aboutsummaryrefslogtreecommitdiffstats
path: root/test/sslapitest.c
Commit message (Collapse)AuthorAgeFilesLines
...
* Extend the SSL_set_bio() testsMatt Caswell2018-04-171-32/+95
| | | | | | | | | | The SSL_set_bio() tests only did standalone testing without being in the context of an actual connection. We extend this to do additional tests following a successful or failed connection attempt. This would have caught the issue fixed in the previous commit. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5966)
* Add a test for the info callbackMatt Caswell2018-04-171-0/+257
| | | | | | | Make sure the info callback gets called in all the places we expect it to. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
* Add a test for SRPMatt Caswell2018-04-131-1/+229
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5925)
* Add some tests for configuring the TLSv1.3 ciphersuitesMatt Caswell2018-04-041-0/+82
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5855)
* Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto versionRichard Levitte2018-03-191-43/+52
| | | | | | | | | Have all test programs using that function specify those versions. Additionally, have the remaining test programs that use SSL_CTX_new directly specify at least the maximum protocol version. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
* Fix no-pskMatt Caswell2018-03-191-0/+10
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5667)
* Add a test for 0RTT replay protectionMatt Caswell2018-03-191-0/+57
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
* Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3Matt Caswell2018-03-191-4/+9
| | | | | | | | | | | | | | Conceptually in TLSv1.3 there can be multiple sessions associated with a single connection. Each NewSessionTicket issued can be considered a separate session. We can end up issuing multiple NewSessionTickets on a single connection at the moment (e.g. in a post-handshake auth scenario). Each of those issued tickets should have the new_session_cb called, it should go into the session cache separately and it should have a unique id associated with it (so that they can be found individually in the cache). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
* Add code to run test, get malloc countsRich Salz2018-03-151-0/+17
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4528)
* Split configuration of TLSv1.3 ciphers from older ciphersMatt Caswell2018-03-141-11/+11
| | | | | | | | | | | | | | | | | | | With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
* Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cbBenjamin Saunders2018-03-121-2/+17
| | | | | | | | | | These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb, but used for the application-controlled portion of TLS1.3 stateless handshake cookies rather than entire DTLSv1 cookies. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5463)
* Give more information in the SSL_stateless return codeMatt Caswell2018-03-091-6/+26
| | | | | | | | | | Allow users to distinguish between an error occurring and an HRR being issued. Fixes #5549 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5562)
* Test the new PSK behaviourMatt Caswell2018-03-091-18/+154
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5554)
* Do not set a nonzero default max_early_dataBenjamin Kaduk2018-02-281-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When early data support was first added, this seemed like a good idea, as it would allow applications to just add SSL_read_early_data() calls as needed and have things "Just Work". However, for applications that do not use TLS 1.3 early data, there is a negative side effect. Having a nonzero max_early_data in a SSL_CTX (and thus, SSL objects derived from it) means that when generating a session ticket, tls_construct_stoc_early_data() will indicate to the client that the server supports early data. This is true, in that the implementation of TLS 1.3 (i.e., OpenSSL) does support early data, but does not necessarily indicate that the server application supports early data, when the default value is nonzero. In this case a well-intentioned client would send early data along with its resumption attempt, which would then be ignored by the server application, a waste of network bandwidth. Since, in order to successfully use TLS 1.3 early data, the application must introduce calls to SSL_read_early_data(), it is not much additional burden to require that the application also calls SSL_{CTX_,}set_max_early_data() in order to enable the feature; doing so closes this scenario where early data packets would be sent on the wire but ignored. Update SSL_read_early_data.pod accordingly, and make s_server and our test programs into applications that are compliant with the new requirements on applications that use early data. Fixes #4725 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5483)
* Clear some sslapitest global variables after useMatt Caswell2018-02-261-0/+1
| | | | | | | Otherwise we get a use after free if the test order is randomised. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5467)
* Export keying material using early exporter master secretTatsuhiro Tsujikawa2018-02-261-0/+82
| | | | | | | | | This commit adds SSL_export_keying_material_early() which exports keying material using early exporter master secret. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5252)
* Update copyright yearMatt Caswell2018-02-131-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fixes for no-tls1_2 and no-tls1_2-methodMatt Caswell2018-02-091-6/+18
| | | | | | | | The no-tls1_2 option does not work properly in conjunction with TLSv1.3 being enabled (which is now the default). This commit fixes the issues. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5301)
* Fix no-chacha and no-poly1305Matt Caswell2018-02-081-0/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5287)
* Add TLSv1.3 post-handshake authentication (PHA)Todd Short2018-02-011-0/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add SSL_verify_client_post_handshake() for servers to initiate PHA Add SSL_force_post_handshake_auth() for clients that don't have certificates initially configured, but use a certificate callback. Update SSL_CTX_set_verify()/SSL_set_verify() mode: * Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after the initial handshake. * Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless of when the certificate authentication takes place; either initial handshake, re-negotiation, or post-handshake authentication. Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options Add support to s_client: * Enabled automatically when cert is configured * Can be forced enabled via -force_pha Add support to s_server: * Use 'c' to invoke PHA in s_server * Remove some dead code Update documentation Update unit tests: * Illegal use of PHA extension * TLSv1.3 certificate tests DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is implemented, it's PHA support state machine may need to be different. Add a TODO and a #error Update handshake context to deal with PHA. The handshake context for TLSv1.3 post-handshake auth is up through the ClientFinish message, plus the CertificateRequest message. Subsequent Certificate, CertificateVerify, and Finish messages are based on this handshake context (not the Certificate message per se, but it's included after the hash). KeyUpdate, NewSessionTicket, and prior Certificate Request messages are not included in post-handshake authentication. After the ClientFinished message is processed, save off the digest state for future post-handshake authentication. When post-handshake auth occurs, copy over the saved handshake context into the "main" handshake digest. This effectively discards the any KeyUpdate or NewSessionTicket messages and any prior post-handshake authentication. This, of course, assumes that the ID-22 did not mean to include any previous post-handshake authentication into the new handshake transcript. This is implied by section 4.4.1 that lists messages only up to the first ClientFinished. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4964)
* Updates following review of SSL_stateless() codeMatt Caswell2018-01-241-6/+6
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
* Add some tests for the SSL_stateless() capabilityMatt Caswell2018-01-241-0/+90
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
* If a server is not acknowledging SNI then don't reject early_dataMatt Caswell2017-11-211-5/+6
| | | | | | | | | | | SNI needs to be consistent before we accept early_data. However a server may choose to not acknowledge SNI. In that case we have to expect that a client may send it anyway. We change the consistency checks so that not acknowledging is treated more a like a "wild card", accepting any SNI as being consistent. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4738)
* Iron out /WX errors in VC-WIN32.Andy Polyakov2017-11-171-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Implement Maximum Fragment Length TLS extension.FdaSilvaYY2017-11-051-0/+109
| | | | | | | | | Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/1008)
* Fix a bug in ALPN comparation code of a test casePaul Yang2017-10-161-1/+1
| | | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4497)
* Fix reading heap overflow in a test casePaul Yang2017-10-161-6/+7
| | | | | | | | Caught by AddressSanitizer Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4497)
* Add a test for setting initial SNI in CH but not using it with early_dataMatt Caswell2017-10-121-0/+10
| | | | | | | | | | Test for the bug where early_data is not accepted by the server when it does not have an SNI callback set up, but the client sent a servername in the initial ClientHello establishing the session. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4519)
* Introduce named constants for the ClientHello callback.David Benjamin2017-09-081-5/+5
| | | | | | | | It is otherwise unclear what all the magic numbers mean. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
* Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb.David Benjamin2017-09-081-10/+12
| | | | | | | | | "Early callback" is a little ambiguous now that early data exists. Perhaps "ClientHello callback"? Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
* Test for late client side detection of ALPN inconsistentiesMatt Caswell2017-08-311-56/+111
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
* Add some fixes for Travis failuresMatt Caswell2017-08-311-2/+2
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
* Add PSK early_data testsMatt Caswell2017-08-311-0/+171
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
* Add some PSK early_data testsMatt Caswell2017-08-311-94/+149
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
* Fix no-tls and no-tls1_2Matt Caswell2017-08-251-7/+8
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4257)
* Do not lookup zero-length session IDKazuki Yamaguchi2017-08-251-8/+20
| | | | | | | | | | A condition was removed by commit 1053a6e2281d; presumably it was an unintended change. Restore the previous behavior so the get_session_cb won't be called with zero-length session ID. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4236)
* Use "" not <> for internal/ includesRich Salz2017-08-221-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4217)
* Reorder extensions to put SigAlgs lastTodd Short2017-08-181-1/+1
| | | | | | | | | | | | | Force non-empty padding extension. When enabled, force the padding extension to be at least 1 byte long. WebSphere application server cannot handle having an empty extension (e.g. EMS/EtM) as the last extension in a client hello. This moves the SigAlgs extension last for TLSv1.2 to avoid this issue. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3921)
* Remove tests dependence on e_os.hPauli2017-08-181-1/+1
| | | | | | | | | | | | Apart from ssltest_old.c, the test suite relied on e_os.h for the OSSL_NELEM macro and nothing else. The ssltest_old.c also requires EXIT and some socket macros. Create a new header to define the OSSL_NELEM macro and use that instead. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4186)
* Fix some typo and commentsFdaSilvaYY2017-08-121-1/+1
| | | | | | | | [skip ci] Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4149)
* Fix memory leak in session cache testBenjamin Kaduk2017-08-091-4/+6
| | | | | | | | | | | | When we are using the internal cache we have to make a copy of the session before removing it from the parent context's cache, since we want our copy to still be resumable. However, SSL_CTX_remove_session() just detaches the session from the SSL_CTX; it does not free the session. So, we must call SSL_SESSION_free() ourselves before overwriting the variable that we dup'd from. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4126)
* Test server side session cachingMatt Caswell2017-08-091-28/+153
| | | | | | | In particular this covers the scenario mentioned in #4014 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4072)
* Simplify some of the sslapitest code.Pauli2017-08-021-79/+32
| | | | | | | | | Removing the use of SETUP_TEST_FIXTURE reduces complxity in those tests that used it. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4066)
* Add a test to check we get a new session even if s->hit is true in TLSv1.3Matt Caswell2017-08-011-20/+39
| | | | | | | | | In TLSv1.3 we can resume, but still get a new session. This adds a test to make sure that is happening. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4068)
* Update the test framework so that the need for test_main is removed. EverythingPauli2017-07-271-14/+8
| | | | | | | | | | | | | | | | | | | | that needed test_main now works using the same infrastructure as tests that used register_tests. This meant: * renaming register_tests to setup_tests and giving it a success/failure return. * renaming the init_test function to setup_test_framework. * renaming the finish_test function to pulldown_test_framework. * adding a user provided global_init function that runs before the test frame work is initialised. It returns a failure indication that stops the stest. * adding helper functions that permit tests to access their command line args. * spliting the BIO initialisation and finalisation out from the test setup and teardown. * hiding some of the now test internal functions. * fix the comments in testutil.h Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3953)
* Add a test for SSL_clear()Matt Caswell2017-07-181-0/+55
| | | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3954)
* Add a test for early_data when an HRR occursMatt Caswell2017-07-181-10/+47
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3933)
* The correct key length for a TLSv1.3 SHA384 ciphersuite is 48Matt Caswell2017-07-071-1/+2
| | | | | | | | Our test was using 32. The latest ticket nonce changes now validate this value and so sslapitest was failing. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
* Updates following review of SSL_export_key_material() changesMatt Caswell2017-06-291-23/+10
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3782)
* Add an SSL_export_keying_material() testMatt Caswell2017-06-291-0/+140
| | | | | | | | | There aren't any test vectors for this, so all we do is test that both sides of the communication create the same result for different protocol versions. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3782)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 10:11:22 +0000