summaryrefslogtreecommitdiffstats
path: root/test/sslapitest.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/sslapitest.c')
-rw-r--r--test/sslapitest.c269
1 files changed, 230 insertions, 39 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 0b2d7b5e6d..31ba451117 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -713,14 +713,14 @@ static int full_client_hello_callback(SSL *s, int *al, void *arg)
int *ctr = arg;
const unsigned char *p;
int *exts;
- /* We only configure two ciphers, but the SCSV is added automatically. */
#ifdef OPENSSL_NO_EC
- const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
+ const unsigned char expected_ciphers[] = {0x00, 0x9d};
#else
const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
- 0x2c, 0x00, 0xff};
+ 0x2c};
#endif
const int expected_extensions[] = {
+ 65281,
#ifndef OPENSSL_NO_EC
11, 10,
#endif
@@ -3375,6 +3375,16 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
static int artificial_ticket_time = 0;
+static int sub_session_time(SSL_SESSION *sess)
+{
+ OSSL_TIME tick_time;
+
+ tick_time = ossl_time_from_time_t(SSL_SESSION_get_time_ex(sess));
+ tick_time = ossl_time_subtract(tick_time, ossl_seconds2time(10));
+
+ return SSL_SESSION_set_time_ex(sess, ossl_time_to_time_t(tick_time)) != 0;
+}
+
static int ed_gen_cb(SSL *s, void *arg)
{
SSL_SESSION *sess = SSL_get0_session(s);
@@ -3390,10 +3400,7 @@ static int ed_gen_cb(SSL *s, void *arg)
return 1;
artificial_ticket_time--;
- if (SSL_SESSION_set_time_ex(sess, SSL_SESSION_get_time_ex(sess) - 10) == 0)
- return 0;
-
- return 1;
+ return sub_session_time(sess);
}
/*
@@ -3493,8 +3500,7 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
* gave it on the server side
*/
if (artificial
- && !TEST_time_t_gt(SSL_SESSION_set_time_ex(*sess,
- SSL_SESSION_get_time_ex(*sess) - 10), 0))
+ && !TEST_true(sub_session_time(*sess)))
return 0;
if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
@@ -3505,6 +3511,25 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
return 1;
}
+static int check_early_data_timeout(OSSL_TIME timer)
+{
+ int res = 0;
+
+ /*
+ * Early data is time sensitive. We have an approx 8 second allowance
+ * between writing the early data and reading it. If we exceed that time
+ * then this test will fail. This can sometimes (rarely) occur in normal CI
+ * operation. We can try and detect this and just ignore the result of this
+ * test if it has taken too long. We assume anything over 7 seconds is too
+ * long
+ */
+ timer = ossl_time_subtract(ossl_time_now(), timer);
+ if (ossl_time_compare(timer, ossl_seconds2time(7)) >= 0)
+ res = TEST_skip("Test took too long, ignoring result");
+
+ return res;
+}
+
static int test_early_data_read_write(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
@@ -3514,6 +3539,7 @@ static int test_early_data_read_write(int idx)
unsigned char buf[20], data[1024];
size_t readbytes, written, eoedlen, rawread, rawwritten;
BIO *rbio;
+ OSSL_TIME timer;
/* Artificially give the next 2 tickets some age for non PSK sessions */
if (idx != 2)
@@ -3527,13 +3553,20 @@ static int test_early_data_read_write(int idx)
artificial_ticket_time = 0;
/* Write and read some early data */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
- || !TEST_size_t_eq(written, strlen(MSG1))
- || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
- sizeof(buf), &readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
+ || !TEST_size_t_eq(written, strlen(MSG1)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
+ &readbytes),
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED))
goto end;
@@ -3750,6 +3783,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt)
SSL_SESSION *sess = NULL;
size_t readbytes, written;
unsigned char buf[20];
+ OSSL_TIME timer;
allow_ed_cb_called = 0;
@@ -3804,6 +3838,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt)
goto end;
/* Write and read some early data */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1)))
@@ -3824,8 +3859,11 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt)
/* In this case the callback decides to accept the early data */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+ if (!TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
/*
* Server will have sent its flight so client can now send
* end of early data and complete its half of the handshake
@@ -3877,7 +3915,13 @@ static const char *ciphersuites[] = {
"TLS_AES_256_GCM_SHA384",
"TLS_AES_128_CCM_SHA256",
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
- "TLS_CHACHA20_POLY1305_SHA256"
+ "TLS_CHACHA20_POLY1305_SHA256",
+#else
+ NULL,
+#endif
+#if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ "TLS_SHA256_SHA256",
+ "TLS_SHA384_SHA384"
#endif
};
@@ -3898,16 +3942,19 @@ static int early_data_skip_helper(int testtype, int cipher, int idx)
unsigned char buf[20];
size_t readbytes, written;
- if (is_fips && cipher == 4)
+ if (is_fips && cipher >= 4)
return 1;
+ if (ciphersuites[cipher] == NULL)
+ return TEST_skip("Cipher not supported");
+
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
- if (cipher == 0) {
+ if (cipher == 0 || cipher == 5 || cipher == 6) {
SSL_CTX_set_security_level(sctx, 0);
SSL_CTX_set_security_level(cctx, 0);
}
@@ -3918,8 +3965,9 @@ static int early_data_skip_helper(int testtype, int cipher, int idx)
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, idx,
- cipher == 2 ? SHA384_DIGEST_LENGTH
- : SHA256_DIGEST_LENGTH)))
+ (cipher == 2 || cipher == 6)
+ ? SHA384_DIGEST_LENGTH
+ : SHA256_DIGEST_LENGTH)))
goto end;
if (testtype == 1 || testtype == 2) {
@@ -4342,13 +4390,19 @@ static int test_early_data_psk(int idx)
|| !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
goto end;
} else {
+ OSSL_TIME timer = ossl_time_now();
+
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
- &readbytes), readearlyres)
- || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS
+ &readbytes), readearlyres)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if ((readearlyres == SSL_READ_EARLY_DATA_SUCCESS
&& !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
|| !TEST_int_eq(SSL_connect(clientssl), connectres))
@@ -4370,12 +4424,14 @@ static int test_early_data_psk(int idx)
}
/*
- * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites
+ * Test TLSv1.3 PSK can be used to send early_data with all 7 ciphersuites
* idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256
* idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384
* idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
* idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256
* idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256
+ * idx == 5: Test with TLS1_3_RFC_SHA256_SHA256
+ * idx == 6: Test with TLS1_3_RFC_SHA384_SHA384
*/
static int test_early_data_psk_with_all_ciphers(int idx)
{
@@ -4386,6 +4442,7 @@ static int test_early_data_psk_with_all_ciphers(int idx)
unsigned char buf[20];
size_t readbytes, written;
const SSL_CIPHER *cipher;
+ OSSL_TIME timer;
const char *cipher_str[] = {
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_RFC_AES_256_GCM_SHA384,
@@ -4395,7 +4452,14 @@ static int test_early_data_psk_with_all_ciphers(int idx)
NULL,
# endif
TLS1_3_RFC_AES_128_CCM_SHA256,
- TLS1_3_RFC_AES_128_CCM_8_SHA256
+ TLS1_3_RFC_AES_128_CCM_8_SHA256,
+# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ TLS1_3_RFC_SHA256_SHA256,
+ TLS1_3_RFC_SHA384_SHA384
+#else
+ NULL,
+ NULL
+#endif
};
const unsigned char *cipher_bytes[] = {
TLS13_AES_128_GCM_SHA256_BYTES,
@@ -4406,13 +4470,23 @@ static int test_early_data_psk_with_all_ciphers(int idx)
NULL,
# endif
TLS13_AES_128_CCM_SHA256_BYTES,
- TLS13_AES_128_CCM_8_SHA256_BYTES
+ TLS13_AES_128_CCM_8_SHA256_BYTES,
+# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ TLS13_SHA256_SHA256_BYTES,
+ TLS13_SHA384_SHA384_BYTES
+#else
+ NULL,
+ NULL
+#endif
};
if (cipher_str[idx] == NULL)
return 1;
- /* Skip ChaCha20Poly1305 as currently FIPS module does not support it */
- if (idx == 2 && is_fips == 1)
+ /*
+ * Skip ChaCha20Poly1305 and TLS_SHA{256,384}_SHA{256,384} ciphers
+ * as currently FIPS module does not support them.
+ */
+ if ((idx == 2 || idx == 5 || idx == 6) && is_fips == 1)
return 1;
/* We always set this up with a final parameter of "2" for PSK */
@@ -4421,8 +4495,11 @@ static int test_early_data_psk_with_all_ciphers(int idx)
SHA384_DIGEST_LENGTH)))
goto end;
- if (idx == 4) {
- /* CCM8 ciphers are considered low security due to their short tag */
+ if (idx == 4 || idx == 5 || idx == 6) {
+ /*
+ * CCM8 ciphers are considered low security due to their short tag.
+ * Integrity-only cipher do not provide any confidentiality.
+ */
SSL_set_security_level(clientssl, 0);
SSL_set_security_level(serverssl, 0);
}
@@ -4443,14 +4520,19 @@ static int test_early_data_psk_with_all_ciphers(int idx)
goto end;
SSL_set_connect_state(clientssl);
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_int_eq(SSL_connect(clientssl), 1)
@@ -4898,10 +4980,14 @@ static int test_key_exchange(int idx)
break;
# ifndef OPENSSL_NO_ECX
case 4:
+ if (is_fips)
+ return TEST_skip("X25519 might not be supported by fips provider.");
kexch_alg = NID_X25519;
kexch_name0 = "x25519";
break;
case 5:
+ if (is_fips)
+ return TEST_skip("X448 might not be supported by fips provider.");
kexch_alg = NID_X448;
kexch_name0 = "x448";
break;
@@ -5120,6 +5206,9 @@ static int test_negotiated_group(int idx)
else
expectednid = kexch_alg;
+ if (is_fips && (kexch_alg == NID_X25519 || kexch_alg == NID_X448))
+ return TEST_skip("X25519 and X448 might not be available in fips provider.");
+
if (!istls13)
max_version = TLS1_2_VERSION;
@@ -5268,7 +5357,12 @@ static int test_tls13_ciphersuite(int idx)
# endif
/* CCM8 ciphers are considered low security due to their short tag */
{ TLS1_3_RFC_AES_128_CCM_8_SHA256
- ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 }
+ ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 },
+# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ /* Integrity-only cipher do not provide any confidentiality */
+ { TLS1_3_RFC_SHA256_SHA256, 0, 1 },
+ { TLS1_3_RFC_SHA384_SHA384, 0, 1 }
+# endif
};
const char *t13_cipher = NULL;
const char *t12_cipher = NULL;
@@ -7766,6 +7860,7 @@ static int test_info_callback(int tst)
SSL_SESSION *sess = NULL;
size_t written, readbytes;
unsigned char buf[80];
+ OSSL_TIME timer;
/* early_data tests */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
@@ -7780,13 +7875,20 @@ static int test_info_callback(int tst)
sslapi_info_callback);
/* Write and read some early data and then complete the connection */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
- || !TEST_size_t_eq(written, strlen(MSG1))
- || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
- sizeof(buf), &readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
+ || !TEST_size_t_eq(written, strlen(MSG1)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf,
+ sizeof(buf), &readbytes),
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
@@ -10063,6 +10165,94 @@ static int test_ssl_dup(void)
return testresult;
}
+static int secret_cb(SSL *s, void *secretin, int *secret_len,
+ STACK_OF(SSL_CIPHER) *peer_ciphers,
+ const SSL_CIPHER **cipher, void *arg)
+{
+ int i;
+ unsigned char *secret = secretin;
+
+ /* Just use a fixed master secret */
+ for (i = 0; i < *secret_len; i++)
+ secret[i] = 0xff;
+
+ /* We don't set a preferred cipher */
+
+ return 1;
+}
+
+/*
+ * Test the session_secret_cb which is designed for use with EAP-FAST
+ */
+static int test_session_secret_cb(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ SSL_SESSION *secret_sess = NULL;
+ int testresult = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ 0,
+ 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ /* Create an initial connection and save the session */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ /* session_secret_cb does not support TLSv1.3 */
+ if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_ptr(secret_sess = SSL_get1_session(clientssl)))
+ goto end;
+
+ shutdown_ssl_connection(serverssl, clientssl);
+ serverssl = clientssl = NULL;
+
+ /* Resume the earlier session */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ /*
+ * No session ids for EAP-FAST - otherwise the state machine gets very
+ * confused.
+ */
+ if (!TEST_true(SSL_SESSION_set1_id(secret_sess, NULL, 0)))
+ goto end;
+
+ if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_session_secret_cb(serverssl, secret_cb,
+ NULL))
+ || !TEST_true(SSL_set_session_secret_cb(clientssl, secret_cb,
+ NULL))
+ || !TEST_true(SSL_set_session(clientssl, secret_sess)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_SESSION_free(secret_sess);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
# ifndef OPENSSL_NO_DH
static EVP_PKEY *tmp_dh_params = NULL;
@@ -12006,7 +12196,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_early_data_skip_abort, OSSL_NELEM(ciphersuites) * 3);
ADD_ALL_TESTS(test_early_data_not_sent, 3);
ADD_ALL_TESTS(test_early_data_psk, 8);
- ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5);
+ ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 7);
ADD_ALL_TESTS(test_early_data_not_expected, 3);
# ifndef OPENSSL_NO_TLS1_2
ADD_ALL_TESTS(test_early_data_tls1_2, 3);
@@ -12086,6 +12276,7 @@ int setup_tests(void)
#endif
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_ssl_dup);
+ ADD_TEST(test_session_secret_cb);
# ifndef OPENSSL_NO_DH
ADD_ALL_TESTS(test_set_tmp_dh, 11);
ADD_ALL_TESTS(test_dh_auto, 7);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-27 02:56:55 +0000