2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/opensslconf.h>
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/ssl.h>
16 #include <openssl/ocsp.h>
18 #include "ssltestlib.h"
21 #include "../ssl/ssl_locl.h"
23 static char *cert = NULL;
24 static char *privkey = NULL;
26 #define LOG_BUFFER_SIZE 1024
27 static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
28 static size_t server_log_buffer_index = 0;
29 static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
30 static size_t client_log_buffer_index = 0;
31 static int error_writing_log = 0;
33 #ifndef OPENSSL_NO_OCSP
34 static const unsigned char orespder[] = "Dummy OCSP Response";
35 static int ocsp_server_called = 0;
36 static int ocsp_client_called = 0;
38 static int cdummyarg = 1;
39 static X509 *ocspcert = NULL;
42 #define NUM_EXTRA_CERTS 40
45 * This structure is used to validate that the correct number of log messages
46 * of various types are emitted when emitting secret logs.
48 struct sslapitest_log_counts {
49 unsigned int rsa_key_exchange_count;
50 unsigned int master_secret_count;
51 unsigned int client_handshake_secret_count;
52 unsigned int server_handshake_secret_count;
53 unsigned int client_application_secret_count;
54 unsigned int server_application_secret_count;
58 static unsigned char serverinfov1[] = {
59 0xff, 0xff, /* Dummy extension type */
60 0x00, 0x01, /* Extension length is 1 byte */
61 0xff /* Dummy extension data */
64 static unsigned char serverinfov2[] = {
66 (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
67 0xff, 0xff, /* Dummy extension type */
68 0x00, 0x01, /* Extension length is 1 byte */
69 0xff /* Dummy extension data */
72 static void client_keylog_callback(const SSL *ssl, const char *line)
74 int line_length = strlen(line);
76 /* If the log doesn't fit, error out. */
77 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
78 TEST_info("Client log too full");
79 error_writing_log = 1;
83 strcat(client_log_buffer, line);
84 client_log_buffer_index += line_length;
85 client_log_buffer[client_log_buffer_index++] = '\n';
88 static void server_keylog_callback(const SSL *ssl, const char *line)
90 int line_length = strlen(line);
92 /* If the log doesn't fit, error out. */
93 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
94 TEST_info("Server og too full");
95 error_writing_log = 1;
99 strcat(server_log_buffer, line);
100 server_log_buffer_index += line_length;
101 server_log_buffer[server_log_buffer_index++] = '\n';
104 static int compare_hex_encoded_buffer(const char *hex_encoded,
112 if (!TEST_size_t_eq(raw_length * 2, hex_length))
115 for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
116 sprintf(hexed, "%02x", raw[i]);
117 if (!TEST_int_eq(hexed[0], hex_encoded[j])
118 || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
125 static int test_keylog_output(char *buffer, const SSL *ssl,
126 const SSL_SESSION *session,
127 struct sslapitest_log_counts *expected)
130 unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
131 size_t client_random_size = SSL3_RANDOM_SIZE;
132 unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
133 size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
134 unsigned int rsa_key_exchange_count = 0;
135 unsigned int master_secret_count = 0;
136 unsigned int client_handshake_secret_count = 0;
137 unsigned int server_handshake_secret_count = 0;
138 unsigned int client_application_secret_count = 0;
139 unsigned int server_application_secret_count = 0;
141 for (token = strtok(buffer, " \n"); token != NULL;
142 token = strtok(NULL, " \n")) {
143 if (strcmp(token, "RSA") == 0) {
145 * Premaster secret. Tokens should be: 16 ASCII bytes of
146 * hex-encoded encrypted secret, then the hex-encoded pre-master
149 if (!TEST_ptr(token = strtok(NULL, " \n")))
151 if (!TEST_size_t_eq(strlen(token), 16))
153 if (!TEST_ptr(token = strtok(NULL, " \n")))
156 * We can't sensibly check the log because the premaster secret is
157 * transient, and OpenSSL doesn't keep hold of it once the master
158 * secret is generated.
160 rsa_key_exchange_count++;
161 } else if (strcmp(token, "CLIENT_RANDOM") == 0) {
163 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
164 * client random, then the hex-encoded master secret.
166 client_random_size = SSL_get_client_random(ssl,
167 actual_client_random,
169 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
172 if (!TEST_ptr(token = strtok(NULL, " \n")))
174 if (!TEST_size_t_eq(strlen(token), 64))
176 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
177 actual_client_random,
178 client_random_size)))
181 if (!TEST_ptr(token = strtok(NULL, " \n")))
183 master_key_size = SSL_SESSION_get_master_key(session,
186 if (!TEST_size_t_ne(master_key_size, 0))
188 if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
192 master_secret_count++;
193 } else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
194 || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
195 || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
196 || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) {
198 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
199 * client random, and then the hex-encoded secret. In this case,
200 * we treat all of these secrets identically and then just
201 * distinguish between them when counting what we saw.
203 if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
204 client_handshake_secret_count++;
205 else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
206 server_handshake_secret_count++;
207 else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
208 client_application_secret_count++;
209 else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
210 server_application_secret_count++;
212 client_random_size = SSL_get_client_random(ssl,
213 actual_client_random,
215 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
218 if (!TEST_ptr(token = strtok(NULL, " \n")))
220 if (!TEST_size_t_eq(strlen(token), 64))
222 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
223 actual_client_random,
224 client_random_size)))
227 if (!TEST_ptr(token = strtok(NULL, " \n")))
231 * TODO(TLS1.3): test that application traffic secrets are what
234 TEST_info("Unexpected token %s\n", token);
239 /* Got what we expected? */
240 if (!TEST_size_t_eq(rsa_key_exchange_count,
241 expected->rsa_key_exchange_count)
242 || !TEST_size_t_eq(master_secret_count,
243 expected->master_secret_count)
244 || !TEST_size_t_eq(client_handshake_secret_count,
245 expected->client_handshake_secret_count)
246 || !TEST_size_t_eq(server_handshake_secret_count,
247 expected->server_handshake_secret_count)
248 || !TEST_size_t_eq(client_application_secret_count,
249 expected->client_application_secret_count)
250 || !TEST_size_t_eq(server_application_secret_count,
251 expected->server_application_secret_count))
256 static int test_keylog(void)
258 SSL_CTX *cctx = NULL, *sctx = NULL;
259 SSL *clientssl = NULL, *serverssl = NULL;
261 struct sslapitest_log_counts expected = {0};
263 /* Clean up logging space */
264 memset(client_log_buffer, 0, sizeof(client_log_buffer));
265 memset(server_log_buffer, 0, sizeof(server_log_buffer));
266 client_log_buffer_index = 0;
267 server_log_buffer_index = 0;
268 error_writing_log = 0;
270 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
272 &sctx, &cctx, cert, privkey)))
275 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
276 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
277 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
279 /* We also want to ensure that we use RSA-based key exchange. */
280 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
283 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
284 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
286 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
287 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
288 == client_keylog_callback))
290 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
291 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
292 == server_keylog_callback))
295 /* Now do a handshake and check that the logs have been written to. */
296 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
297 &clientssl, NULL, NULL))
298 || !TEST_true(create_ssl_connection(serverssl, clientssl,
300 || !TEST_false(error_writing_log)
301 || !TEST_int_gt(client_log_buffer_index, 0)
302 || !TEST_int_gt(server_log_buffer_index, 0))
306 * Now we want to test that our output data was vaguely sensible. We
307 * do that by using strtok and confirming that we have more or less the
308 * data we expect. For both client and server, we expect to see one master
309 * secret. The client should also see a RSA key exchange.
311 expected.rsa_key_exchange_count = 1;
312 expected.master_secret_count = 1;
313 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
314 SSL_get_session(clientssl), &expected)))
317 expected.rsa_key_exchange_count = 0;
318 if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
319 SSL_get_session(serverssl), &expected)))
333 #ifndef OPENSSL_NO_TLS1_3
334 static int test_keylog_no_master_key(void)
336 SSL_CTX *cctx = NULL, *sctx = NULL;
337 SSL *clientssl = NULL, *serverssl = NULL;
339 struct sslapitest_log_counts expected = {0};
341 /* Clean up logging space */
342 memset(client_log_buffer, 0, sizeof(client_log_buffer));
343 memset(server_log_buffer, 0, sizeof(server_log_buffer));
344 client_log_buffer_index = 0;
345 server_log_buffer_index = 0;
346 error_writing_log = 0;
348 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
349 TLS_client_method(), &sctx,
350 &cctx, cert, privkey)))
353 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
354 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
357 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
358 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
359 == client_keylog_callback))
362 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
363 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
364 == server_keylog_callback))
367 /* Now do a handshake and check that the logs have been written to. */
368 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
369 &clientssl, NULL, NULL))
370 || !TEST_true(create_ssl_connection(serverssl, clientssl,
372 || !TEST_false(error_writing_log))
376 * Now we want to test that our output data was vaguely sensible. For this
377 * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
378 * TLSv1.3, but we do expect both client and server to emit keys.
380 expected.client_handshake_secret_count = 1;
381 expected.server_handshake_secret_count = 1;
382 expected.client_application_secret_count = 1;
383 expected.server_application_secret_count = 1;
384 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
385 SSL_get_session(clientssl), &expected))
386 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
387 SSL_get_session(serverssl),
403 #ifndef OPENSSL_NO_TLS1_2
404 static int full_early_callback(SSL *s, int *al, void *arg)
407 const unsigned char *p;
409 /* We only configure two ciphers, but the SCSV is added automatically. */
411 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
413 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
416 const int expected_extensions[] = {
417 #ifndef OPENSSL_NO_EC
423 /* Make sure we can defer processing and get called back. */
427 len = SSL_early_get0_ciphers(s, &p);
428 if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
429 || !TEST_size_t_eq(SSL_early_get0_compression_methods(s, &p), 1)
430 || !TEST_int_eq(*p, 0))
432 if (!SSL_early_get1_extensions_present(s, &exts, &len))
434 if (len != OSSL_NELEM(expected_extensions) ||
435 memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
436 printf("Early callback expected ClientHello extensions mismatch\n");
444 static int test_early_cb(void)
446 SSL_CTX *cctx = NULL, *sctx = NULL;
447 SSL *clientssl = NULL, *serverssl = NULL;
448 int testctr = 0, testresult = 0;
450 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
451 TLS_client_method(), &sctx,
452 &cctx, cert, privkey)))
454 SSL_CTX_set_early_cb(sctx, full_early_callback, &testctr);
456 /* The gimpy cipher list we configure can't do TLS 1.3. */
457 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
459 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
460 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
461 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
462 &clientssl, NULL, NULL))
463 || !TEST_false(create_ssl_connection(serverssl, clientssl,
464 SSL_ERROR_WANT_EARLY))
466 * Passing a -1 literal is a hack since
467 * the real value was lost.
469 || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_EARLY)
470 || !TEST_true(create_ssl_connection(serverssl, clientssl,
486 static int execute_test_large_message(const SSL_METHOD *smeth,
487 const SSL_METHOD *cmeth, int read_ahead)
489 SSL_CTX *cctx = NULL, *sctx = NULL;
490 SSL *clientssl = NULL, *serverssl = NULL;
494 X509 *chaincert = NULL;
497 if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
499 chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
502 if (!TEST_ptr(chaincert))
505 if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, &sctx,
506 &cctx, cert, privkey)))
511 * Test that read_ahead works correctly when dealing with large
514 SSL_CTX_set_read_ahead(cctx, 1);
518 * We assume the supplied certificate is big enough so that if we add
519 * NUM_EXTRA_CERTS it will make the overall message large enough. The
520 * default buffer size is requested to be 16k, but due to the way BUF_MEM
521 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
522 * test we need to have a message larger than that.
524 certlen = i2d_X509(chaincert, NULL);
525 OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
526 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
527 for (i = 0; i < NUM_EXTRA_CERTS; i++) {
528 if (!X509_up_ref(chaincert))
530 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
531 X509_free(chaincert);
536 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
538 || !TEST_true(create_ssl_connection(serverssl, clientssl,
543 * Calling SSL_clear() first is not required but this tests that SSL_clear()
544 * doesn't leak (when using enable-crypto-mdebug).
546 if (!TEST_true(SSL_clear(serverssl)))
551 X509_free(chaincert);
560 static int test_large_message_tls(void)
562 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
566 static int test_large_message_tls_read_ahead(void)
568 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
572 #ifndef OPENSSL_NO_DTLS
573 static int test_large_message_dtls(void)
576 * read_ahead is not relevant to DTLS because DTLS always acts as if
579 return execute_test_large_message(DTLS_server_method(),
580 DTLS_client_method(), 0);
584 #ifndef OPENSSL_NO_OCSP
585 static int ocsp_server_cb(SSL *s, void *arg)
587 int *argi = (int *)arg;
588 unsigned char *copy = NULL;
589 STACK_OF(OCSP_RESPID) *ids = NULL;
590 OCSP_RESPID *id = NULL;
593 /* In this test we are expecting exactly 1 OCSP_RESPID */
594 SSL_get_tlsext_status_ids(s, &ids);
595 if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
596 return SSL_TLSEXT_ERR_ALERT_FATAL;
598 id = sk_OCSP_RESPID_value(ids, 0);
599 if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
600 return SSL_TLSEXT_ERR_ALERT_FATAL;
601 } else if (*argi != 1) {
602 return SSL_TLSEXT_ERR_ALERT_FATAL;
605 if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
606 return SSL_TLSEXT_ERR_ALERT_FATAL;
608 SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
609 ocsp_server_called = 1;
610 return SSL_TLSEXT_ERR_OK;
613 static int ocsp_client_cb(SSL *s, void *arg)
615 int *argi = (int *)arg;
616 const unsigned char *respderin;
619 if (*argi != 1 && *argi != 2)
622 len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
623 if (!TEST_mem_eq(orespder, len, respderin, len))
626 ocsp_client_called = 1;
630 static int test_tlsext_status_type(void)
632 SSL_CTX *cctx = NULL, *sctx = NULL;
633 SSL *clientssl = NULL, *serverssl = NULL;
635 STACK_OF(OCSP_RESPID) *ids = NULL;
636 OCSP_RESPID *id = NULL;
639 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
640 &cctx, cert, privkey))
643 if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
646 /* First just do various checks getting and setting tlsext_status_type */
648 clientssl = SSL_new(cctx);
649 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
650 || !TEST_true(SSL_set_tlsext_status_type(clientssl,
651 TLSEXT_STATUSTYPE_ocsp))
652 || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
653 TLSEXT_STATUSTYPE_ocsp))
659 if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
660 || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
663 clientssl = SSL_new(cctx);
664 if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
670 * Now actually do a handshake and check OCSP information is exchanged and
671 * the callbacks get called
673 SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
674 SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
675 SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
676 SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
677 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
678 &clientssl, NULL, NULL))
679 || !TEST_true(create_ssl_connection(serverssl, clientssl,
681 || !TEST_true(ocsp_client_called)
682 || !TEST_true(ocsp_server_called))
689 /* Try again but this time force the server side callback to fail */
690 ocsp_client_called = 0;
691 ocsp_server_called = 0;
693 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
694 &clientssl, NULL, NULL))
695 /* This should fail because the callback will fail */
696 || !TEST_false(create_ssl_connection(serverssl, clientssl,
698 || !TEST_false(ocsp_client_called)
699 || !TEST_false(ocsp_server_called))
707 * This time we'll get the client to send an OCSP_RESPID that it will
710 ocsp_client_called = 0;
711 ocsp_server_called = 0;
713 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
714 &clientssl, NULL, NULL)))
718 * We'll just use any old cert for this test - it doesn't have to be an OCSP
719 * specific one. We'll use the server cert.
721 if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
722 || !TEST_ptr(id = OCSP_RESPID_new())
723 || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
724 || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
726 || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
727 || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
730 SSL_set_tlsext_status_ids(clientssl, ids);
731 /* Control has been transferred */
737 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
739 || !TEST_true(ocsp_client_called)
740 || !TEST_true(ocsp_server_called))
750 sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
751 OCSP_RESPID_free(id);
760 typedef struct ssl_session_test_fixture {
761 const char *test_case_name;
764 } SSL_SESSION_TEST_FIXTURE;
766 static int new_called = 0, remove_called = 0;
768 static SSL_SESSION_TEST_FIXTURE
769 ssl_session_set_up(const char *const test_case_name)
771 SSL_SESSION_TEST_FIXTURE fixture;
773 fixture.test_case_name = test_case_name;
774 fixture.use_ext_cache = 1;
775 fixture.use_int_cache = 1;
777 new_called = remove_called = 0;
782 static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture)
786 static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
792 static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
797 static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
799 SSL_CTX *sctx = NULL, *cctx = NULL;
800 SSL *serverssl1 = NULL, *clientssl1 = NULL;
801 SSL *serverssl2 = NULL, *clientssl2 = NULL;
802 #ifndef OPENSSL_NO_TLS1_1
803 SSL *serverssl3 = NULL, *clientssl3 = NULL;
805 SSL_SESSION *sess1 = NULL, *sess2 = NULL;
808 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
809 TLS_client_method(), &sctx,
810 &cctx, cert, privkey)))
813 #ifndef OPENSSL_NO_TLS1_2
814 /* Only allow TLS1.2 so we can force a connection failure later */
815 SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
818 /* Set up session cache */
819 if (fix.use_ext_cache) {
820 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
821 SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
823 if (fix.use_int_cache) {
824 /* Also covers instance where both are set */
825 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
827 SSL_CTX_set_session_cache_mode(cctx,
828 SSL_SESS_CACHE_CLIENT
829 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
832 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
834 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
836 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
839 /* Should fail because it should already be in the cache */
840 if (fix.use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
842 if (fix.use_ext_cache && (new_called != 1 || remove_called != 0))
845 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
846 &clientssl2, NULL, NULL))
847 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
851 if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
854 if (fix.use_ext_cache && (new_called != 2 || remove_called != 0))
858 * This should clear sess2 from the cache because it is a "bad" session.
859 * See SSL_set_session() documentation.
861 if (!TEST_true(SSL_set_session(clientssl2, sess1)))
863 if (fix.use_ext_cache && (new_called != 2 || remove_called != 1))
865 if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
868 if (fix.use_int_cache) {
869 /* Should succeeded because it should not already be in the cache */
870 if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
871 || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
875 * This is for the purposes of internal cache testing...ignore the
876 * counter for external cache
878 if (fix.use_ext_cache)
882 /* This shouldn't be in the cache so should fail */
883 if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
886 if (fix.use_ext_cache && (new_called != 2 || remove_called != 2))
889 #if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
890 /* Force a connection failure */
891 SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
892 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
893 &clientssl3, NULL, NULL))
894 || !TEST_true(SSL_set_session(clientssl3, sess1))
895 /* This should fail because of the mismatched protocol versions */
896 || !TEST_false(create_ssl_connection(serverssl3, clientssl3,
900 /* We should have automatically removed the session from the cache */
901 if (fix.use_ext_cache && (new_called != 2 || remove_called != 3))
904 /* Should succeed because it should not already be in the cache */
905 if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2))
912 SSL_free(serverssl1);
913 SSL_free(clientssl1);
914 SSL_free(serverssl2);
915 SSL_free(clientssl2);
916 #ifndef OPENSSL_NO_TLS1_1
917 SSL_free(serverssl3);
918 SSL_free(clientssl3);
920 SSL_SESSION_free(sess1);
921 SSL_SESSION_free(sess2);
924 * Check if we need to remove any sessions up-refed for the external cache
927 SSL_SESSION_free(sess1);
929 SSL_SESSION_free(sess2);
936 static int test_session_with_only_int_cache(void)
938 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
939 fixture.use_ext_cache = 0;
940 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
943 static int test_session_with_only_ext_cache(void)
945 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
946 fixture.use_int_cache = 0;
947 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
950 static int test_session_with_both_cache(void)
952 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
953 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
960 #define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
962 static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
977 static int test_ssl_set_bio(int idx)
982 BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
984 int initrbio, initwbio, newrbio, newwbio;
994 if (!TEST_int_le(newwbio, 2))
997 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
998 || !TEST_ptr(ssl = SSL_new(ctx)))
1001 if (initrbio == USE_BIO_1
1002 || initwbio == USE_BIO_1
1003 || newrbio == USE_BIO_1
1004 || newwbio == USE_BIO_1) {
1005 if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
1009 if (initrbio == USE_BIO_2
1010 || initwbio == USE_BIO_2
1011 || newrbio == USE_BIO_2
1012 || newwbio == USE_BIO_2) {
1013 if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
1017 setupbio(&irbio, bio1, bio2, initrbio);
1018 setupbio(&iwbio, bio1, bio2, initwbio);
1021 * We want to maintain our own refs to these BIO, so do an up ref for each
1022 * BIO that will have ownership transferred in the SSL_set_bio() call
1026 if (iwbio != NULL && iwbio != irbio)
1029 SSL_set_bio(ssl, irbio, iwbio);
1031 setupbio(&nrbio, bio1, bio2, newrbio);
1032 setupbio(&nwbio, bio1, bio2, newwbio);
1035 * We will (maybe) transfer ownership again so do more up refs.
1036 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1041 && (nwbio != iwbio || nrbio != nwbio))
1045 && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
1048 SSL_set_bio(ssl, nrbio, nwbio);
1058 * This test is checking that the ref counting for SSL_set_bio is correct.
1059 * If we get here and we did too many frees then we will fail in the above
1060 * functions. If we haven't done enough then this will only be detected in
1061 * a crypto-mdebug build
1067 typedef struct ssl_bio_test_fixture {
1068 const char *test_case_name;
1070 enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio;
1071 } SSL_BIO_TEST_FIXTURE;
1073 static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name)
1075 SSL_BIO_TEST_FIXTURE fixture;
1077 fixture.test_case_name = test_case_name;
1078 fixture.pop_ssl = 0;
1079 fixture.change_bio = NO_BIO_CHANGE;
1083 static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture)
1087 static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix)
1089 BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
1094 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
1095 || !TEST_ptr(ssl = SSL_new(ctx))
1096 || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
1097 || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
1100 BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
1103 * If anything goes wrong here then we could leak memory, so this will
1104 * be caught in a crypto-mdebug build
1106 BIO_push(sslbio, membio1);
1108 /* Verify changing the rbio/wbio directly does not cause leaks */
1109 if (fix.change_bio != NO_BIO_CHANGE) {
1110 if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
1112 if (fix.change_bio == CHANGE_RBIO)
1113 SSL_set0_rbio(ssl, membio2);
1115 SSL_set0_wbio(ssl, membio2);
1134 static int test_ssl_bio_pop_next_bio(void)
1136 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
1137 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1140 static int test_ssl_bio_pop_ssl_bio(void)
1142 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
1143 fixture.pop_ssl = 1;
1144 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1147 static int test_ssl_bio_change_rbio(void)
1149 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
1150 fixture.change_bio = CHANGE_RBIO;
1151 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1154 static int test_ssl_bio_change_wbio(void)
1156 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
1157 fixture.change_bio = CHANGE_WBIO;
1158 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1162 /* The list of sig algs */
1164 /* The length of the list */
1166 /* A sigalgs list in string format */
1167 const char *liststr;
1168 /* Whether setting the list should succeed */
1170 /* Whether creating a connection with the list should succeed */
1174 static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
1175 #ifndef OPENSSL_NO_EC
1176 static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
1177 static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
1179 static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
1180 static const int invalidlist2[] = {NID_sha256, NID_undef};
1181 static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
1182 static const int invalidlist4[] = {NID_sha256};
1183 static const sigalgs_list testsigalgs[] = {
1184 {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
1185 #ifndef OPENSSL_NO_EC
1186 {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
1187 {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
1189 {NULL, 0, "RSA+SHA256", 1, 1},
1190 #ifndef OPENSSL_NO_EC
1191 {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
1192 {NULL, 0, "ECDSA+SHA512", 1, 0},
1194 {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
1195 {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
1196 {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
1197 {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
1198 {NULL, 0, "RSA", 0, 0},
1199 {NULL, 0, "SHA256", 0, 0},
1200 {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
1201 {NULL, 0, "Invalid", 0, 0}
1204 static int test_set_sigalgs(int idx)
1206 SSL_CTX *cctx = NULL, *sctx = NULL;
1207 SSL *clientssl = NULL, *serverssl = NULL;
1209 const sigalgs_list *curr;
1212 /* Should never happen */
1213 if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
1216 testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
1217 curr = testctx ? &testsigalgs[idx]
1218 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
1220 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1221 TLS_client_method(), &sctx,
1222 &cctx, cert, privkey)))
1226 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
1227 * for TLSv1.2 for now until we add a new API.
1229 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
1234 if (curr->list != NULL)
1235 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
1237 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
1241 TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
1247 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
1252 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1253 &clientssl, NULL, NULL)))
1259 if (curr->list != NULL)
1260 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
1262 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
1265 TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
1274 if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
1282 SSL_free(serverssl);
1283 SSL_free(clientssl);
1290 #ifndef OPENSSL_NO_TLS1_3
1292 #define MSG1 "Hello"
1293 #define MSG2 "World."
1298 #define MSG7 "message."
1301 * Helper method to setup objects for early data test. Caller frees objects on
1304 static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
1305 SSL **serverssl, SSL_SESSION **sess, int idx)
1307 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1308 TLS_client_method(), sctx,
1309 cctx, cert, privkey)))
1312 /* When idx == 1 we repeat the tests with read_ahead set */
1314 SSL_CTX_set_read_ahead(*cctx, 1);
1315 SSL_CTX_set_read_ahead(*sctx, 1);
1318 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
1320 || !TEST_true(create_ssl_connection(*serverssl, *clientssl,
1324 *sess = SSL_get1_session(*clientssl);
1325 SSL_shutdown(*clientssl);
1326 SSL_shutdown(*serverssl);
1327 SSL_free(*serverssl);
1328 SSL_free(*clientssl);
1329 *serverssl = *clientssl = NULL;
1331 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
1332 clientssl, NULL, NULL))
1333 || !TEST_true(SSL_set_session(*clientssl, *sess)))
1339 static int test_early_data_read_write(int idx)
1341 SSL_CTX *cctx = NULL, *sctx = NULL;
1342 SSL *clientssl = NULL, *serverssl = NULL;
1344 SSL_SESSION *sess = NULL;
1345 unsigned char buf[20], data[1024];
1346 size_t readbytes, written, eoedlen, rawread, rawwritten;
1349 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1350 &serverssl, &sess, idx)))
1353 /* Write and read some early data */
1354 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1356 || !TEST_size_t_eq(written, strlen(MSG1))
1357 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
1358 sizeof(buf), &readbytes),
1359 SSL_READ_EARLY_DATA_SUCCESS)
1360 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
1361 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1362 SSL_EARLY_DATA_ACCEPTED))
1366 * Server should be able to write data, and client should be able to
1369 if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
1371 || !TEST_size_t_eq(written, strlen(MSG2))
1372 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1373 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1376 /* Even after reading normal data, client should be able write early data */
1377 if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
1379 || !TEST_size_t_eq(written, strlen(MSG3)))
1382 /* Server should still be able read early data after writing data */
1383 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1385 SSL_READ_EARLY_DATA_SUCCESS)
1386 || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
1389 /* Write more data from server and read it from client */
1390 if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
1392 || !TEST_size_t_eq(written, strlen(MSG4))
1393 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1394 || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
1398 * If client writes normal data it should mean writing early data is no
1401 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1402 || !TEST_size_t_eq(written, strlen(MSG5))
1403 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1404 SSL_EARLY_DATA_ACCEPTED))
1408 * At this point the client has written EndOfEarlyData, ClientFinished and
1409 * normal (fully protected) data. We are going to cause a delay between the
1410 * arrival of EndOfEarlyData and ClientFinished. We read out all the data
1411 * in the read BIO, and then just put back the EndOfEarlyData message.
1413 rbio = SSL_get_rbio(serverssl);
1414 if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
1415 || !TEST_size_t_lt(rawread, sizeof(data))
1416 || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
1419 /* Record length is in the 4th and 5th bytes of the record header */
1420 eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
1421 if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
1422 || !TEST_size_t_eq(rawwritten, eoedlen))
1425 /* Server should be told that there is no more early data */
1426 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1428 SSL_READ_EARLY_DATA_FINISH)
1429 || !TEST_size_t_eq(readbytes, 0))
1433 * Server has not finished init yet, so should still be able to write early
1436 if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
1438 || !TEST_size_t_eq(written, strlen(MSG6)))
1441 /* Push the ClientFinished and the normal data back into the server rbio */
1442 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
1444 || !TEST_size_t_eq(rawwritten, rawread - eoedlen))
1447 /* Server should be able to read normal data */
1448 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1449 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
1452 /* Client and server should not be able to write/read early data now */
1453 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1457 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1459 SSL_READ_EARLY_DATA_ERROR))
1463 /* Client should be able to read the data sent by the server */
1464 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1465 || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
1469 * Make sure we process the NewSessionTicket. This arrives post-handshake.
1470 * We attempt a read which we do not expect to return any data.
1472 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
1475 /* Server should be able to write normal data */
1476 if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
1477 || !TEST_size_t_eq(written, strlen(MSG7))
1478 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1479 || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
1482 SSL_SESSION_free(sess);
1483 sess = SSL_get1_session(clientssl);
1485 SSL_shutdown(clientssl);
1486 SSL_shutdown(serverssl);
1487 SSL_free(serverssl);
1488 SSL_free(clientssl);
1489 serverssl = clientssl = NULL;
1490 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1491 &clientssl, NULL, NULL))
1492 || !TEST_true(SSL_set_session(clientssl, sess)))
1495 /* Write and read some early data */
1496 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1498 || !TEST_size_t_eq(written, strlen(MSG1))
1499 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1501 SSL_READ_EARLY_DATA_SUCCESS)
1502 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
1505 if (!TEST_int_gt(SSL_connect(clientssl), 0)
1506 || !TEST_int_gt(SSL_accept(serverssl), 0))
1509 /* Client and server should not be able to write/read early data now */
1510 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1514 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1516 SSL_READ_EARLY_DATA_ERROR))
1520 /* Client and server should be able to write/read normal data */
1521 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1522 || !TEST_size_t_eq(written, strlen(MSG5))
1523 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1524 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
1530 SSL_SESSION_free(sess);
1531 SSL_free(serverssl);
1532 SSL_free(clientssl);
1539 * Test that a server attempting to read early data can handle a connection
1540 * from a client where the early data is not acceptable.
1542 static int test_early_data_skip(int idx)
1544 SSL_CTX *cctx = NULL, *sctx = NULL;
1545 SSL *clientssl = NULL, *serverssl = NULL;
1547 SSL_SESSION *sess = NULL;
1548 unsigned char buf[20];
1549 size_t readbytes, written;
1551 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1552 &serverssl, &sess, idx)))
1556 * Deliberately corrupt the creation time. We take 20 seconds off the time.
1557 * It could be any value as long as it is not within tolerance. This should
1558 * mean the ticket is rejected.
1560 if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20)))
1563 /* Write some early data */
1564 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1566 || !TEST_size_t_eq(written, strlen(MSG1)))
1569 /* Server should reject the early data and skip over it */
1570 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1572 SSL_READ_EARLY_DATA_FINISH)
1573 || !TEST_size_t_eq(readbytes, 0)
1574 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1575 SSL_EARLY_DATA_REJECTED))
1578 /* Should be able to send normal data despite rejection of early data */
1579 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1580 || !TEST_size_t_eq(written, strlen(MSG2))
1581 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1582 SSL_EARLY_DATA_REJECTED)
1583 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1584 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1590 SSL_SESSION_free(sess);
1591 SSL_free(serverssl);
1592 SSL_free(clientssl);
1599 * Test that a server attempting to read early data can handle a connection
1600 * from a client that doesn't send any.
1602 static int test_early_data_not_sent(int idx)
1604 SSL_CTX *cctx = NULL, *sctx = NULL;
1605 SSL *clientssl = NULL, *serverssl = NULL;
1607 SSL_SESSION *sess = NULL;
1608 unsigned char buf[20];
1609 size_t readbytes, written;
1611 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1612 &serverssl, &sess, idx)))
1615 /* Write some data - should block due to handshake with server */
1616 SSL_set_connect_state(clientssl);
1617 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
1620 /* Server should detect that early data has not been sent */
1621 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1623 SSL_READ_EARLY_DATA_FINISH)
1624 || !TEST_size_t_eq(readbytes, 0)
1625 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1626 SSL_EARLY_DATA_NOT_SENT)
1627 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1628 SSL_EARLY_DATA_NOT_SENT))
1631 /* Continue writing the message we started earlier */
1632 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1633 || !TEST_size_t_eq(written, strlen(MSG1))
1634 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1635 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1636 || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
1637 || !TEST_size_t_eq(written, strlen(MSG2)))
1641 * Should block due to the NewSessionTicket arrival unless we're using
1645 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
1649 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1650 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1656 SSL_SESSION_free(sess);
1657 SSL_free(serverssl);
1658 SSL_free(clientssl);
1665 * Test that a server that doesn't try to read early data can handle a
1666 * client sending some.
1668 static int test_early_data_not_expected(int idx)
1670 SSL_CTX *cctx = NULL, *sctx = NULL;
1671 SSL *clientssl = NULL, *serverssl = NULL;
1673 SSL_SESSION *sess = NULL;
1674 unsigned char buf[20];
1675 size_t readbytes, written;
1678 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1679 &serverssl, &sess, idx)))
1682 /* Write some early data */
1683 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1688 * Server should skip over early data and then block waiting for client to
1689 * continue handshake
1691 if (!TEST_int_le(SSL_accept(serverssl), 0)
1692 || !TEST_int_gt(SSL_connect(clientssl), 0)
1693 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1694 SSL_EARLY_DATA_REJECTED)
1695 || !TEST_int_gt(SSL_accept(serverssl), 0)
1696 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1697 SSL_EARLY_DATA_REJECTED))
1700 /* Send some normal data from client to server */
1701 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1702 || !TEST_size_t_eq(written, strlen(MSG2)))
1705 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1706 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1712 SSL_SESSION_free(sess);
1713 SSL_free(serverssl);
1714 SSL_free(clientssl);
1721 # ifndef OPENSSL_NO_TLS1_2
1723 * Test that a server attempting to read early data can handle a connection
1724 * from a TLSv1.2 client.
1726 static int test_early_data_tls1_2(int idx)
1728 SSL_CTX *cctx = NULL, *sctx = NULL;
1729 SSL *clientssl = NULL, *serverssl = NULL;
1731 unsigned char buf[20];
1732 size_t readbytes, written;
1734 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1735 TLS_client_method(), &sctx,
1736 &cctx, cert, privkey)))
1739 /* When idx == 1 we repeat the tests with read_ahead set */
1741 SSL_CTX_set_read_ahead(cctx, 1);
1742 SSL_CTX_set_read_ahead(sctx, 1);
1745 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1746 &clientssl, NULL, NULL)))
1749 /* Write some data - should block due to handshake with server */
1750 SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
1751 SSL_set_connect_state(clientssl);
1752 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
1756 * Server should do TLSv1.2 handshake. First it will block waiting for more
1757 * messages from client after ServerDone. Then SSL_read_early_data should
1758 * finish and detect that early data has not been sent
1760 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1762 SSL_READ_EARLY_DATA_ERROR))
1766 * Continue writing the message we started earlier. Will still block waiting
1767 * for the CCS/Finished from server
1769 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1770 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1772 SSL_READ_EARLY_DATA_FINISH)
1773 || !TEST_size_t_eq(readbytes, 0)
1774 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1775 SSL_EARLY_DATA_NOT_SENT))
1778 /* Continue writing the message we started earlier */
1779 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1780 || !TEST_size_t_eq(written, strlen(MSG1))
1781 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1782 SSL_EARLY_DATA_NOT_SENT)
1783 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1784 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1785 || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
1786 || !TEST_size_t_eq(written, strlen(MSG2))
1787 || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
1788 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1794 SSL_free(serverssl);
1795 SSL_free(clientssl);
1801 # endif /* OPENSSL_NO_TLS1_2 */
1803 static int test_ciphersuite_change(void)
1805 SSL_CTX *cctx = NULL, *sctx = NULL;
1806 SSL *clientssl = NULL, *serverssl = NULL;
1807 SSL_SESSION *clntsess = NULL;
1809 const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
1811 /* Create a session based on SHA-256 */
1812 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1813 TLS_client_method(), &sctx,
1814 &cctx, cert, privkey))
1815 || !TEST_true(SSL_CTX_set_cipher_list(cctx,
1816 "TLS13-AES-128-GCM-SHA256"))
1817 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1818 &clientssl, NULL, NULL))
1819 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1823 clntsess = SSL_get1_session(clientssl);
1824 /* Save for later */
1825 aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
1826 SSL_shutdown(clientssl);
1827 SSL_shutdown(serverssl);
1828 SSL_free(serverssl);
1829 SSL_free(clientssl);
1830 serverssl = clientssl = NULL;
1832 /* Check we can resume a session with a different SHA-256 ciphersuite */
1833 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
1834 "TLS13-CHACHA20-POLY1305-SHA256"))
1835 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1837 || !TEST_true(SSL_set_session(clientssl, clntsess))
1838 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1840 || !TEST_true(SSL_session_reused(clientssl)))
1843 SSL_SESSION_free(clntsess);
1844 clntsess = SSL_get1_session(clientssl);
1845 SSL_shutdown(clientssl);
1846 SSL_shutdown(serverssl);
1847 SSL_free(serverssl);
1848 SSL_free(clientssl);
1849 serverssl = clientssl = NULL;
1852 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
1853 * succeeds but does not resume.
1855 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
1856 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1858 || !TEST_true(SSL_set_session(clientssl, clntsess))
1859 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1861 || !TEST_false(SSL_session_reused(clientssl)))
1864 SSL_SESSION_free(clntsess);
1866 SSL_shutdown(clientssl);
1867 SSL_shutdown(serverssl);
1868 SSL_free(serverssl);
1869 SSL_free(clientssl);
1870 serverssl = clientssl = NULL;
1872 /* Create a session based on SHA384 */
1873 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
1874 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1875 &clientssl, NULL, NULL))
1876 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1880 clntsess = SSL_get1_session(clientssl);
1881 SSL_shutdown(clientssl);
1882 SSL_shutdown(serverssl);
1883 SSL_free(serverssl);
1884 SSL_free(clientssl);
1885 serverssl = clientssl = NULL;
1887 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
1888 "TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"))
1889 || !TEST_true(SSL_CTX_set_cipher_list(sctx,
1890 "TLS13-AES-256-GCM-SHA384"))
1891 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1893 || !TEST_true(SSL_set_session(clientssl, clntsess))
1894 || !TEST_false(create_ssl_connection(serverssl, clientssl,
1895 SSL_ERROR_WANT_READ)))
1898 /* Trick the client into thinking this session is for a different digest */
1899 clntsess->cipher = aes_128_gcm_sha256;
1900 clntsess->cipher_id = clntsess->cipher->id;
1903 * Server has selected a SHA-384 ciphersuite, but client thinks the session
1904 * is for SHA-256, so it should bail out.
1906 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
1908 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
1909 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
1915 SSL_SESSION_free(clntsess);
1916 SSL_free(serverssl);
1917 SSL_free(clientssl);
1924 #endif /* OPENSSL_NO_TLS1_3 */
1926 static int clntaddoldcb = 0;
1927 static int clntparseoldcb = 0;
1928 static int srvaddoldcb = 0;
1929 static int srvparseoldcb = 0;
1930 static int clntaddnewcb = 0;
1931 static int clntparsenewcb = 0;
1932 static int srvaddnewcb = 0;
1933 static int srvparsenewcb = 0;
1934 static int snicb = 0;
1936 #define TEST_EXT_TYPE1 0xff00
1938 static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
1939 size_t *outlen, int *al, void *add_arg)
1941 int *server = (int *)add_arg;
1942 unsigned char *data;
1944 if (SSL_is_server(s))
1949 if (*server != SSL_is_server(s)
1950 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
1955 *outlen = sizeof(char);
1959 static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
1962 OPENSSL_free((unsigned char *)out);
1965 static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
1966 size_t inlen, int *al, void *parse_arg)
1968 int *server = (int *)parse_arg;
1970 if (SSL_is_server(s))
1975 if (*server != SSL_is_server(s)
1976 || inlen != sizeof(char)
1983 static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
1984 const unsigned char **out, size_t *outlen, X509 *x,
1985 size_t chainidx, int *al, void *add_arg)
1987 int *server = (int *)add_arg;
1988 unsigned char *data;
1990 if (SSL_is_server(s))
1995 if (*server != SSL_is_server(s)
1996 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
2001 *outlen = sizeof(*data);
2005 static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
2006 const unsigned char *out, void *add_arg)
2008 OPENSSL_free((unsigned char *)out);
2011 static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
2012 const unsigned char *in, size_t inlen, X509 *x,
2013 size_t chainidx, int *al, void *parse_arg)
2015 int *server = (int *)parse_arg;
2017 if (SSL_is_server(s))
2022 if (*server != SSL_is_server(s)
2023 || inlen != sizeof(char) || *in != 1)
2029 static int sni_cb(SSL *s, int *al, void *arg)
2031 SSL_CTX *ctx = (SSL_CTX *)arg;
2033 if (SSL_set_SSL_CTX(s, ctx) == NULL) {
2034 *al = SSL_AD_INTERNAL_ERROR;
2035 return SSL_TLSEXT_ERR_ALERT_FATAL;
2038 return SSL_TLSEXT_ERR_OK;
2042 * Custom call back tests.
2043 * Test 0: Old style callbacks in TLSv1.2
2044 * Test 1: New style callbacks in TLSv1.2
2045 * Test 2: New style callbacks in TLSv1.2 with SNI
2046 * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
2047 * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
2049 static int test_custom_exts(int tst)
2051 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
2052 SSL *clientssl = NULL, *serverssl = NULL;
2054 static int server = 1;
2055 static int client = 0;
2056 SSL_SESSION *sess = NULL;
2057 unsigned int context;
2059 /* Reset callback counters */
2060 clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
2061 clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
2064 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2065 TLS_client_method(), &sctx,
2066 &cctx, cert, privkey)))
2070 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2,
2071 NULL, cert, privkey)))
2076 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
2077 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
2079 SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
2083 context = SSL_EXT_CLIENT_HELLO
2084 | SSL_EXT_TLS1_2_SERVER_HELLO
2085 | SSL_EXT_TLS1_3_SERVER_HELLO
2086 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
2087 | SSL_EXT_TLS1_3_CERTIFICATE
2088 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
2090 context = SSL_EXT_CLIENT_HELLO
2091 | SSL_EXT_TLS1_2_SERVER_HELLO
2092 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
2095 /* Create a client side custom extension */
2097 if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2098 old_add_cb, old_free_cb,
2099 &client, old_parse_cb,
2103 if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
2104 new_add_cb, new_free_cb,
2105 &client, new_parse_cb, &client)))
2109 /* Should not be able to add duplicates */
2110 if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2111 old_add_cb, old_free_cb,
2112 &client, old_parse_cb,
2114 || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
2115 context, new_add_cb,
2116 new_free_cb, &client,
2117 new_parse_cb, &client)))
2120 /* Create a server side custom extension */
2122 if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2123 old_add_cb, old_free_cb,
2124 &server, old_parse_cb,
2128 if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
2129 new_add_cb, new_free_cb,
2130 &server, new_parse_cb, &server)))
2133 && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
2134 context, new_add_cb,
2135 new_free_cb, &server,
2136 new_parse_cb, &server)))
2140 /* Should not be able to add duplicates */
2141 if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2142 old_add_cb, old_free_cb,
2143 &server, old_parse_cb,
2145 || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
2146 context, new_add_cb,
2147 new_free_cb, &server,
2148 new_parse_cb, &server)))
2153 if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
2154 || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
2158 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2159 &clientssl, NULL, NULL))
2160 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2165 if (clntaddoldcb != 1
2166 || clntparseoldcb != 1
2168 || srvparseoldcb != 1)
2170 } else if (tst == 1 || tst == 2 || tst == 3) {
2171 if (clntaddnewcb != 1
2172 || clntparsenewcb != 1
2174 || srvparsenewcb != 1
2175 || (tst != 2 && snicb != 0)
2176 || (tst == 2 && snicb != 1))
2179 if (clntaddnewcb != 1
2180 || clntparsenewcb != 4
2182 || srvparsenewcb != 1)
2186 sess = SSL_get1_session(clientssl);
2187 SSL_shutdown(clientssl);
2188 SSL_shutdown(serverssl);
2189 SSL_free(serverssl);
2190 SSL_free(clientssl);
2191 serverssl = clientssl = NULL;
2194 /* We don't bother with the resumption aspects for this test */
2199 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2201 || !TEST_true(SSL_set_session(clientssl, sess))
2202 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2207 * For a resumed session we expect to add the ClientHello extension. For the
2208 * old style callbacks we ignore it on the server side because they set
2209 * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
2213 if (clntaddoldcb != 2
2214 || clntparseoldcb != 1
2216 || srvparseoldcb != 1)
2218 } else if (tst == 1 || tst == 2 || tst == 3) {
2219 if (clntaddnewcb != 2
2220 || clntparsenewcb != 2
2222 || srvparsenewcb != 2)
2225 /* No Certificate message extensions in the resumption handshake */
2226 if (clntaddnewcb != 2
2227 || clntparsenewcb != 7
2229 || srvparsenewcb != 2)
2236 SSL_SESSION_free(sess);
2237 SSL_free(serverssl);
2238 SSL_free(clientssl);
2239 SSL_CTX_free(sctx2);
2246 * Test loading of serverinfo data in various formats. test_sslmessages actually
2247 * tests to make sure the extensions appear in the handshake
2249 static int test_serverinfo(int tst)
2251 unsigned int version;
2252 unsigned char *sibuf;
2254 int ret, expected, testresult = 0;
2257 ctx = SSL_CTX_new(TLS_method());
2261 if ((tst & 0x01) == 0x01)
2262 version = SSL_SERVERINFOV2;
2264 version = SSL_SERVERINFOV1;
2266 if ((tst & 0x02) == 0x02) {
2267 sibuf = serverinfov2;
2268 sibuflen = sizeof(serverinfov2);
2269 expected = (version == SSL_SERVERINFOV2);
2271 sibuf = serverinfov1;
2272 sibuflen = sizeof(serverinfov1);
2273 expected = (version == SSL_SERVERINFOV1);
2276 if ((tst & 0x04) == 0x04) {
2277 ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
2279 ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
2282 * The version variable is irrelevant in this case - it's what is in the
2283 * buffer that matters
2285 if ((tst & 0x02) == 0x02)
2291 if (!TEST_true(ret == expected))
2302 int test_main(int argc, char *argv[])
2307 TEST_error("Wrong argument count");
2314 ADD_TEST(test_large_message_tls);
2315 ADD_TEST(test_large_message_tls_read_ahead);
2316 #ifndef OPENSSL_NO_DTLS
2317 ADD_TEST(test_large_message_dtls);
2319 #ifndef OPENSSL_NO_OCSP
2320 ADD_TEST(test_tlsext_status_type);
2322 ADD_TEST(test_session_with_only_int_cache);
2323 ADD_TEST(test_session_with_only_ext_cache);
2324 ADD_TEST(test_session_with_both_cache);
2325 ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
2326 ADD_TEST(test_ssl_bio_pop_next_bio);
2327 ADD_TEST(test_ssl_bio_pop_ssl_bio);
2328 ADD_TEST(test_ssl_bio_change_rbio);
2329 ADD_TEST(test_ssl_bio_change_wbio);
2330 ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
2331 ADD_TEST(test_keylog);
2332 #ifndef OPENSSL_NO_TLS1_3
2333 ADD_TEST(test_keylog_no_master_key);
2335 #ifndef OPENSSL_NO_TLS1_2
2336 ADD_TEST(test_early_cb);
2338 #ifndef OPENSSL_NO_TLS1_3
2339 ADD_ALL_TESTS(test_early_data_read_write, 2);
2340 ADD_ALL_TESTS(test_early_data_skip, 2);
2341 ADD_ALL_TESTS(test_early_data_not_sent, 2);
2342 ADD_ALL_TESTS(test_early_data_not_expected, 2);
2343 # ifndef OPENSSL_NO_TLS1_2
2344 ADD_ALL_TESTS(test_early_data_tls1_2, 2);
2347 #ifndef OPENSSL_NO_TLS1_3
2348 ADD_TEST(test_ciphersuite_change);
2349 ADD_ALL_TESTS(test_custom_exts, 5);
2351 ADD_ALL_TESTS(test_custom_exts, 3);
2353 ADD_ALL_TESTS(test_serverinfo, 8);
2355 testresult = run_tests(argv[0]);
2357 bio_s_mempacket_test_free();