From e11b6aa4c93ea89dc600cbcda96c6a2ab05c1b23 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 18 Jul 2017 11:34:47 +0100
Subject: [PATCH] Add a test for SSL_clear()

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3954)
---
 test/sslapitest.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index cd869e2dab..ea68f0be69 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -2649,6 +2649,60 @@ static int test_export_key_mat(int tst)
     return testresult;
 }
 
+static int test_ssl_clear(int idx)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0;
+
+#ifdef OPENSSL_NO_TLS1_2
+    if (idx == 1)
+        return 1;
+#endif
+
+    /* Create an initial connection */
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+                                       TLS_client_method(), &sctx,
+                                       &cctx, cert, privkey))
+            || (idx == 1
+                && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
+                                                            TLS1_2_VERSION)))
+            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+                                          &clientssl, NULL, NULL))
+            || !TEST_true(create_ssl_connection(serverssl, clientssl,
+                                                SSL_ERROR_NONE)))
+        goto end;
+
+    SSL_shutdown(clientssl);
+    SSL_shutdown(serverssl);
+    SSL_free(serverssl);
+    serverssl = NULL;
+
+    /* Clear clientssl - we're going to reuse the object */
+    if (!TEST_true(SSL_clear(clientssl)))
+        goto end;
+
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                             NULL, NULL))
+            || !TEST_true(create_ssl_connection(serverssl, clientssl,
+                                                SSL_ERROR_NONE))
+            || !TEST_true(SSL_session_reused(clientssl)))
+        goto end;
+
+    SSL_shutdown(clientssl);
+    SSL_shutdown(serverssl);
+
+    testresult = 1;
+
+ end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
 int test_main(int argc, char *argv[])
 {
     int testresult = 1;
@@ -2704,6 +2758,7 @@ int test_main(int argc, char *argv[])
 #endif
     ADD_ALL_TESTS(test_serverinfo, 8);
     ADD_ALL_TESTS(test_export_key_mat, 4);
+    ADD_ALL_TESTS(test_ssl_clear, 2);
 
     testresult = run_tests(argv[0]);
 
-- 
2.25.1