diff options
-rw-r--r-- | test/sslapitest.c | 123 |
1 files changed, 94 insertions, 29 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 9c67a362b6..585260950a 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -78,7 +78,7 @@ static int find_session_cb(SSL *ssl, const unsigned char *identity, static int use_session_cb_cnt = 0; static int find_session_cb_cnt = 0; -static SSL_SESSION *create_a_psk(SSL *ssl); +static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize); #endif static char *certsdir = NULL; @@ -2673,7 +2673,7 @@ static int test_psk_tickets(void) if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) goto end; - clientpsk = serverpsk = create_a_psk(clientssl); + clientpsk = serverpsk = create_a_psk(clientssl, SHA384_DIGEST_LENGTH); if (!TEST_ptr(clientpsk)) goto end; SSL_SESSION_up_ref(clientpsk); @@ -3367,7 +3367,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, #define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05") -static SSL_SESSION *create_a_psk(SSL *ssl) +static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize) { const SSL_CIPHER *cipher = NULL; const unsigned char key[] = { @@ -3375,16 +3375,26 @@ static SSL_SESSION *create_a_psk(SSL *ssl) 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, - 0x2c, 0x2d, 0x2e, 0x2f + 0x2c, 0x2d, 0x2e, 0x2f /* SHA384_DIGEST_LENGTH bytes */ }; SSL_SESSION *sess = NULL; - cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES); + if (mdsize == SHA384_DIGEST_LENGTH) { + cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES); + } else if (mdsize == SHA256_DIGEST_LENGTH) { + /* + * Any ciphersuite using SHA256 will do - it will be compatible with + * the actual ciphersuite selected as long as it too is based on SHA256 + */ + cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES); + } else { + /* Should not happen */ + return NULL; + } sess = SSL_SESSION_new(); if (!TEST_ptr(sess) || !TEST_ptr(cipher) - || !TEST_true(SSL_SESSION_set1_master_key(sess, key, - sizeof(key))) + || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize)) || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)) || !TEST_true( SSL_SESSION_set_protocol_version(sess, @@ -3423,7 +3433,8 @@ static int ed_gen_cb(SSL *s, void *arg) * error. */ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, - SSL **serverssl, SSL_SESSION **sess, int idx) + SSL **serverssl, SSL_SESSION **sess, int idx, + size_t mdsize) { int artificial = (artificial_ticket_time > 0); @@ -3468,7 +3479,7 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, return 0; if (idx == 2) { - clientpsk = create_a_psk(*clientssl); + clientpsk = create_a_psk(*clientssl, mdsize); if (!TEST_ptr(clientpsk) /* * We just choose an arbitrary value for max_early_data which @@ -3540,7 +3551,8 @@ static int test_early_data_read_write(int idx) if (idx != 2) artificial_ticket_time = 2; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx))) { + &serverssl, &sess, idx, + SHA384_DIGEST_LENGTH))) { artificial_ticket_time = 0; goto end; } @@ -3800,7 +3812,8 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) } if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx))) + &serverssl, &sess, idx, + SHA384_DIGEST_LENGTH))) goto end; /* @@ -3890,6 +3903,16 @@ static int test_early_data_replay(int idx) return ret; } +static const char *ciphersuites[] = { + "TLS_AES_128_CCM_8_SHA256", + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_CCM_SHA256", +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + "TLS_CHACHA20_POLY1305_SHA256" +#endif +}; + /* * Helper function to test that a server attempting to read early data can * handle a connection from a client where the early data should be skipped. @@ -3898,7 +3921,7 @@ static int test_early_data_replay(int idx) * testtype: 2 == HRR, invalid early_data sent after HRR * testtype: 3 == recv_max_early_data set to 0 */ -static int early_data_skip_helper(int testtype, int idx) +static int early_data_skip_helper(int testtype, int cipher, int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -3907,8 +3930,28 @@ static int early_data_skip_helper(int testtype, int idx) unsigned char buf[20]; size_t readbytes, written; + if (is_fips && cipher == 4) + return 1; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + if (cipher == 0) { + SSL_CTX_set_security_level(sctx, 0); + SSL_CTX_set_security_level(cctx, 0); + } + + if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, ciphersuites[cipher])) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, ciphersuites[cipher]))) + goto end; + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx))) + &serverssl, &sess, idx, + cipher == 2 ? SHA384_DIGEST_LENGTH + : SHA256_DIGEST_LENGTH))) goto end; if (testtype == 1 || testtype == 2) { @@ -4018,6 +4061,7 @@ static int early_data_skip_helper(int testtype, int idx) goto end; } + ERR_clear_error(); /* * Should be able to send normal data despite rejection of early data. The * early_data should be skipped. @@ -4030,6 +4074,13 @@ static int early_data_skip_helper(int testtype, int idx) || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; + /* + * Failure to decrypt early data records should not leave spurious errors + * on the error stack + */ + if (!TEST_long_eq(ERR_peek_error(), 0)) + goto end; + testresult = 1; end: @@ -4050,7 +4101,9 @@ static int early_data_skip_helper(int testtype, int idx) */ static int test_early_data_skip(int idx) { - return early_data_skip_helper(0, idx); + return early_data_skip_helper(0, + idx % OSSL_NELEM(ciphersuites), + idx / OSSL_NELEM(ciphersuites)); } /* @@ -4059,7 +4112,9 @@ static int test_early_data_skip(int idx) */ static int test_early_data_skip_hrr(int idx) { - return early_data_skip_helper(1, idx); + return early_data_skip_helper(1, + idx % OSSL_NELEM(ciphersuites), + idx / OSSL_NELEM(ciphersuites)); } /* @@ -4069,7 +4124,9 @@ static int test_early_data_skip_hrr(int idx) */ static int test_early_data_skip_hrr_fail(int idx) { - return early_data_skip_helper(2, idx); + return early_data_skip_helper(2, + idx % OSSL_NELEM(ciphersuites), + idx / OSSL_NELEM(ciphersuites)); } /* @@ -4078,7 +4135,9 @@ static int test_early_data_skip_hrr_fail(int idx) */ static int test_early_data_skip_abort(int idx) { - return early_data_skip_helper(3, idx); + return early_data_skip_helper(3, + idx % OSSL_NELEM(ciphersuites), + idx / OSSL_NELEM(ciphersuites)); } /* @@ -4095,7 +4154,8 @@ static int test_early_data_not_sent(int idx) size_t readbytes, written; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx))) + &serverssl, &sess, idx, + SHA384_DIGEST_LENGTH))) goto end; /* Write some data - should block due to handshake with server */ @@ -4189,7 +4249,8 @@ static int test_early_data_psk(int idx) /* We always set this up with a final parameter of "2" for PSK */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, 2))) + &serverssl, &sess, 2, + SHA384_DIGEST_LENGTH))) goto end; servalpn = "goodalpn"; @@ -4388,7 +4449,8 @@ static int test_early_data_psk_with_all_ciphers(int idx) /* We always set this up with a final parameter of "2" for PSK */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, 2))) + &serverssl, &sess, 2, + SHA384_DIGEST_LENGTH))) goto end; if (idx == 4) { @@ -4467,7 +4529,8 @@ static int test_early_data_not_expected(int idx) size_t readbytes, written; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx))) + &serverssl, &sess, idx, + SHA384_DIGEST_LENGTH))) goto end; /* Write some early data */ @@ -4526,7 +4589,8 @@ static int test_early_data_tls1_2(int idx) size_t readbytes, written; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, NULL, idx))) + &serverssl, NULL, idx, + SHA384_DIGEST_LENGTH))) goto end; /* Write some data - should block due to handshake with server */ @@ -6390,7 +6454,7 @@ static int test_export_key_mat_early(int idx) size_t readbytes, written; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl, - &sess, idx))) + &sess, idx, SHA384_DIGEST_LENGTH))) goto end; /* Here writing 0 length early data is enough. */ @@ -7509,7 +7573,8 @@ static int test_info_callback(int tst) /* early_data tests */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, 0))) + &serverssl, &sess, 0, + SHA384_DIGEST_LENGTH))) goto end; /* We don't actually need this reference */ @@ -10906,16 +10971,16 @@ int setup_tests(void) ADD_TEST(test_ccs_change_cipher); #endif #ifndef OSSL_NO_USABLE_TLS1_3 - ADD_ALL_TESTS(test_early_data_read_write, 3); + ADD_ALL_TESTS(test_early_data_read_write, 6); /* * We don't do replay tests for external PSK. Replay protection isn't used * in that scenario. */ ADD_ALL_TESTS(test_early_data_replay, 2); - ADD_ALL_TESTS(test_early_data_skip, 3); - ADD_ALL_TESTS(test_early_data_skip_hrr, 3); - ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3); - ADD_ALL_TESTS(test_early_data_skip_abort, 3); + ADD_ALL_TESTS(test_early_data_skip, OSSL_NELEM(ciphersuites) * 3); + ADD_ALL_TESTS(test_early_data_skip_hrr, OSSL_NELEM(ciphersuites) * 3); + ADD_ALL_TESTS(test_early_data_skip_hrr_fail, OSSL_NELEM(ciphersuites) * 3); + ADD_ALL_TESTS(test_early_data_skip_abort, OSSL_NELEM(ciphersuites) * 3); ADD_ALL_TESTS(test_early_data_not_sent, 3); ADD_ALL_TESTS(test_early_data_psk, 8); ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5); |