diff options
Diffstat (limited to 'test/sslapitest.c')
-rw-r--r-- | test/sslapitest.c | 121 |
1 files changed, 66 insertions, 55 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 51d1bdd8de..7cae297a17 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -39,6 +39,16 @@ #include "internal/ktls.h" #include "../ssl/ssl_local.h" +#undef OSSL_NO_USABLE_TLS1_3 +#if defined(OPENSSL_NO_TLS1_3) \ + || (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH)) +/* + * If we don't have ec or dh then there are no built-in groups that are usable + * with TLSv1.3 + */ +# define OSSL_NO_USABLE_TLS1_3 +#endif + /* Defined in filterprov.c */ OSSL_provider_init_fn filter_provider_init; int filter_provider_set_filter(int operation, const char *name); @@ -52,7 +62,7 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle, static OSSL_LIB_CTX *libctx = NULL; static OSSL_PROVIDER *defctxnull = NULL; -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 static SSL_SESSION *clientpsk = NULL; static SSL_SESSION *serverpsk = NULL; @@ -351,7 +361,7 @@ static int test_keylog_output(char *buffer, const SSL *ssl, return 1; } -#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) +#if !defined(OPENSSL_NO_TLS1_2) || defined(OSSL_NO_USABLE_TLS1_3) static int test_keylog(void) { SSL_CTX *cctx = NULL, *sctx = NULL; @@ -432,7 +442,7 @@ end: } #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 static int test_keylog_no_master_key(void) { SSL_CTX *cctx = NULL, *sctx = NULL; @@ -957,7 +967,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth, } #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_KTLS) && \ - !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_TLS1_2)) + !(defined(OSSL_NO_USABLE_TLS1_3) && defined(OPENSSL_NO_TLS1_2)) #define TLS_CIPHER_MAX_REC_SEQ_SIZE 8 /* sock must be connected */ static int ktls_chk_platform(int sock) @@ -1272,14 +1282,14 @@ end: return testresult; } -#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) static int test_ktls(int test) { int cis_ktls_tx, cis_ktls_rx, sis_ktls_tx, sis_ktls_rx; int tlsver, testresult; if (test > 15) { -#if defined(OPENSSL_NO_TLS1_3) +#if defined(OSSL_NO_USABLE_TLS1_3) return 1; #else test -= 16; @@ -1302,7 +1312,7 @@ static int test_ktls(int test) if (cis_ktls_rx || sis_ktls_rx) return 1; #endif -#if !defined(OPENSSL_NO_TLS1_3) +#if !defined(OSSL_NO_USABLE_TLS1_3) if (tlsver == TLS1_3_VERSION && (cis_ktls_rx || sis_ktls_rx)) return 1; #endif @@ -1332,7 +1342,7 @@ static int test_ktls_sendfile_anytls(int tst) int tlsver; if (tst > 2) { -#if defined(OPENSSL_NO_TLS1_3) +#if defined(OSSL_NO_USABLE_TLS1_3) return 1; #else tst -= 3; @@ -1481,7 +1491,7 @@ static int test_cleanse_plaintext(void) #endif -#if !defined(OPENSSL_NO_TLS1_3) +#if !defined(OSSL_NO_USABLE_TLS1_3) if (!TEST_true(execute_cleanse_plaintext(TLS_server_method(), TLS_client_method(), TLS1_3_VERSION, @@ -1676,7 +1686,7 @@ static int test_tlsext_status_type(void) } #endif -#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) +#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) static int new_called, remove_called, get_called; static int new_session_cb(SSL *ssl, SSL_SESSION *sess) @@ -1992,11 +2002,11 @@ static int execute_test_session(int maxprot, int use_int_cache, return testresult; } -#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */ +#endif /* !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */ static int test_session_with_only_int_cache(void) { -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 if (!execute_test_session(TLS1_3_VERSION, 1, 0, 0)) return 0; #endif @@ -2010,7 +2020,7 @@ static int test_session_with_only_int_cache(void) static int test_session_with_only_ext_cache(void) { -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 if (!execute_test_session(TLS1_3_VERSION, 0, 1, 0)) return 0; #endif @@ -2024,7 +2034,7 @@ static int test_session_with_only_ext_cache(void) static int test_session_with_both_cache(void) { -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 if (!execute_test_session(TLS1_3_VERSION, 1, 1, 0)) return 0; #endif @@ -2038,7 +2048,7 @@ static int test_session_with_both_cache(void) static int test_session_wo_ca_names(void) { -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 if (!execute_test_session(TLS1_3_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES)) return 0; #endif @@ -2051,7 +2061,7 @@ static int test_session_wo_ca_names(void) } -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 static SSL_SESSION *sesscache[6]; static int do_cache; @@ -2492,7 +2502,7 @@ static int test_extra_tickets(int idx) #define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) #define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2) -#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) +#if !defined(OSSL_NO_USABLE_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2) #else # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0 @@ -2721,7 +2731,7 @@ static int test_ssl_bio_change_wbio(void) return execute_test_ssl_bio(0, CHANGE_WBIO); } -#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) +#if !defined(OPENSSL_NO_TLS1_2) || defined(OSSL_NO_USABLE_TLS1_3) typedef struct { /* The list of sig algs */ const int *list; @@ -2852,7 +2862,7 @@ static int test_set_sigalgs(int idx) } #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 static int psk_client_cb_cnt = 0; static int psk_server_cb_cnt = 0; @@ -5048,7 +5058,7 @@ static int test_stateless(void) return testresult; } -#endif /* OPENSSL_NO_TLS1_3 */ +#endif /* OSSL_NO_USABLE_TLS1_3 */ static int clntaddoldcb = 0; static int clntparseoldcb = 0; @@ -5183,7 +5193,7 @@ static int test_custom_exts(int tst) SSL_SESSION *sess = NULL; unsigned int context; -#if defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3) +#if defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3) /* Skip tests for TLSv1.2 and below in this case */ if (tst < 3) return 1; @@ -5478,7 +5488,7 @@ static int test_export_key_mat(int tst) if (tst == 2) return 1; #endif -#ifdef OPENSSL_NO_TLS1_3 +#ifdef OSSL_NO_USABLE_TLS1_3 if (tst >= 3) return 1; #endif @@ -5604,7 +5614,7 @@ static int test_export_key_mat(int tst) return testresult; } -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 /* * Test that SSL_export_keying_material_early() produces expected * results. There are no test vectors so all we do is test that both @@ -5823,7 +5833,7 @@ static int test_key_update_in_write(int tst) return testresult; } -#endif /* OPENSSL_NO_TLS1_3 */ +#endif /* OSSL_NO_USABLE_TLS1_3 */ static int test_ssl_clear(int idx) { @@ -5942,14 +5952,15 @@ static const unsigned char max_fragment_len_test[] = { static int test_max_fragment_len_ext(int idx_tst) { - SSL_CTX *ctx; + SSL_CTX *ctx = NULL; SSL *con = NULL; int testresult = 0, MFL_mode = 0; BIO *rbio, *wbio; - ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method()); - if (!TEST_ptr(ctx)) - goto end; + if (!TEST_true(create_ssl_ctx_pair(libctx, NULL, TLS_client_method(), + TLS1_VERSION, 0, NULL, &ctx, NULL, + NULL))) + return 0; if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length( ctx, max_fragment_len_test[idx_tst]))) @@ -5968,7 +5979,6 @@ static int test_max_fragment_len_ext(int idx_tst) } SSL_set_bio(con, rbio, wbio); - SSL_set_connect_state(con); if (!TEST_int_le(SSL_connect(con), 0)) { /* This shouldn't succeed because we don't have a server! */ @@ -5990,7 +6000,7 @@ end: return testresult; } -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 static int test_pha_key_update(void) { SSL_CTX *cctx = NULL, *sctx = NULL; @@ -6432,7 +6442,7 @@ static int test_info_callback(int tst) return 1; #endif } else { -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 tlsvers = TLS1_3_VERSION; #else return 1; @@ -6444,7 +6454,7 @@ static int test_info_callback(int tst) info_cb_this_state = -1; info_cb_offset = tst; -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 if (tst >= 4) { SSL_SESSION *sess = NULL; size_t written, readbytes; @@ -6603,7 +6613,7 @@ static struct { * We can't establish a connection (even in TLSv1.1) with these ciphersuites if * TLSv1.3 is enabled but TLSv1.2 is disabled. */ -#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) +#if defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) { TLS1_2_VERSION, "AES128-SHA:AES256-SHA", @@ -6649,7 +6659,7 @@ static struct { * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be * enabled. */ -#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \ +#if !defined(OSSL_NO_USABLE_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \ && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) { TLS1_3_VERSION, @@ -6662,7 +6672,7 @@ static struct { "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA" }, #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 { TLS1_3_VERSION, "AES128-SHA", @@ -6907,7 +6917,7 @@ static int test_ticket_callbacks(int tst) if (tst % 2 == 0) return 1; #endif -#ifdef OPENSSL_NO_TLS1_3 +#ifdef OSSL_NO_USABLE_TLS1_3 if (tst % 2 == 1) return 1; #endif @@ -7124,7 +7134,7 @@ static int test_shutdown(int tst) if (tst <= 1) return 1; #endif -#ifdef OPENSSL_NO_TLS1_3 +#ifdef OSSL_NO_USABLE_TLS1_3 if (tst >= 2) return 1; #endif @@ -7259,7 +7269,7 @@ static int test_shutdown(int tst) return testresult; } -#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) static int cert_cb_cnt; static int cert_cb(SSL *s, void *arg) @@ -7440,7 +7450,7 @@ static int test_cert_cb(int tst) #ifndef OPENSSL_NO_TLS1_2 testresult &= test_cert_cb_int(TLS1_2_VERSION, tst); #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 testresult &= test_cert_cb_int(TLS1_3_VERSION, tst); #endif @@ -7498,7 +7508,7 @@ static int test_client_cert_cb(int tst) if (tst == 0) return 1; #endif -#ifdef OPENSSL_NO_TLS1_3 +#ifdef OSSL_NO_USABLE_TLS1_3 if (tst == 1) return 1; #endif @@ -7537,7 +7547,7 @@ static int test_client_cert_cb(int tst) return testresult; } -#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) /* * Test setting certificate authorities on both client and server. * @@ -7664,7 +7674,7 @@ static int test_ca_names(int tst) #ifndef OPENSSL_NO_TLS1_2 testresult &= test_ca_names_int(TLS1_2_VERSION, tst); #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 testresult &= test_ca_names_int(TLS1_3_VERSION, tst); #endif @@ -7794,7 +7804,7 @@ static int test_servername(int tst) if (tst <= 4) return 1; #endif -#ifdef OPENSSL_NO_TLS1_3 +#ifdef OSSL_NO_USABLE_TLS1_3 if (tst >= 5) return 1; #endif @@ -7925,7 +7935,7 @@ static int test_servername(int tst) } #if !defined(OPENSSL_NO_EC) \ - && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) + && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) /* * Test that if signature algorithms are not available, then we do not offer or * accept them. @@ -8062,10 +8072,11 @@ static int test_sigalgs_available(int idx) } #endif /* * !defined(OPENSSL_NO_EC) \ - * && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) + * && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) */ #ifndef OPENSSL_NO_TLS1_3 +/* This test can run in TLSv1.3 even if ec and dh are disabled */ static int test_pluggable_group(int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; @@ -8489,7 +8500,7 @@ static int test_dh_auto(int idx) # endif /* OPENSSL_NO_DH */ #endif /* OPENSSL_NO_TLS1_2 */ -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 /* * Test that setting an SNI callback works with TLSv1.3. Specifically we check * that it works even without a certificate configured for the original @@ -8667,7 +8678,7 @@ int setup_tests(void) goto err; #if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK) -# if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) +# if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) ADD_ALL_TESTS(test_ktls, 32); ADD_ALL_TESTS(test_ktls_sendfile_anytls, 6); # endif @@ -8685,7 +8696,7 @@ int setup_tests(void) ADD_TEST(test_session_with_only_ext_cache); ADD_TEST(test_session_with_both_cache); ADD_TEST(test_session_wo_ca_names); -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 ADD_ALL_TESTS(test_stateful_tickets, 3); ADD_ALL_TESTS(test_stateless_tickets, 3); ADD_TEST(test_psk_tickets); @@ -8696,11 +8707,11 @@ int setup_tests(void) ADD_TEST(test_ssl_bio_pop_ssl_bio); ADD_TEST(test_ssl_bio_change_rbio); ADD_TEST(test_ssl_bio_change_wbio); -#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) +#if !defined(OPENSSL_NO_TLS1_2) || defined(OSSL_NO_USABLE_TLS1_3) ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2); ADD_TEST(test_keylog); #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 ADD_TEST(test_keylog_no_master_key); #endif ADD_TEST(test_client_cert_verify_cb); @@ -8709,7 +8720,7 @@ int setup_tests(void) ADD_TEST(test_no_ems); ADD_TEST(test_ccs_change_cipher); #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 ADD_ALL_TESTS(test_early_data_read_write, 3); /* * We don't do replay tests for external PSK. Replay protection isn't used @@ -8728,7 +8739,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_early_data_tls1_2, 3); # endif #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 ADD_ALL_TESTS(test_set_ciphersuite, 10); ADD_TEST(test_ciphersuite_change); ADD_ALL_TESTS(test_tls13_ciphersuite, 4); @@ -8752,7 +8763,7 @@ int setup_tests(void) #endif ADD_ALL_TESTS(test_serverinfo, 8); ADD_ALL_TESTS(test_export_key_mat, 6); -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 ADD_ALL_TESTS(test_export_key_mat_early, 3); ADD_TEST(test_key_update); ADD_ALL_TESTS(test_key_update_in_write, 2); @@ -8776,7 +8787,7 @@ int setup_tests(void) #endif ADD_ALL_TESTS(test_servername, 10); #if !defined(OPENSSL_NO_EC) \ - && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) + && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) ADD_ALL_TESTS(test_sigalgs_available, 6); #endif #ifndef OPENSSL_NO_TLS1_3 @@ -8789,7 +8800,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_dh_auto, 7); # endif #endif -#ifndef OPENSSL_NO_TLS1_3 +#ifndef OSSL_NO_USABLE_TLS1_3 ADD_TEST(test_sni_tls13); #endif return 1; |