssl, skeymat1, sizeof(skeymat1), label,
  4318. sizeof(label) - 1, context, sizeof(context) - 1), 1)
  4319. || !TEST_int_eq(SSL_export_keying_material_early(
  4320. serverssl, skeymat2, sizeof(skeymat2), label,
  4321. sizeof(label) - 1, emptycontext, 0), 1)
  4322. /*
  4323. * Check that both sides created the same key material with the
  4324. * same context.
  4325. */
  4326. || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
  4327. sizeof(skeymat1))
  4328. /*
  4329. * Check that both sides created the same key material with an
  4330. * empty context.
  4331. */
  4332. || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
  4333. sizeof(skeymat2))
  4334. /* Different contexts should produce different results */
  4335. || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
  4336. sizeof(ckeymat2)))
  4337. goto end;
  4338. testresult = 1;
  4339. end:
  4340. SSL_SESSION_free(sess);
  4341. SSL_SESSION_free(clientpsk);
  4342. SSL_SESSION_free(serverpsk);
  4343. clientpsk = serverpsk = NULL;
  4344. SSL_free(serverssl);
  4345. SSL_free(clientssl);
  4346. SSL_CTX_free(sctx);
  4347. SSL_CTX_free(cctx);
  4348. return testresult;
  4349. }
  4350. #define NUM_KEY_UPDATE_MESSAGES 40
  4351. /*
  4352. * Test KeyUpdate.
  4353. */
  4354. static int test_key_update(void)
  4355. {
  4356. SSL_CTX *cctx = NULL, *sctx = NULL;
  4357. SSL *clientssl = NULL, *serverssl = NULL;
  4358. int testresult = 0, i, j;
  4359. char buf[20];
  4360. static char *mess = "A test message";
  4361. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  4362. TLS_client_method(),
  4363. TLS1_3_VERSION,
  4364. 0,
  4365. &sctx, &cctx, cert, privkey))
  4366. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  4367. NULL, NULL))
  4368. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  4369. SSL_ERROR_NONE)))
  4370. goto end;
  4371. for (j = 0; j < 2; j++) {
  4372. /* Send lots of KeyUpdate messages */
  4373. for (i = 0; i < NUM_KEY_UPDATE_MESSAGES; i++) {
  4374. if (!TEST_true(SSL_key_update(clientssl,
  4375. (j == 0)
  4376. ? SSL_KEY_UPDATE_NOT_REQUESTED
  4377. : SSL_KEY_UPDATE_REQUESTED))
  4378. || !TEST_true(SSL_do_handshake(clientssl)))
  4379. goto end;
  4380. }
  4381. /* Check that sending and receiving app data is ok */
  4382. if (!TEST_int_eq(SSL_write(clientssl, mess, strlen(mess)), strlen(mess))
  4383. || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),
  4384. strlen(mess)))
  4385. goto end;
  4386. if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess))
  4387. || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)),
  4388. strlen(mess)))
  4389. goto end;
  4390. }
  4391. testresult = 1;
  4392. end:
  4393. SSL_free(serverssl);
  4394. SSL_free(clientssl);
  4395. SSL_CTX_free(sctx);
  4396. SSL_CTX_free(cctx);
  4397. return testresult;
  4398. }
  4399. /*
  4400. * Test we can handle a KeyUpdate (update requested) message while write data
  4401. * is pending.
  4402. * Test 0: Client sends KeyUpdate while Server is writing
  4403. * Test 1: Server sends KeyUpdate while Client is writing
  4404. */
  4405. static int test_key_update_in_write(int tst)
  4406. {
  4407. SSL_CTX *cctx = NULL, *sctx = NULL;
  4408. SSL *clientssl = NULL, *serverssl = NULL;
  4409. int testresult = 0;
  4410. char buf[20];
  4411. static char *mess = "A test message";
  4412. BIO *bretry = BIO_new(bio_s_always_retry());
  4413. BIO *tmp = NULL;
  4414. SSL *peerupdate = NULL, *peerwrite = NULL;
  4415. if (!TEST_ptr(bretry)
  4416. || !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  4417. TLS_client_method(),
  4418. TLS1_3_VERSION,
  4419. 0,
  4420. &sctx, &cctx, cert, privkey))
  4421. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  4422. NULL, NULL))
  4423. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  4424. SSL_ERROR_NONE)))
  4425. goto end;
  4426. peerupdate = tst == 0 ? clientssl : serverssl;
  4427. peerwrite = tst == 0 ? serverssl : clientssl;
  4428. if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED))
  4429. || !TEST_true(SSL_do_handshake(peerupdate)))
  4430. goto end;
  4431. /* Swap the writing endpoint's write BIO to force a retry */
  4432. tmp = SSL_get_wbio(peerwrite);
  4433. if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
  4434. tmp = NULL;
  4435. goto end;
  4436. }
  4437. SSL_set0_wbio(peerwrite, bretry);
  4438. bretry = NULL;
  4439. /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */
  4440. if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1)
  4441. || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE))
  4442. goto end;
  4443. /* Reinstate the original writing endpoint's write BIO */
  4444. SSL_set0_wbio(peerwrite, tmp);
  4445. tmp = NULL;
  4446. /* Now read some data - we will read the key update */
  4447. if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1)
  4448. || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ))
  4449. goto end;
  4450. /*
  4451. * Complete the write we started previously and read it from the other
  4452. * endpoint
  4453. */
  4454. if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
  4455. || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
  4456. goto end;
  4457. /* Write more data to ensure we send the KeyUpdate message back */
  4458. if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
  4459. || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
  4460. goto end;
  4461. testresult = 1;
  4462. end:
  4463. SSL_free(serverssl);
  4464. SSL_free(clientssl);
  4465. SSL_CTX_free(sctx);
  4466. SSL_CTX_free(cctx);
  4467. BIO_free(bretry);
  4468. BIO_free(tmp);
  4469. return testresult;
  4470. }
  4471. #endif /* OPENSSL_NO_TLS1_3 */
  4472. static int test_ssl_clear(int idx)
  4473. {
  4474. SSL_CTX *cctx = NULL, *sctx = NULL;
  4475. SSL *clientssl = NULL, *serverssl = NULL;
  4476. int testresult = 0;
  4477. #ifdef OPENSSL_NO_TLS1_2
  4478. if (idx == 1)
  4479. return 1;
  4480. #endif
  4481. /* Create an initial connection */
  4482. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  4483. TLS1_VERSION, 0,
  4484. &sctx, &cctx, cert, privkey))
  4485. || (idx == 1
  4486. && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
  4487. TLS1_2_VERSION)))
  4488. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  4489. &clientssl, NULL, NULL))
  4490. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  4491. SSL_ERROR_NONE)))
  4492. goto end;
  4493. SSL_shutdown(clientssl);
  4494. SSL_shutdown(serverssl);
  4495. SSL_free(serverssl);
  4496. serverssl = NULL;
  4497. /* Clear clientssl - we're going to reuse the object */
  4498. if (!TEST_true(SSL_clear(clientssl)))
  4499. goto end;
  4500. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  4501. NULL, NULL))
  4502. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  4503. SSL_ERROR_NONE))
  4504. || !TEST_true(SSL_session_reused(clientssl)))
  4505. goto end;
  4506. SSL_shutdown(clientssl);
  4507. SSL_shutdown(serverssl);
  4508. testresult = 1;
  4509. end:
  4510. SSL_free(serverssl);
  4511. SSL_free(clientssl);
  4512. SSL_CTX_free(sctx);
  4513. SSL_CTX_free(cctx);
  4514. return testresult;
  4515. }
  4516. /* Parse CH and retrieve any MFL extension value if present */
  4517. static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code)
  4518. {
  4519. long len;
  4520. unsigned char *data;
  4521. PACKET pkt, pkt2, pkt3;
  4522. unsigned int MFL_code = 0, type = 0;
  4523. if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) )
  4524. goto end;
  4525. memset(&pkt, 0, sizeof(pkt));
  4526. memset(&pkt2, 0, sizeof(pkt2));
  4527. memset(&pkt3, 0, sizeof(pkt3));
  4528. if (!TEST_true( PACKET_buf_init( &pkt, data, len ) )
  4529. /* Skip the record header */
  4530. || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)
  4531. /* Skip the handshake message header */
  4532. || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
  4533. /* Skip client version and random */
  4534. || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN
  4535. + SSL3_RANDOM_SIZE))
  4536. /* Skip session id */
  4537. || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
  4538. /* Skip ciphers */
  4539. || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2))
  4540. /* Skip compression */
  4541. || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
  4542. /* Extensions len */
  4543. || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2)))
  4544. goto end;
  4545. /* Loop through all extensions */
  4546. while (PACKET_remaining(&pkt2)) {
  4547. if (!TEST_true(PACKET_get_net_2(&pkt2, &type))
  4548. || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3)))
  4549. goto end;
  4550. if (type == TLSEXT_TYPE_max_fragment_length) {
  4551. if (!TEST_uint_ne(PACKET_remaining(&pkt3), 0)
  4552. || !TEST_true(PACKET_get_1(&pkt3, &MFL_code)))
  4553. goto end;
  4554. *mfl_codemfl_code = MFL_code;
  4555. return 1;
  4556. }
  4557. }
  4558. end:
  4559. return 0;
  4560. }
  4561. /* Maximum-Fragment-Length TLS extension mode to test */
  4562. static const unsigned char max_fragment_len_test[] = {
  4563. TLSEXT_max_fragment_length_512,
  4564. TLSEXT_max_fragment_length_1024,
  4565. TLSEXT_max_fragment_length_2048,
  4566. TLSEXT_max_fragment_length_4096
  4567. };
  4568. static int test_max_fragment_len_ext(int idx_tst)
  4569. {
  4570. SSL_CTX *ctx;
  4571. SSL *con = NULL;
  4572. int testresult = 0, MFL_mode = 0;
  4573. BIO *rbio, *wbio;
  4574. ctx = SSL_CTX_new(TLS_method());
  4575. if (!TEST_ptr(ctx))
  4576. goto end;
  4577. if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length(
  4578. ctx, max_fragment_len_test[idx_tst])))
  4579. goto end;
  4580. con = SSL_new(ctx);
  4581. if (!TEST_ptr(con))
  4582. goto end;
  4583. rbio = BIO_new(BIO_s_mem());
  4584. wbio = BIO_new(BIO_s_mem());
  4585. if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
  4586. BIO_free(rbio);
  4587. BIO_free(wbio);
  4588. goto end;
  4589. }
  4590. SSL_set_bio(con, rbio, wbio);
  4591. SSL_set_connect_state(con);
  4592. if (!TEST_int_le(SSL_connect(con), 0)) {
  4593. /* This shouldn't succeed because we don't have a server! */
  4594. goto end;
  4595. }
  4596. if (!TEST_true(get_MFL_from_client_hello(wbio, &MFL_mode)))
  4597. /* no MFL in client hello */
  4598. goto end;
  4599. if (!TEST_true(max_fragment_len_test[idx_tst] == MFL_mode))
  4600. goto end;
  4601. testresult = 1;
  4602. end:
  4603. SSL_free(con);
  4604. SSL_CTX_free(ctx);
  4605. return testresult;
  4606. }
  4607. #ifndef OPENSSL_NO_TLS1_3
  4608. static int test_pha_key_update(void)
  4609. {
  4610. SSL_CTX *cctx = NULL, *sctx = NULL;
  4611. SSL *clientssl = NULL, *serverssl = NULL;
  4612. int testresult = 0;
  4613. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  4614. TLS1_VERSION, 0,
  4615. &sctx, &cctx, cert, privkey)))
  4616. return 0;
  4617. if (!TEST_true(SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION))
  4618. || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_3_VERSION))
  4619. || !TEST_true(SSL_CTX_set_min_proto_version(cctx, TLS1_3_VERSION))
  4620. || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_3_VERSION)))
  4621. goto end;
  4622. SSL_CTX_set_post_handshake_auth(cctx, 1);
  4623. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  4624. NULL, NULL)))
  4625. goto end;
  4626. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  4627. SSL_ERROR_NONE)))
  4628. goto end;
  4629. SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
  4630. if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
  4631. goto end;
  4632. if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED)))
  4633. goto end;
  4634. /* Start handshake on the server */
  4635. if (!TEST_int_eq(SSL_do_handshake(serverssl), 1))
  4636. goto end;
  4637. /* Starts with SSL_connect(), but it's really just SSL_do_handshake() */
  4638. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  4639. SSL_ERROR_NONE)))
  4640. goto end;
  4641. SSL_shutdown(clientssl);
  4642. SSL_shutdown(serverssl);
  4643. testresult = 1;
  4644. end:
  4645. SSL_free(serverssl);
  4646. SSL_free(clientssl);
  4647. SSL_CTX_free(sctx);
  4648. SSL_CTX_free(cctx);
  4649. return testresult;
  4650. }
  4651. #endif
  4652. #if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
  4653. static SRP_VBASE *vbase = NULL;
  4654. static int ssl_srp_cb(SSL *s, int *ad, void *arg)
  4655. {
  4656. int ret = SSL3_AL_FATAL;
  4657. char *username;
  4658. SRP_user_pwd *user = NULL;
  4659. username = SSL_get_srp_username(s);
  4660. if (username == NULL) {
  4661. *ad = SSL_AD_INTERNAL_ERROR;
  4662. goto err;
  4663. }
  4664. user = SRP_VBASE_get1_by_user(vbase, username);
  4665. if (user == NULL) {
  4666. *ad = SSL_AD_INTERNAL_ERROR;
  4667. goto err;
  4668. }
  4669. if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v,
  4670. user->info) <= 0) {
  4671. *ad = SSL_AD_INTERNAL_ERROR;
  4672. goto err;
  4673. }
  4674. ret = 0;
  4675. err:
  4676. SRP_user_pwd_free(user);
  4677. return ret;
  4678. }
  4679. static int create_new_vfile(char *userid, char *password, const char *filename)
  4680. {
  4681. char *gNid = NULL;
  4682. OPENSSL_STRING *row = OPENSSL_zalloc(sizeof(row) * (DB_NUMBER + 1));
  4683. TXT_DB *db = NULL;
  4684. int ret = 0;
  4685. BIO *out = NULL, *dummy = BIO_new_mem_buf("", 0);
  4686. size_t i;
  4687. if (!TEST_ptr(dummy) || !TEST_ptr(row))
  4688. goto end;
  4689. gNid = SRP_create_verifier(userid, password, &row[DB_srpsalt],
  4690. &row[DB_srpverifier], NULL, NULL);
  4691. if (!TEST_ptr(gNid))
  4692. goto end;
  4693. /*
  4694. * The only way to create an empty TXT_DB is to provide a BIO with no data
  4695. * in it!
  4696. */
  4697. db = TXT_DB_read(dummy, DB_NUMBER);
  4698. if (!TEST_ptr(db))
  4699. goto end;
  4700. out = BIO_new_file(filename, "w");
  4701. if (!TEST_ptr(out))
  4702. goto end;
  4703. row[DB_srpid] = OPENSSL_strdup(userid);
  4704. row[DB_srptype] = OPENSSL_strdup("V");
  4705. row[DB_srpgN] = OPENSSL_strdup(gNid);
  4706. if (!TEST_ptr(row[DB_srpid])
  4707. || !TEST_ptr(row[DB_srptype])
  4708. || !TEST_ptr(row[DB_srpgN])
  4709. || !TEST_true(TXT_DB_insert(db, row)))
  4710. goto end;
  4711. row = NULL;
  4712. if (!TXT_DB_write(out, db))
  4713. goto end;
  4714. ret = 1;
  4715. end:
  4716. if (row != NULL) {
  4717. for (i = 0; i < DB_NUMBER; i++)
  4718. OPENSSL_free(row[i]);
  4719. }
  4720. OPENSSL_free(row);
  4721. BIO_free(dummy);
  4722. BIO_free(out);
  4723. TXT_DB_free(db);
  4724. return ret;
  4725. }
  4726. static int create_new_vbase(char *userid, char *password)
  4727. {
  4728. BIGNUM *verifier = NULL, *salt = NULL;
  4729. const SRP_gN *lgN = NULL;
  4730. SRP_user_pwd *user_pwd = NULL;
  4731. int ret = 0;
  4732. lgN = SRP_get_default_gN(NULL);
  4733. if (!TEST_ptr(lgN))
  4734. goto end;
  4735. if (!TEST_true(SRP_create_verifier_BN(userid, password, &salt, &verifier,
  4736. lgN->N, lgN->g)))
  4737. goto end;
  4738. user_pwd = OPENSSL_zalloc(sizeof(*user_pwd));
  4739. if (!TEST_ptr(user_pwd))
  4740. goto end;
  4741. user_pwd->N = lgN->N;
  4742. user_pwd->g = lgN->g;
  4743. user_pwd->id = OPENSSL_strdup(userid);
  4744. if (!TEST_ptr(user_pwd->id))
  4745. goto end;
  4746. user_pwd->v = verifier;
  4747. user_pwd->s = salt;
  4748. verifier = salt = NULL;
  4749. if (sk_SRP_user_pwd_insert(vbase->users_pwd, user_pwd, 0) == 0)
  4750. goto end;
  4751. user_pwd = NULL;
  4752. ret = 1;
  4753. end:
  4754. SRP_user_pwd_free(user_pwd);
  4755. BN_free(salt);
  4756. BN_free(verifier);
  4757. return ret;
  4758. }
  4759. /*
  4760. * SRP tests
  4761. *
  4762. * Test 0: Simple successful SRP connection, new vbase
  4763. * Test 1: Connection failure due to bad password, new vbase
  4764. * Test 2: Simple successful SRP connection, vbase loaded from existing file
  4765. * Test 3: Connection failure due to bad password, vbase loaded from existing
  4766. * file
  4767. * Test 4: Simple successful SRP connection, vbase loaded from new file
  4768. * Test 5: Connection failure due to bad password, vbase loaded from new file
  4769. */
  4770. static int test_srp(int tst)
  4771. {
  4772. char *userid = "test", *password = "password", *tstsrpfile;
  4773. SSL_CTX *cctx = NULL, *sctx = NULL;
  4774. SSL *clientssl = NULL, *serverssl = NULL;
  4775. int ret, testresult = 0;
  4776. vbase = SRP_VBASE_new(NULL);
  4777. if (!TEST_ptr(vbase))
  4778. goto end;
  4779. if (tst == 0 || tst == 1) {
  4780. if (!TEST_true(create_new_vbase(userid, password)))
  4781. goto end;
  4782. } else {
  4783. if (tst == 4 || tst == 5) {
  4784. if (!TEST_true(create_new_vfile(userid, password, tmpfilename)))
  4785. goto end;
  4786. tstsrpfile = tmpfilename;
  4787. } else {
  4788. tstsrpfile = srpvfile;
  4789. }
  4790. if (!TEST_int_eq(SRP_VBASE_init(vbase, tstsrpfile), SRP_NO_ERROR))
  4791. goto end;
  4792. }
  4793. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  4794. TLS1_VERSION, 0,
  4795. &sctx, &cctx, cert, privkey)))
  4796. goto end;
  4797. if (!TEST_int_gt(SSL_CTX_set_srp_username_callback(sctx, ssl_srp_cb), 0)
  4798. || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA"))
  4799. || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION))
  4800. || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION))
  4801. || !TEST_int_gt(SSL_CTX_set_srp_username(cctx, userid), 0))
  4802. goto end;
  4803. if (tst % 2 == 1) {
  4804. if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, "badpass"), 0))
  4805. goto end;
  4806. } else {
  4807. if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, password), 0))
  4808. goto end;
  4809. }
  4810. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  4811. NULL, NULL)))
  4812. goto end;
  4813. ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
  4814. if (ret) {
  4815. if (!TEST_true(tst % 2 == 0))
  4816. goto end;
  4817. } else {
  4818. if (!TEST_true(tst % 2 == 1))
  4819. goto end;
  4820. }
  4821. testresult = 1;
  4822. end:
  4823. SRP_VBASE_free(vbase);
  4824. vbase = NULL;
  4825. SSL_free(serverssl);
  4826. SSL_free(clientssl);
  4827. SSL_CTX_free(sctx);
  4828. SSL_CTX_free(cctx);
  4829. return testresult;
  4830. }
  4831. #endif
  4832. static int info_cb_failed = 0;
  4833. static int info_cb_offset = 0;
  4834. static int info_cb_this_state = -1;
  4835. static struct info_cb_states_st {
  4836. int where;
  4837. const char *statestr;
  4838. } info_cb_states[][60] = {
  4839. {
  4840. /* TLSv1.2 server followed by resumption */
  4841. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
  4842. {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
  4843. {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"},
  4844. {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"},
  4845. {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"},
  4846. {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
  4847. {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
  4848. {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
  4849. {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
  4850. {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
  4851. {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"},
  4852. {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
  4853. {SSL_CB_EXIT, NULL}, {0, NULL},
  4854. }, {
  4855. /* TLSv1.2 client followed by resumption */
  4856. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
  4857. {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
  4858. {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"},
  4859. {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"},
  4860. {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"},
  4861. {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
  4862. {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
  4863. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
  4864. {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
  4865. {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
  4866. {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
  4867. {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
  4868. }, {
  4869. /* TLSv1.3 server followed by resumption */
  4870. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
  4871. {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
  4872. {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"},
  4873. {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
  4874. {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
  4875. {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
  4876. {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
  4877. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
  4878. {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
  4879. {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
  4880. {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
  4881. {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
  4882. {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
  4883. }, {
  4884. /* TLSv1.3 client followed by resumption */
  4885. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
  4886. {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
  4887. {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"},
  4888. {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
  4889. {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
  4890. {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
  4891. {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "},
  4892. {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
  4893. {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
  4894. {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
  4895. {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
  4896. {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
  4897. {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
  4898. {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
  4899. {SSL_CB_EXIT, NULL}, {0, NULL},
  4900. }, {
  4901. /* TLSv1.3 server, early_data */
  4902. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
  4903. {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
  4904. {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
  4905. {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
  4906. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
  4907. {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"},
  4908. {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
  4909. {SSL_CB_EXIT, NULL}, {0, NULL},
  4910. }, {
  4911. /* TLSv1.3 client, early_data */
  4912. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
  4913. {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"},
  4914. {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
  4915. {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
  4916. {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
  4917. {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"},
  4918. {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
  4919. {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
  4920. {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
  4921. }, {
  4922. {0, NULL},
  4923. }
  4924. };
  4925. static void sslapi_info_callback(const SSL *s, int where, int ret)
  4926. {
  4927. struct info_cb_states_st *state = info_cb_states[info_cb_offset];
  4928. /* We do not ever expect a connection to fail in this test */
  4929. if (!TEST_false(ret == 0)) {
  4930. info_cb_failed = 1;
  4931. return;
  4932. }
  4933. /*
  4934. * Do some sanity checks. We never expect these things to happen in this
  4935. * test
  4936. */
  4937. if (!TEST_false((SSL_is_server(s) && (where & SSL_ST_CONNECT) != 0))
  4938. || !TEST_false(!SSL_is_server(s) && (where & SSL_ST_ACCEPT) != 0)
  4939. || !TEST_int_ne(state[++info_cb_this_state].where, 0)) {
  4940. info_cb_failed = 1;
  4941. return;
  4942. }
  4943. /* Now check we're in the right state */
  4944. if (!TEST_true((where & state[info_cb_this_state].where) != 0)) {
  4945. info_cb_failed = 1;
  4946. return;
  4947. }
  4948. if ((where & SSL_CB_LOOP) != 0
  4949. && !TEST_int_eq(strcmp(SSL_state_string(s),
  4950. state[info_cb_this_state].statestr), 0)) {
  4951. info_cb_failed = 1;
  4952. return;
  4953. }
  4954. /*
  4955. * Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init
  4956. */
  4957. if ((where & SSL_CB_HANDSHAKE_DONE)
  4958. && SSL_in_init((SSL *)s) != 0) {
  4959. info_cb_failed = 1;
  4960. return;
  4961. }
  4962. }
  4963. /*
  4964. * Test the info callback gets called when we expect it to.
  4965. *
  4966. * Test 0: TLSv1.2, server
  4967. * Test 1: TLSv1.2, client
  4968. * Test 2: TLSv1.3, server
  4969. * Test 3: TLSv1.3, client
  4970. * Test 4: TLSv1.3, server, early_data
  4971. * Test 5: TLSv1.3, client, early_data
  4972. */
  4973. static int test_info_callback(int tst)
  4974. {
  4975. SSL_CTX *cctx = NULL, *sctx = NULL;
  4976. SSL *clientssl = NULL, *serverssl = NULL;
  4977. SSL_SESSION *clntsess = NULL;
  4978. int testresult = 0;
  4979. int tlsvers;
  4980. if (tst < 2) {
  4981. /* We need either ECDHE or DHE for the TLSv1.2 test to work */
  4982. #if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \
  4983. || !defined(OPENSSL_NO_DH))
  4984. tlsvers = TLS1_2_VERSION;
  4985. #else
  4986. return 1;
  4987. #endif
  4988. } else {
  4989. #ifndef OPENSSL_NO_TLS1_3
  4990. tlsvers = TLS1_3_VERSION;
  4991. #else
  4992. return 1;
  4993. #endif
  4994. }
  4995. /* Reset globals */
  4996. info_cb_failed = 0;
  4997. info_cb_this_state = -1;
  4998. info_cb_offset = tst;
  4999. #ifndef OPENSSL_NO_TLS1_3
  5000. if (tst >= 4) {
  5001. SSL_SESSION *sess = NULL;
  5002. size_t written, readbytes;
  5003. unsigned char buf[80];
  5004. /* early_data tests */
  5005. if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
  5006. &serverssl, &sess, 0)))
  5007. goto end;
  5008. /* We don't actually need this reference */
  5009. SSL_SESSION_free(sess);
  5010. SSL_set_info_callback((tst % 2) == 0 ? serverssl : clientssl,
  5011. sslapi_info_callback);
  5012. /* Write and read some early data and then complete the connection */
  5013. if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
  5014. &written))
  5015. || !TEST_size_t_eq(written, strlen(MSG1))
  5016. || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
  5017. sizeof(buf), &readbytes),
  5018. SSL_READ_EARLY_DATA_SUCCESS)
  5019. || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
  5020. || !TEST_int_eq(SSL_get_early_data_status(serverssl),
  5021. SSL_EARLY_DATA_ACCEPTED)
  5022. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5023. SSL_ERROR_NONE))
  5024. || !TEST_false(info_cb_failed))
  5025. goto end;
  5026. testresult = 1;
  5027. goto end;
  5028. }
  5029. #endif
  5030. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  5031. TLS_client_method(),
  5032. tlsvers, tlsvers, &sctx, &cctx, cert,
  5033. privkey)))
  5034. goto end;
  5035. /*
  5036. * For even numbered tests we check the server callbacks. For odd numbers we
  5037. * check the client.
  5038. */
  5039. SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx,
  5040. sslapi_info_callback);
  5041. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
  5042. &clientssl, NULL, NULL))
  5043. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5044. SSL_ERROR_NONE))
  5045. || !TEST_false(info_cb_failed))
  5046. goto end;
  5047. clntsess = SSL_get1_session(clientssl);
  5048. SSL_shutdown(clientssl);
  5049. SSL_shutdown(serverssl);
  5050. SSL_free(serverssl);
  5051. SSL_free(clientssl);
  5052. serverssl = clientssl = NULL;
  5053. /* Now do a resumption */
  5054. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
  5055. NULL))
  5056. || !TEST_true(SSL_set_session(clientssl, clntsess))
  5057. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5058. SSL_ERROR_NONE))
  5059. || !TEST_true(SSL_session_reused(clientssl))
  5060. || !TEST_false(info_cb_failed))
  5061. goto end;
  5062. testresult = 1;
  5063. end:
  5064. SSL_free(serverssl);
  5065. SSL_free(clientssl);
  5066. SSL_SESSION_free(clntsess);
  5067. SSL_CTX_free(sctx);
  5068. SSL_CTX_free(cctx);
  5069. return testresult;
  5070. }
  5071. static int test_ssl_pending(int tst)
  5072. {
  5073. SSL_CTX *cctx = NULL, *sctx = NULL;
  5074. SSL *clientssl = NULL, *serverssl = NULL;
  5075. int testresult = 0;
  5076. char msg[] = "A test message";
  5077. char buf[5];
  5078. size_t written, readbytes;
  5079. if (tst == 0) {
  5080. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  5081. TLS_client_method(),
  5082. TLS1_VERSION, 0,
  5083. &sctx, &cctx, cert, privkey)))
  5084. goto end;
  5085. } else {
  5086. #ifndef OPENSSL_NO_DTLS
  5087. if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
  5088. DTLS_client_method(),
  5089. DTLS1_VERSION, 0,
  5090. &sctx, &cctx, cert, privkey)))
  5091. goto end;
  5092. #else
  5093. return 1;
  5094. #endif
  5095. }
  5096. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  5097. NULL, NULL))
  5098. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5099. SSL_ERROR_NONE)))
  5100. goto end;
  5101. if (!TEST_int_eq(SSL_pending(clientssl), 0)
  5102. || !TEST_false(SSL_has_pending(clientssl))
  5103. || !TEST_int_eq(SSL_pending(serverssl), 0)
  5104. || !TEST_false(SSL_has_pending(serverssl))
  5105. || !TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
  5106. || !TEST_size_t_eq(written, sizeof(msg))
  5107. || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
  5108. || !TEST_size_t_eq(readbytes, sizeof(buf))
  5109. || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes))
  5110. || !TEST_true(SSL_has_pending(clientssl)))
  5111. goto end;
  5112. testresult = 1;
  5113. end:
  5114. SSL_free(serverssl);
  5115. SSL_free(clientssl);
  5116. SSL_CTX_free(sctx);
  5117. SSL_CTX_free(cctx);
  5118. return testresult;
  5119. }
  5120. static struct {
  5121. unsigned int maxprot;
  5122. const char *clntciphers;
  5123. const char *clnttls13ciphers;
  5124. const char *srvrciphers;
  5125. const char *srvrtls13ciphers;
  5126. const char *shared;
  5127. } shared_ciphers_data[] = {
  5128. /*
  5129. * We can't establish a connection (even in TLSv1.1) with these ciphersuites if
  5130. * TLSv1.3 is enabled but TLSv1.2 is disabled.
  5131. */
  5132. #if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
  5133. {
  5134. TLS1_2_VERSION,
  5135. "AES128-SHA:AES256-SHA",
  5136. NULL,
  5137. "AES256-SHA:DHE-RSA-AES128-SHA",
  5138. NULL,
  5139. "AES256-SHA"
  5140. },
  5141. {
  5142. TLS1_2_VERSION,
  5143. "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA",
  5144. NULL,
  5145. "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA",
  5146. NULL,
  5147. "AES128-SHA:AES256-SHA"
  5148. },
  5149. {
  5150. TLS1_2_VERSION,
  5151. "AES128-SHA:AES256-SHA",
  5152. NULL,
  5153. "AES128-SHA:DHE-RSA-AES128-SHA",
  5154. NULL,
  5155. "AES128-SHA"
  5156. },
  5157. #endif
  5158. /*
  5159. * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
  5160. * enabled.
  5161. */
  5162. #if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \
  5163. && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  5164. {
  5165. TLS1_3_VERSION,
  5166. "AES128-SHA:AES256-SHA",
  5167. NULL,
  5168. "AES256-SHA:AES128-SHA256",
  5169. NULL,
  5170. "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
  5171. "TLS_AES_128_GCM_SHA256:AES256-SHA"
  5172. },
  5173. #endif
  5174. #ifndef OPENSSL_NO_TLS1_3
  5175. {
  5176. TLS1_3_VERSION,
  5177. "AES128-SHA",
  5178. "TLS_AES_256_GCM_SHA384",
  5179. "AES256-SHA",
  5180. "TLS_AES_256_GCM_SHA384",
  5181. "TLS_AES_256_GCM_SHA384"
  5182. },
  5183. #endif
  5184. };
  5185. static int test_ssl_get_shared_ciphers(int tst)
  5186. {
  5187. SSL_CTX *cctx = NULL, *sctx = NULL;
  5188. SSL *clientssl = NULL, *serverssl = NULL;
  5189. int testresult = 0;
  5190. char buf[1024];
  5191. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  5192. TLS_client_method(),
  5193. TLS1_VERSION,
  5194. shared_ciphers_data[tst].maxprot,
  5195. &sctx, &cctx, cert, privkey)))
  5196. goto end;
  5197. if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
  5198. shared_ciphers_data[tst].clntciphers))
  5199. || (shared_ciphers_data[tst].clnttls13ciphers != NULL
  5200. && !TEST_true(SSL_CTX_set_ciphersuites(cctx,
  5201. shared_ciphers_data[tst].clnttls13ciphers)))
  5202. || !TEST_true(SSL_CTX_set_cipher_list(sctx,
  5203. shared_ciphers_data[tst].srvrciphers))
  5204. || (shared_ciphers_data[tst].srvrtls13ciphers != NULL
  5205. && !TEST_true(SSL_CTX_set_ciphersuites(sctx,
  5206. shared_ciphers_data[tst].srvrtls13ciphers))))
  5207. goto end;
  5208. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  5209. NULL, NULL))
  5210. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5211. SSL_ERROR_NONE)))
  5212. goto end;
  5213. if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
  5214. || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) {
  5215. TEST_info("Shared ciphers are: %s\n", buf);
  5216. goto end;
  5217. }
  5218. testresult = 1;
  5219. end:
  5220. SSL_free(serverssl);
  5221. SSL_free(clientssl);
  5222. SSL_CTX_free(sctx);
  5223. SSL_CTX_free(cctx);
  5224. return testresult;
  5225. }
  5226. static const char *appdata = "Hello World";
  5227. static int gen_tick_called, dec_tick_called, tick_key_cb_called;
  5228. static int tick_key_renew = 0;
  5229. static SSL_TICKET_RETURN tick_dec_ret = SSL_TICKET_RETURN_ABORT;
  5230. static int gen_tick_cb(SSL *s, void *arg)
  5231. {
  5232. gen_tick_called = 1;
  5233. return SSL_SESSION_set1_ticket_appdata(SSL_get_session(s), appdata,
  5234. strlen(appdata));
  5235. }
  5236. static SSL_TICKET_RETURN dec_tick_cb(SSL *s, SSL_SESSION *ss,
  5237. const unsigned char *keyname,
  5238. size_t keyname_length,
  5239. SSL_TICKET_STATUS status,
  5240. void *arg)
  5241. {
  5242. void *tickdata;
  5243. size_t tickdlen;
  5244. dec_tick_called = 1;
  5245. if (status == SSL_TICKET_EMPTY)
  5246. return SSL_TICKET_RETURN_IGNORE_RENEW;
  5247. if (!TEST_true(status == SSL_TICKET_SUCCESS
  5248. || status == SSL_TICKET_SUCCESS_RENEW))
  5249. return SSL_TICKET_RETURN_ABORT;
  5250. if (!TEST_true(SSL_SESSION_get0_ticket_appdata(ss, &tickdata,
  5251. &tickdlen))
  5252. || !TEST_size_t_eq(tickdlen, strlen(appdata))
  5253. || !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0))
  5254. return SSL_TICKET_RETURN_ABORT;
  5255. if (tick_key_cb_called) {
  5256. /* Don't change what the ticket key callback wanted to do */
  5257. switch (status) {
  5258. case SSL_TICKET_NO_DECRYPT:
  5259. return SSL_TICKET_RETURN_IGNORE_RENEW;
  5260. case SSL_TICKET_SUCCESS:
  5261. return SSL_TICKET_RETURN_USE;
  5262. case SSL_TICKET_SUCCESS_RENEW:
  5263. return SSL_TICKET_RETURN_USE_RENEW;
  5264. default:
  5265. return SSL_TICKET_RETURN_ABORT;
  5266. }
  5267. }
  5268. return tick_dec_ret;
  5269. }
  5270. static int tick_key_cb(SSL *s, unsigned char key_name[16],
  5271. unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx,
  5272. HMAC_CTX *hctx, int enc)
  5273. {
  5274. const unsigned char tick_aes_key[16] = "0123456789abcdef";
  5275. const unsigned char tick_hmac_key[16] = "0123456789abcdef";
  5276. tick_key_cb_called = 1;
  5277. memset(iv, 0, AES_BLOCK_SIZE);
  5278. memset(key_name, 0, 16);
  5279. if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc)
  5280. || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key),
  5281. EVP_sha256(), NULL))
  5282. return -1;
  5283. return tick_key_renew ? 2 : 1;
  5284. }
  5285. /*
  5286. * Test the various ticket callbacks
  5287. * Test 0: TLSv1.2, no ticket key callback, no ticket, no renewal
  5288. * Test 1: TLSv1.3, no ticket key callback, no ticket, no renewal
  5289. * Test 2: TLSv1.2, no ticket key callback, no ticket, renewal
  5290. * Test 3: TLSv1.3, no ticket key callback, no ticket, renewal
  5291. * Test 4: TLSv1.2, no ticket key callback, ticket, no renewal
  5292. * Test 5: TLSv1.3, no ticket key callback, ticket, no renewal
  5293. * Test 6: TLSv1.2, no ticket key callback, ticket, renewal
  5294. * Test 7: TLSv1.3, no ticket key callback, ticket, renewal
  5295. * Test 8: TLSv1.2, ticket key callback, ticket, no renewal
  5296. * Test 9: TLSv1.3, ticket key callback, ticket, no renewal
  5297. * Test 10: TLSv1.2, ticket key callback, ticket, renewal
  5298. * Test 11: TLSv1.3, ticket key callback, ticket, renewal
  5299. */
  5300. static int test_ticket_callbacks(int tst)
  5301. {
  5302. SSL_CTX *cctx = NULL, *sctx = NULL;
  5303. SSL *clientssl = NULL, *serverssl = NULL;
  5304. SSL_SESSION *clntsess = NULL;
  5305. int testresult = 0;
  5306. #ifdef OPENSSL_NO_TLS1_2
  5307. if (tst % 2 == 0)
  5308. return 1;
  5309. #endif
  5310. #ifdef OPENSSL_NO_TLS1_3
  5311. if (tst % 2 == 1)
  5312. return 1;
  5313. #endif
  5314. gen_tick_called = dec_tick_called = tick_key_cb_called = 0;
  5315. /* Which tests the ticket key callback should request renewal for */
  5316. if (tst == 10 || tst == 11)
  5317. tick_key_renew = 1;
  5318. else
  5319. tick_key_renew = 0;
  5320. /* Which tests the decrypt ticket callback should request renewal for */
  5321. switch (tst) {
  5322. case 0:
  5323. case 1:
  5324. tick_dec_ret = SSL_TICKET_RETURN_IGNORE;
  5325. break;
  5326. case 2:
  5327. case 3:
  5328. tick_dec_ret = SSL_TICKET_RETURN_IGNORE_RENEW;
  5329. break;
  5330. case 4:
  5331. case 5:
  5332. tick_dec_ret = SSL_TICKET_RETURN_USE;
  5333. break;
  5334. case 6:
  5335. case 7:
  5336. tick_dec_ret = SSL_TICKET_RETURN_USE_RENEW;
  5337. break;
  5338. default:
  5339. tick_dec_ret = SSL_TICKET_RETURN_ABORT;
  5340. }
  5341. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  5342. TLS_client_method(),
  5343. TLS1_VERSION,
  5344. ((tst % 2) == 0) ? TLS1_2_VERSION
  5345. : TLS1_3_VERSION,
  5346. &sctx, &cctx, cert, privkey)))
  5347. goto end;
  5348. /*
  5349. * We only want sessions to resume from tickets - not the session cache. So
  5350. * switch the cache off.
  5351. */
  5352. if (!TEST_true(SSL_CTX_set_session_cache_mode(sctx, SSL_SESS_CACHE_OFF)))
  5353. goto end;
  5354. if (!TEST_true(SSL_CTX_set_session_ticket_cb(sctx, gen_tick_cb, dec_tick_cb,
  5355. NULL)))
  5356. goto end;
  5357. if (tst >= 8
  5358. && !TEST_true(SSL_CTX_set_tlsext_ticket_key_cb(sctx, tick_key_cb)))
  5359. goto end;
  5360. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  5361. NULL, NULL))
  5362. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5363. SSL_ERROR_NONE)))
  5364. goto end;
  5365. /*
  5366. * The decrypt ticket key callback in TLSv1.2 should be called even though
  5367. * we have no ticket yet, because it gets called with a status of
  5368. * SSL_TICKET_EMPTY (the client indicates support for tickets but does not
  5369. * actually send any ticket data). This does not happen in TLSv1.3 because
  5370. * it is not valid to send empty ticket data in TLSv1.3.
  5371. */
  5372. if (!TEST_int_eq(gen_tick_called, 1)
  5373. || !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0))
  5374. goto end;
  5375. gen_tick_called = dec_tick_called = 0;
  5376. clntsess = SSL_get1_session(clientssl);
  5377. SSL_shutdown(clientssl);
  5378. SSL_shutdown(serverssl);
  5379. SSL_free(serverssl);
  5380. SSL_free(clientssl);
  5381. serverssl = clientssl = NULL;
  5382. /* Now do a resumption */
  5383. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
  5384. NULL))
  5385. || !TEST_true(SSL_set_session(clientssl, clntsess))
  5386. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5387. SSL_ERROR_NONE)))
  5388. goto end;
  5389. if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE
  5390. || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) {
  5391. if (!TEST_false(SSL_session_reused(clientssl)))
  5392. goto end;
  5393. } else {
  5394. if (!TEST_true(SSL_session_reused(clientssl)))
  5395. goto end;
  5396. }
  5397. if (!TEST_int_eq(gen_tick_called,
  5398. (tick_key_renew
  5399. || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
  5400. || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW)
  5401. ? 1 : 0)
  5402. || !TEST_int_eq(dec_tick_called, 1))
  5403. goto end;
  5404. testresult = 1;
  5405. end:
  5406. SSL_SESSION_free(clntsess);
  5407. SSL_free(serverssl);
  5408. SSL_free(clientssl);
  5409. SSL_CTX_free(sctx);
  5410. SSL_CTX_free(cctx);
  5411. return testresult;
  5412. }
  5413. /*
  5414. * Test bi-directional shutdown.
  5415. * Test 0: TLSv1.2
  5416. * Test 1: TLSv1.2, server continues to read/write after client shutdown
  5417. * Test 2: TLSv1.3, no pending NewSessionTicket messages
  5418. * Test 3: TLSv1.3, pending NewSessionTicket messages
  5419. * Test 4: TLSv1.3, server continues to read/write after client shutdown, server
  5420. * sends key update, client reads it
  5421. * Test 5: TLSv1.3, server continues to read/write after client shutdown, server
  5422. * sends CertificateRequest, client reads and ignores it
  5423. * Test 6: TLSv1.3, server continues to read/write after client shutdown, client
  5424. * doesn't read it
  5425. */
  5426. static int test_shutdown(int tst)
  5427. {
  5428. SSL_CTX *cctx = NULL, *sctx = NULL;
  5429. SSL *clientssl = NULL, *serverssl = NULL;
  5430. int testresult = 0;
  5431. char msg[] = "A test message";
  5432. char buf[80];
  5433. size_t written, readbytes;
  5434. SSL_SESSION *sess;
  5435. #ifdef OPENSSL_NO_TLS1_2
  5436. if (tst <= 1)
  5437. return 1;
  5438. #endif
  5439. #ifdef OPENSSL_NO_TLS1_3
  5440. if (tst >= 2)
  5441. return 1;
  5442. #endif
  5443. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  5444. TLS_client_method(),
  5445. TLS1_VERSION,
  5446. (tst <= 1) ? TLS1_2_VERSION
  5447. : TLS1_3_VERSION,
  5448. &sctx, &cctx, cert, privkey)))
  5449. goto end;
  5450. if (tst == 5)
  5451. SSL_CTX_set_post_handshake_auth(cctx, 1);
  5452. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  5453. NULL, NULL)))
  5454. goto end;
  5455. if (tst == 3) {
  5456. if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
  5457. SSL_ERROR_NONE, 1))
  5458. || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
  5459. || !TEST_false(SSL_SESSION_is_resumable(sess)))
  5460. goto end;
  5461. } else if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  5462. SSL_ERROR_NONE))
  5463. || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
  5464. || !TEST_true(SSL_SESSION_is_resumable(sess))) {
  5465. goto end;
  5466. }
  5467. if (!TEST_int_eq(SSL_shutdown(clientssl), 0))
  5468. goto end;
  5469. if (tst >= 4) {
  5470. /*
  5471. * Reading on the server after the client has sent close_notify should
  5472. * fail and provide SSL_ERROR_ZERO_RETURN
  5473. */
  5474. if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
  5475. || !TEST_int_eq(SSL_get_error(serverssl, 0),
  5476. SSL_ERROR_ZERO_RETURN)
  5477. || !TEST_int_eq(SSL_get_shutdown(serverssl),
  5478. SSL_RECEIVED_SHUTDOWN)
  5479. /*
  5480. * Even though we're shutdown on receive we should still be
  5481. * able to write.
  5482. */
  5483. || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
  5484. goto end;
  5485. if (tst == 4
  5486. && !TEST_true(SSL_key_update(serverssl,
  5487. SSL_KEY_UPDATE_REQUESTED)))
  5488. goto end;
  5489. if (tst == 5) {
  5490. SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
  5491. if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
  5492. goto end;
  5493. }
  5494. if ((tst == 4 || tst == 5)
  5495. && !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
  5496. goto end;
  5497. if (!TEST_int_eq(SSL_shutdown(serverssl), 1))
  5498. goto end;
  5499. if (tst == 4 || tst == 5) {
  5500. /* Should still be able to read data from server */
  5501. if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
  5502. &readbytes))
  5503. || !TEST_size_t_eq(readbytes, sizeof(msg))
  5504. || !TEST_int_eq(memcmp(msg, buf, readbytes), 0)
  5505. || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
  5506. &readbytes))
  5507. || !TEST_size_t_eq(readbytes, sizeof(msg))
  5508. || !TEST_int_eq(memcmp(msg, buf, readbytes), 0))
  5509. goto end;
  5510. }
  5511. }
  5512. /* Writing on the client after sending close_notify shouldn't be possible */
  5513. if (!TEST_false(SSL_write_ex(clientssl, msg, sizeof(msg), &written)))
  5514. goto end;
  5515. if (tst < 4) {
  5516. /*
  5517. * For these tests the client has sent close_notify but it has not yet
  5518. * been received by the server. The server has not sent close_notify
  5519. * yet.
  5520. */
  5521. if (!TEST_int_eq(SSL_shutdown(serverssl), 0)
  5522. /*
  5523. * Writing on the server after sending close_notify shouldn't
  5524. * be possible.
  5525. */
  5526. || !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
  5527. || !TEST_int_eq(SSL_shutdown(clientssl), 1)
  5528. || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
  5529. || !TEST_true(SSL_SESSION_is_resumable(sess))
  5530. || !TEST_int_eq(SSL_shutdown(serverssl), 1))
  5531. goto end;
  5532. } else if (tst == 4 || tst == 5) {
  5533. /*
  5534. * In this test the client has sent close_notify and it has been
  5535. * received by the server which has responded with a close_notify. The
  5536. * client needs to read the close_notify sent by the server.
  5537. */
  5538. if (!TEST_int_eq(SSL_shutdown(clientssl), 1)
  5539. || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
  5540. || !TEST_true(SSL_SESSION_is_resumable(sess)))
  5541. goto end;
  5542. } else {
  5543. /*
  5544. * tst == 6
  5545. *
  5546. * The client has sent close_notify and is expecting a close_notify
  5547. * back, but instead there is application data first. The shutdown
  5548. * should fail with a fatal error.
  5549. */
  5550. if (!TEST_int_eq(SSL_shutdown(clientssl), -1)
  5551. || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL))
  5552. goto end;
  5553. }
  5554. testresult = 1;
  5555. end:
  5556. SSL_free(serverssl);
  5557. SSL_free(clientssl);
  5558. SSL_CTX_free(sctx);
  5559. SSL_CTX_free(cctx);
  5560. return testresult;
  5561. }
  5562. #if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
  5563. static int cert_cb_cnt;
  5564. static int cert_cb(SSL *s, void *arg)
  5565. {
  5566. SSL_CTX *ctx = (SSL_CTX *)arg;
  5567. BIO *in = NULL;
  5568. EVP_PKEY *pkey = NULL;
  5569. X509 *x509 = NULL, *rootx = NULL;
  5570. STACK_OF(X509) *chain = NULL;
  5571. char *rootfile = NULL, *ecdsacert = NULL, *ecdsakey = NULL;
  5572. int ret = 0;
  5573. if (cert_cb_cnt == 0) {
  5574. /* Suspend the handshake */
  5575. cert_cb_cnt++;
  5576. return -1;
  5577. } else if (cert_cb_cnt == 1) {
  5578. /*
  5579. * Update the SSL_CTX, set the certificate and private key and then
  5580. * continue the handshake normally.
  5581. */
  5582. if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx)))
  5583. return 0;
  5584. if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM))
  5585. || !TEST_true(SSL_use_PrivateKey_file(s, privkey,
  5586. SSL_FILETYPE_PEM))
  5587. || !TEST_true(SSL_check_private_key(s)))
  5588. return 0;
  5589. cert_cb_cnt++;
  5590. return 1;
  5591. } else if (cert_cb_cnt == 3) {
  5592. int rv;
  5593. rootfile = test_mk_file_path(certsdir, "rootcert.pem");
  5594. ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem");
  5595. ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem");
  5596. if (!TEST_ptr(rootfile) || !TEST_ptr(ecdsacert) || !TEST_ptr(ecdsakey))
  5597. goto out;
  5598. chain = sk_X509_new_null();
  5599. if (!TEST_ptr(chain))
  5600. goto out;
  5601. if (!TEST_ptr(in = BIO_new(BIO_s_file()))
  5602. || !TEST_int_ge(BIO_read_filename(in, rootfile), 0)
  5603. || !TEST_ptr(rootx = PEM_read_bio_X509(in, NULL, NULL, NULL))
  5604. || !TEST_true(sk_X509_push(chain, rootx)))
  5605. goto out;
  5606. rootx = NULL;
  5607. BIO_free(in);
  5608. if (!TEST_ptr(in = BIO_new(BIO_s_file()))
  5609. || !TEST_int_ge(BIO_read_filename(in, ecdsacert), 0)
  5610. || !TEST_ptr(x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
  5611. goto out;
  5612. BIO_free(in);
  5613. if (!TEST_ptr(in = BIO_new(BIO_s_file()))
  5614. || !TEST_int_ge(BIO_read_filename(in, ecdsakey), 0)
  5615. || !TEST_ptr(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL)))
  5616. goto out;
  5617. rv = SSL_check_chain(s, x509, pkey, chain);
  5618. /*
  5619. * If the cert doesn't show as valid here (e.g., because we don't
  5620. * have any shared sigalgs), then we will not set it, and there will
  5621. * be no certificate at all on the SSL or SSL_CTX. This, in turn,
  5622. * will cause tls_choose_sigalgs() to fail the connection.
  5623. */
  5624. if ((rv & (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE))
  5625. == (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) {
  5626. if (!SSL_use_cert_and_key(s, x509, pkey, NULL, 1))
  5627. goto out;
  5628. }
  5629. ret = 1;
  5630. }
  5631. /* Abort the handshake */
  5632. out:
  5633. OPENSSL_free(ecdsacert);
  5634. OPENSSL_free(ecdsakey);
  5635. OPENSSL_free(rootfile);
  5636. BIO_free(in);
  5637. EVP_PKEY_free(pkey);
  5638. X509_free(x509);
  5639. X509_free(rootx);
  5640. sk_X509_pop_free(chain, X509_free);
  5641. return ret;
  5642. }
  5643. /*
  5644. * Test the certificate callback.
  5645. * Test 0: Callback fails
  5646. * Test 1: Success - no SSL_set_SSL_CTX() in the callback
  5647. * Test 2: Success - SSL_set_SSL_CTX() in the callback
  5648. * Test 3: Success - Call SSL_check_chain from the callback
  5649. * Test 4: Failure - SSL_check_chain fails from callback due to bad cert in the
  5650. * chain
  5651. * Test 5: Failure - SSL_check_chain fails from callback due to bad ee cert
  5652. */
  5653. static int test_cert_cb_int(int prot, int tst)
  5654. {
  5655. SSL_CTX *cctx = NULL, *sctx = NULL, *snictx = NULL;
  5656. SSL *clientssl = NULL, *serverssl = NULL;
  5657. int testresult = 0, ret;
  5658. #ifdef OPENSSL_NO_EC
  5659. /* We use an EC cert in these tests, so we skip in a no-ec build */
  5660. if (tst >= 3)
  5661. return 1;
  5662. #endif
  5663. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  5664. TLS_client_method(),
  5665. TLS1_VERSION,
  5666. prot,
  5667. &sctx, &cctx, NULL, NULL)))
  5668. goto end;
  5669. if (tst == 0)
  5670. cert_cb_cnt = -1;
  5671. else if (tst >= 3)
  5672. cert_cb_cnt = 3;
  5673. else
  5674. cert_cb_cnt = 0;
  5675. if (tst == 2)
  5676. snictx = SSL_CTX_new(TLS_server_method());
  5677. SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
  5678. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  5679. NULL, NULL)))
  5680. goto end;
  5681. if (tst == 4) {
  5682. /*
  5683. * We cause SSL_check_chain() to fail by specifying sig_algs that
  5684. * the chain doesn't meet (the root uses an RSA cert)
  5685. */
  5686. if (!TEST_true(SSL_set1_sigalgs_list(clientssl,
  5687. "ecdsa_secp256r1_sha256")))
  5688. goto end;
  5689. } else if (tst == 5) {
  5690. /*
  5691. * We cause SSL_check_chain() to fail by specifying sig_algs that
  5692. * the ee cert doesn't meet (the ee uses an ECDSA cert)
  5693. */
  5694. if (!TEST_true(SSL_set1_sigalgs_list(clientssl,
  5695. "rsa_pss_rsae_sha256:rsa_pkcs1_sha256")))
  5696. goto end;
  5697. }
  5698. ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
  5699. if (!TEST_true(tst == 0 || tst == 4 || tst == 5 ? !ret : ret)
  5700. || (tst > 0
  5701. && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) {
  5702. goto end;
  5703. }
  5704. testresult = 1;
  5705. end:
  5706. SSL_free(serverssl);
  5707. SSL_free(clientssl);
  5708. SSL_CTX_free(sctx);
  5709. SSL_CTX_free(cctx);
  5710. SSL_CTX_free(snictx);
  5711. return testresult;
  5712. }
  5713. #endif
  5714. static int test_cert_cb(int tst)
  5715. {
  5716. int testresult = 1;
  5717. #ifndef OPENSSL_NO_TLS1_2
  5718. testresult &= test_cert_cb_int(TLS1_2_VERSION, tst);
  5719. #endif
  5720. #ifndef OPENSSL_NO_TLS1_3
  5721. testresult &= test_cert_cb_int(TLS1_3_VERSION, tst);
  5722. #endif
  5723. return testresult;
  5724. }
  5725. static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
  5726. {
  5727. X509 *xcert, *peer;
  5728. EVP_PKEY *privpkey;
  5729. BIO *in = NULL;
  5730. /* Check that SSL_get_peer_certificate() returns something sensible */
  5731. peer = SSL_get_peer_certificate(ssl);
  5732. if (!TEST_ptr(peer))
  5733. return 0;
  5734. X509_free(peer);
  5735. in = BIO_new_file(cert, "r");
  5736. if (!TEST_ptr(in))
  5737. return 0;
  5738. xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
  5739. BIO_free(in);
  5740. if (!TEST_ptr(xcert))
  5741. return 0;
  5742. in = BIO_new_file(privkey, "r");
  5743. if (!TEST_ptr(in)) {
  5744. X509_free(xcert);
  5745. return 0;
  5746. }
  5747. privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
  5748. BIO_free(in);
  5749. if (!TEST_ptr(privpkey)) {
  5750. X509_free(xcert);
  5751. return 0;
  5752. }
  5753. *x509 = xcert;
  5754. *pkey = privpkey;
  5755. return 1;
  5756. }
  5757. static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
  5758. {
  5759. return 1;
  5760. }
  5761. static int test_client_cert_cb(int tst)
  5762. {
  5763. SSL_CTX *cctx = NULL, *sctx = NULL;
  5764. SSL *clientssl = NULL, *serverssl = NULL;
  5765. int testresult = 0;
  5766. #ifdef OPENSSL_NO_TLS1_2
  5767. if (tst == 0)
  5768. return 1;
  5769. #endif
  5770. #ifdef OPENSSL_NO_TLS1_3
  5771. if (tst == 1)
  5772. return 1;
  5773. #endif
  5774. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  5775. TLS_client_method(),
  5776. TLS1_VERSION,
  5777. tst == 0 ? TLS1_2_VERSION
  5778. : TLS1_3_VERSION,
  5779. &sctx, &cctx, cert, privkey)))
  5780. goto end;
  5781. /*
  5782. * Test that setting a client_cert_cb results in a client certificate being
  5783. * sent.
  5784. */
  5785. SSL_CTX_set_client_cert_cb(cctx, client_cert_cb);
  5786. SSL_CTX_set_verify(sctx,
  5787. SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
  5788. verify_cb);
  5789. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  5790. NULL, NULL))
  5791. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5792. SSL_ERROR_NONE)))
  5793. goto end;
  5794. testresult = 1;
  5795. end:
  5796. SSL_free(serverssl);
  5797. SSL_free(clientssl);
  5798. SSL_CTX_free(sctx);
  5799. SSL_CTX_free(cctx);
  5800. return testresult;
  5801. }
  5802. #if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
  5803. /*
  5804. * Test setting certificate authorities on both client and server.
  5805. *
  5806. * Test 0: SSL_CTX_set0_CA_list() only
  5807. * Test 1: Both SSL_CTX_set0_CA_list() and SSL_CTX_set_client_CA_list()
  5808. * Test 2: Only SSL_CTX_set_client_CA_list()
  5809. */
  5810. static int test_ca_names_int(int prot, int tst)
  5811. {
  5812. SSL_CTX *cctx = NULL, *sctx = NULL;
  5813. SSL *clientssl = NULL, *serverssl = NULL;
  5814. int testresult = 0;
  5815. size_t i;
  5816. X509_NAME *name[] = { NULL, NULL, NULL, NULL };
  5817. char *strnames[] = { "Jack", "Jill", "John", "Joanne" };
  5818. STACK_OF(X509_NAME) *sk1 = NULL, *sk2 = NULL;
  5819. const STACK_OF(X509_NAME) *sktmp = NULL;
  5820. for (i = 0; i < OSSL_NELEM(name); i++) {
  5821. name[i] = X509_NAME_new();
  5822. if (!TEST_ptr(name[i])
  5823. || !TEST_true(X509_NAME_add_entry_by_txt(name[i], "CN",
  5824. MBSTRING_ASC,
  5825. (unsigned char *)
  5826. strnames[i],
  5827. -1, -1, 0)))
  5828. goto end;
  5829. }
  5830. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
  5831. TLS_client_method(),
  5832. TLS1_VERSION,
  5833. prot,
  5834. &sctx, &cctx, cert, privkey)))
  5835. goto end;
  5836. SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL);
  5837. if (tst == 0 || tst == 1) {
  5838. if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
  5839. || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[0])))
  5840. || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[1])))
  5841. || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
  5842. || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[0])))
  5843. || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[1]))))
  5844. goto end;
  5845. SSL_CTX_set0_CA_list(sctx, sk1);
  5846. SSL_CTX_set0_CA_list(cctx, sk2);
  5847. sk1 = sk2 = NULL;
  5848. }
  5849. if (tst == 1 || tst == 2) {
  5850. if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
  5851. || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[2])))
  5852. || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[3])))
  5853. || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
  5854. || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[2])))
  5855. || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[3]))))
  5856. goto end;
  5857. SSL_CTX_set_client_CA_list(sctx, sk1);
  5858. SSL_CTX_set_client_CA_list(cctx, sk2);
  5859. sk1 = sk2 = NULL;
  5860. }
  5861. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  5862. NULL, NULL))
  5863. || !TEST_true(create_ssl_connection(serverssl, clientssl,
  5864. SSL_ERROR_NONE)))
  5865. goto end;
  5866. /*
  5867. * We only expect certificate authorities to have been sent to the server
  5868. * if we are using TLSv1.3 and SSL_set0_CA_list() was used
  5869. */
  5870. sktmp = SSL_get0_peer_CA_list(serverssl);
  5871. if (prot == TLS1_3_VERSION
  5872. && (tst == 0 || tst == 1)) {
  5873. if (!TEST_ptr(sktmp)
  5874. || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
  5875. || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
  5876. name[0]), 0)
  5877. || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
  5878. name[1]), 0))
  5879. goto end;
  5880. } else if (!TEST_ptr_null(sktmp)) {
  5881. goto end;
  5882. }
  5883. /*
  5884. * In all tests we expect certificate authorities to have been sent to the
  5885. * client. However, SSL_set_client_CA_list() should override
  5886. * SSL_set0_CA_list()
  5887. */
  5888. sktmp = SSL_get0_peer_CA_list(clientssl);
  5889. if (!TEST_ptr(sktmp)
  5890. || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
  5891. || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
  5892. name[tst == 0 ? 0 : 2]), 0)
  5893. || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
  5894. name[tst == 0 ? 1 : 3]), 0))
  5895. goto end;
  5896. testresult = 1;
  5897. end:
  5898. SSL_free(serverssl);
  5899. SSL_free(clientssl);
  5900. SSL_CTX_free(sctx);
  5901. SSL_CTX_free(cctx);
  5902. for (i = 0; i < OSSL_NELEM(name); i++)
  5903. X509_NAME_free(name[i]);
  5904. sk_X509_NAME_pop_free(sk1, X509_NAME_free);
  5905. sk_X509_NAME_pop_free(sk2, X509_NAME_free);
  5906. return testresult;
  5907. }
  5908. #endif
  5909. static int test_ca_names(int tst)
  5910. {
  5911. int testresult = 1;
  5912. #ifndef OPENSSL_NO_TLS1_2
  5913. testresult &= test_ca_names_int(TLS1_2_VERSION, tst);
  5914. #endif
  5915. #ifndef OPENSSL_NO_TLS1_3
  5916. testresult &= test_ca_names_int(TLS1_3_VERSION, tst);
  5917. #endif
  5918. return testresult;
  5919. }
  5920. OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n")
  5921. int setup_tests(void)
  5922. {
  5923. if (!TEST_ptr(certsdir = test_get_argument(0))
  5924. || !TEST_ptr(srpvfile = test_get_argument(1))
  5925. || !TEST_ptr(tmpfilename = test_get_argument(2)))
  5926. return 0;
  5927. if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
  5928. #ifdef OPENSSL_NO_CRYPTO_MDEBUG
  5929. TEST_error("not supported in this build");
  5930. return 0;
  5931. #else
  5932. int i, mcount, rcount, fcount;
  5933. for (i = 0; i < 4; i++)
  5934. test_export_key_mat(i);
  5935. CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount);
  5936. test_printf_stdout("malloc %d realloc %d free %d\n",
  5937. mcount, rcount, fcount);
  5938. return 1;
  5939. #endif
  5940. }
  5941. cert = test_mk_file_path(certsdir, "servercert.pem");
  5942. if (cert == NULL)
  5943. return 0;
  5944. privkey = test_mk_file_path(certsdir, "serverkey.pem");
  5945. if (privkey == NULL) {
  5946. OPENSSL_free(cert);
  5947. return 0;
  5948. }
  5949. #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
  5950. && !defined(OPENSSL_NO_SOCK)
  5951. ADD_TEST(test_ktls_no_txrx_client_no_txrx_server);
  5952. ADD_TEST(test_ktls_no_rx_client_no_txrx_server);
  5953. ADD_TEST(test_ktls_no_tx_client_no_txrx_server);
  5954. ADD_TEST(test_ktls_client_no_txrx_server);
  5955. ADD_TEST(test_ktls_no_txrx_client_no_rx_server);
  5956. ADD_TEST(test_ktls_no_rx_client_no_rx_server);
  5957. ADD_TEST(test_ktls_no_tx_client_no_rx_server);
  5958. ADD_TEST(test_ktls_client_no_rx_server);
  5959. ADD_TEST(test_ktls_no_txrx_client_no_tx_server);
  5960. ADD_TEST(test_ktls_no_rx_client_no_tx_server);
  5961. ADD_TEST(test_ktls_no_tx_client_no_tx_server);
  5962. ADD_TEST(test_ktls_client_no_tx_server);
  5963. ADD_TEST(test_ktls_no_txrx_client_server);
  5964. ADD_TEST(test_ktls_no_rx_client_server);
  5965. ADD_TEST(test_ktls_no_tx_client_server);
  5966. ADD_TEST(test_ktls_client_server);
  5967. ADD_TEST(test_ktls_sendfile);
  5968. #endif
  5969. ADD_TEST(test_large_message_tls);
  5970. ADD_TEST(test_large_message_tls_read_ahead);
  5971. #ifndef OPENSSL_NO_DTLS
  5972. ADD_TEST(test_large_message_dtls);
  5973. #endif
  5974. #ifndef OPENSSL_NO_OCSP
  5975. ADD_TEST(test_tlsext_status_type);
  5976. #endif
  5977. ADD_TEST(test_session_with_only_int_cache);
  5978. ADD_TEST(test_session_with_only_ext_cache);
  5979. ADD_TEST(test_session_with_both_cache);
  5980. #ifndef OPENSSL_NO_TLS1_3
  5981. ADD_ALL_TESTS(test_stateful_tickets, 3);
  5982. ADD_ALL_TESTS(test_stateless_tickets, 3);
  5983. ADD_TEST(test_psk_tickets);
  5984. #endif
  5985. ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
  5986. ADD_TEST(test_ssl_bio_pop_next_bio);
  5987. ADD_TEST(test_ssl_bio_pop_ssl_bio);
  5988. ADD_TEST(test_ssl_bio_change_rbio);
  5989. ADD_TEST(test_ssl_bio_change_wbio);
  5990. #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
  5991. ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
  5992. ADD_TEST(test_keylog);
  5993. #endif
  5994. #ifndef OPENSSL_NO_TLS1_3
  5995. ADD_TEST(test_keylog_no_master_key);
  5996. #endif
  5997. #ifndef OPENSSL_NO_TLS1_2
  5998. ADD_TEST(test_client_hello_cb);
  5999. ADD_TEST(test_no_ems);
  6000. #endif
  6001. #ifndef OPENSSL_NO_TLS1_3
  6002. ADD_ALL_TESTS(test_early_data_read_write, 3);
  6003. /*
  6004. * We don't do replay tests for external PSK. Replay protection isn't used
  6005. * in that scenario.
  6006. */
  6007. ADD_ALL_TESTS(test_early_data_replay, 2);
  6008. ADD_ALL_TESTS(test_early_data_skip, 3);
  6009. ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
  6010. ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3);
  6011. ADD_ALL_TESTS(test_early_data_skip_abort, 3);
  6012. ADD_ALL_TESTS(test_early_data_not_sent, 3);
  6013. ADD_ALL_TESTS(test_early_data_psk, 8);
  6014. ADD_ALL_TESTS(test_early_data_not_expected, 3);
  6015. # ifndef OPENSSL_NO_TLS1_2
  6016. ADD_ALL_TESTS(test_early_data_tls1_2, 3);
  6017. # endif
  6018. #endif
  6019. #ifndef OPENSSL_NO_TLS1_3
  6020. ADD_ALL_TESTS(test_set_ciphersuite, 10);
  6021. ADD_TEST(test_ciphersuite_change);
  6022. ADD_ALL_TESTS(test_tls13_ciphersuite, 4);
  6023. # ifdef OPENSSL_NO_PSK
  6024. ADD_ALL_TESTS(test_tls13_psk, 1);
  6025. # else
  6026. ADD_ALL_TESTS(test_tls13_psk, 4);
  6027. # endif /* OPENSSL_NO_PSK */
  6028. # ifndef OPENSSL_NO_TLS1_2
  6029. /* Test with both TLSv1.3 and 1.2 versions */
  6030. ADD_ALL_TESTS(test_key_exchange, 14);
  6031. # else
  6032. /* Test with only TLSv1.3 versions */
  6033. ADD_ALL_TESTS(test_key_exchange, 12);
  6034. # endif
  6035. ADD_ALL_TESTS(test_custom_exts, 5);
  6036. ADD_TEST(test_stateless);
  6037. ADD_TEST(test_pha_key_update);
  6038. #else
  6039. ADD_ALL_TESTS(test_custom_exts, 3);
  6040. #endif
  6041. ADD_ALL_TESTS(test_serverinfo, 8);
  6042. ADD_ALL_TESTS(test_export_key_mat, 6);
  6043. #ifndef OPENSSL_NO_TLS1_3
  6044. ADD_ALL_TESTS(test_export_key_mat_early, 3);
  6045. ADD_TEST(test_key_update);
  6046. ADD_ALL_TESTS(test_key_update_in_write, 2);
  6047. #endif
  6048. ADD_ALL_TESTS(test_ssl_clear, 2);
  6049. ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
  6050. #if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
  6051. ADD_ALL_TESTS(test_srp, 6);
  6052. #endif
  6053. ADD_ALL_TESTS(test_info_callback, 6);
  6054. ADD_ALL_TESTS(test_ssl_pending, 2);
  6055. ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
  6056. ADD_ALL_TESTS(test_ticket_callbacks, 12);
  6057. ADD_ALL_TESTS(test_shutdown, 7);
  6058. ADD_ALL_TESTS(test_cert_cb, 6);
  6059. ADD_ALL_TESTS(test_client_cert_cb, 2);
  6060. ADD_ALL_TESTS(test_ca_names, 3);
  6061. return 1;
  6062. }
  6063. void cleanup_tests(void)
  6064. {
  6065. OPENSSL_free(cert);
  6066. OPENSSL_free(privkey);
  6067. bio_s_mempacket_test_free();
  6068. bio_s_always_retry_free();
  6069. }