#include <openssl/aes.h>
#include <openssl/rand.h>
#include <openssl/core_names.h>
-#include <openssl/core_numbers.h>
+#include <openssl/core_dispatch.h>
#include <openssl/provider.h>
#include "ssltestlib.h"
OSSL_provider_init_fn filter_provider_init;
int filter_provider_set_filter(int operation, const char *name);
+/* Defined in tls-provider.c */
+int tls_provider_init(const OSSL_CORE_HANDLE *handle,
+ const OSSL_DISPATCH *in,
+ const OSSL_DISPATCH **out,
+ void **provctx);
DEFINE_STACK_OF(OCSP_RESPID)
DEFINE_STACK_OF(X509)
DEFINE_STACK_OF(X509_NAME)
cctx = SSL_CTX_new_with_libctx(clientctx, NULL, TLS_client_method());
sctx = SSL_CTX_new_with_libctx(serverctx, NULL, TLS_server_method());
+ if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
+ goto end;
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
}
#endif /* OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_TLS1_3
+static int test_pluggable_group(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider");
+
+ if (!TEST_ptr(tlsprov))
+ goto end;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_3_VERSION,
+ TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup"))
+ || !TEST_true(SSL_set1_groups_list(clientssl, "xorgroup")))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ OSSL_PROVIDER_unload(tlsprov);
+
+ return testresult;
+}
+#endif
+
+#ifndef OPENSSL_NO_TLS1_2
+static int test_ssl_dup(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL, *client2ssl = NULL;
+ int testresult = 0;
+ BIO *rbio = NULL, *wbio = NULL;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ 0,
+ 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_max_proto_version(clientssl, TLS1_2_VERSION)))
+ goto end;
+
+ client2ssl = SSL_dup(clientssl);
+ rbio = SSL_get_rbio(clientssl);
+ if (!TEST_ptr(rbio)
+ || !TEST_true(BIO_up_ref(rbio)))
+ goto end;
+ SSL_set0_rbio(client2ssl, rbio);
+ rbio = NULL;
+
+ wbio = SSL_get_wbio(clientssl);
+ if (!TEST_ptr(wbio) || !TEST_true(BIO_up_ref(wbio)))
+ goto end;
+ SSL_set0_wbio(client2ssl, wbio);
+ rbio = NULL;
+
+ if (!TEST_ptr(client2ssl)
+ /* Handshake not started so pointers should be different */
+ || !TEST_ptr_ne(clientssl, client2ssl))
+ goto end;
+
+ if (!TEST_int_eq(SSL_get_min_proto_version(client2ssl), TLS1_2_VERSION)
+ || !TEST_int_eq(SSL_get_max_proto_version(client2ssl), TLS1_2_VERSION))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, client2ssl, SSL_ERROR_NONE)))
+ goto end;
+
+ SSL_free(clientssl);
+ clientssl = SSL_dup(client2ssl);
+ if (!TEST_ptr(clientssl)
+ /* Handshake has finished so pointers should be the same */
+ || !TEST_ptr_eq(clientssl, client2ssl))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_free(client2ssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+#endif
OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n")
if (strcmp(modulename, "fips") == 0)
is_fips = 1;
+ /*
+ * We add, but don't load the test "tls-provider". We'll load it when we
+ * need it.
+ */
+ if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "tls-provider",
+ tls_provider_init)))
+ return 0;
+
+
if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
#ifdef OPENSSL_NO_CRYPTO_MDEBUG
TEST_error("not supported in this build");
ADD_ALL_TESTS(test_servername, 10);
#ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(test_sigalgs_available, 6);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ ADD_TEST(test_pluggable_group);
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+ ADD_TEST(test_ssl_dup);
#endif
return 1;