Port multi-buffer tests

to succeed. All configured test expectations are verified against the second

handshake.

* ApplicationData - amount of application data bytes to send (integer, defaults

  to 256 bytes). Applies to both client and server. Application data is sent in

  64kB chunks (but limited by MaxFragmentSize and available parallelization, see

  below).

* MaxFragmentSize - maximum send fragment size (integer, defaults to 512 in

  tests - see `SSL_CTX_set_max_send_fragment` for documentation). Applies to

  both client and server. Lowering the fragment size will split handshake and

  application data up between more `SSL_write` calls, thus allowing to exercise

  different code paths. In particular, if the buffer size (64kB) is at least

  four times as large as the maximum fragment, interleaved multi-buffer crypto

  implementations may be used on some platforms.

### Test expectations

* ExpectedResult - expected handshake outcome. One of

 */

static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,

                                    SSL_CTX *client_ctx,

                                    const SSL_TEST_CTX *test,

                                    const SSL_TEST_EXTRA_CONF *extra,

                                    CTX_DATA *server_ctx_data,

                                    CTX_DATA *server2_ctx_data,

    unsigned char *ticket_keys;

    size_t ticket_key_len;

    TEST_check(SSL_CTX_set_max_send_fragment(server_ctx,

                                             test->max_fragment_size) == 1);

    if (server2_ctx != NULL) {

        TEST_check(SSL_CTX_set_max_send_fragment(server2_ctx,

                                                 test->max_fragment_size) == 1);

    }

    TEST_check(SSL_CTX_set_max_send_fragment(client_ctx,

                                             test->max_fragment_size) == 1);

    switch (extra->client.verify_callback) {

    case SSL_TEST_VERIFY_ACCEPT_ALL:

        SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb,

    return ret;

}

/*

 * Note that |extra| points to the correct client/server configuration

 * within |test_ctx|. When configuring the handshake, general mode settings

 * are taken from |test_ctx|, and client/server-specific settings should be

 * taken from |extra|.

 *

 * The configuration code should never reach into |test_ctx->extra| or

 * |test_ctx->resume_extra| directly.

 *

 * (We could refactor test mode settings into a substructure. This would result

 * in cleaner argument passing but would complicate the test configuration

 * parsing.)

 */

static HANDSHAKE_RESULT *do_handshake_internal(

    SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,

    const SSL_TEST_EXTRA_CONF *extra, int app_data_size,

    const SSL_TEST_CTX *test_ctx, const SSL_TEST_EXTRA_CONF *extra,

    SSL_SESSION *session_in, SSL_SESSION **session_out)

{

    PEER server, client;

    memset(&server, 0, sizeof(server));

    memset(&client, 0, sizeof(client));

    configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, extra,

    configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, extra,

                            &server_ctx_data, &server2_ctx_data, &client_ctx_data);

    /* Setup SSL and buffers; additional configuration happens below. */

    create_peer(&server, server_ctx);

    create_peer(&client, client_ctx);

    server.bytes_to_write = client.bytes_to_read = app_data_size;

    client.bytes_to_write = server.bytes_to_read = app_data_size;

    server.bytes_to_write = client.bytes_to_read = test_ctx->app_data_size;

    client.bytes_to_write = server.bytes_to_read = test_ctx->app_data_size;

    configure_handshake_ssl(server.ssl, client.ssl, extra);

    if (session_in != NULL) {

    SSL_SESSION *session = NULL;

    result = do_handshake_internal(server_ctx, server2_ctx, client_ctx,

                                   &test_ctx->extra, test_ctx->app_data_size,

                                   test_ctx, &test_ctx->extra,

                                   NULL, &session);

    if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE)

        goto end;

    HANDSHAKE_RESULT_free(result);

    /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */

    result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,

                                   &test_ctx->resume_extra, test_ctx->app_data_size,

                                   test_ctx, &test_ctx->resume_extra,

                                   session, NULL);

 end:

    SSL_SESSION_free(session);

# We hard-code the number of tests to double-check that the globbing above

# finds all files as expected.

plan tests => 12;  # = scalar @conf_srcs

plan tests => 13;  # = scalar @conf_srcs

# Some test results depend on the configuration of enabled protocols. We only

# verify generated sources in the default configuration.

  "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),

  "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),

  "12-ct.conf" => $no_tls || $no_ct || $no_ec,

  # We could run some of these tests without TLS 1.2 if we had a per-test

  # disable instruction but that's a bizarre configuration not worth

  # special-casing for.

  # We should review this once we have TLS 1.3.

  "13-fragmentation.conf" => disabled("tls1_2")

);

foreach my $conf (@conf_files) {

# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.

plan tests =>

    1				# For testss

    +7  			# For the first testssl

    +6  			# For the first testssl

    ;

subtest 'test_ss' => sub {

	     'test tls1 with SRP auth via BIO pair');

	}

    };

    subtest 'Multi-buffer tests' => sub {

	######################################################################

	plan tests => 2;

      SKIP: {

	  skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 2

	      if $no_anytls;

	  skip "skipping multi-buffer tests", 2

	      if (POSIX::uname())[4] ne "x86_64";

	  ok(run(test([@ssltest, "-cipher", "AES128-SHA",    "-bytes", "8m"])));

	  # We happen to know that AES128-SHA256 is TLSv1.2 only... for now.

	  skip "TLSv1.2 is not supported by this OpenSSL configuration", 1

	      if $no_tls1_2;

	  ok(run(test([@ssltest, "-cipher", "AES128-SHA256", "-bytes", "8m"])));

	}

    };

}

unlink $CAkey;

# Generated with generate_ssl_tests.pl

num_tests = 16

test-0 = 0-one-fragment-minus-app-data

test-1 = 1-one-fragment-app-data

test-2 = 2-one-fragment-plus-app-data

test-3 = 3-small-app-data

test-4 = 4-small-app-data-large-fragment-size

test-5 = 5-medium-app-data

test-6 = 6-medium-plus-app-data

test-7 = 7-large-app-data

test-8 = 8-large-app-data-large-fragment-size

test-9 = 9-large-app-data-odd-fragment-size

test-10 = 10-large-app-data-aes-sha1-multibuffer

test-11 = 11-large-app-data-aes-sha2-multibuffer

test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment

test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment

test-14 = 14-small-app-data-aes-sha1-multibuffer

test-15 = 15-small-app-data-aes-sha2-multibuffer

# ===========================================================

[0-one-fragment-minus-app-data]

ssl_conf = 0-one-fragment-minus-app-data-ssl

[0-one-fragment-minus-app-data-ssl]

server = 0-one-fragment-minus-app-data-server

client = 0-one-fragment-minus-app-data-client

[0-one-fragment-minus-app-data-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[0-one-fragment-minus-app-data-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-0]

ApplicationData = 511

# ===========================================================

[1-one-fragment-app-data]

ssl_conf = 1-one-fragment-app-data-ssl

[1-one-fragment-app-data-ssl]

server = 1-one-fragment-app-data-server

client = 1-one-fragment-app-data-client

[1-one-fragment-app-data-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[1-one-fragment-app-data-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-1]

ApplicationData = 512

# ===========================================================

[2-one-fragment-plus-app-data]

ssl_conf = 2-one-fragment-plus-app-data-ssl

[2-one-fragment-plus-app-data-ssl]

server = 2-one-fragment-plus-app-data-server

client = 2-one-fragment-plus-app-data-client

[2-one-fragment-plus-app-data-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[2-one-fragment-plus-app-data-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-2]

ApplicationData = 513

# ===========================================================

[3-small-app-data]

ssl_conf = 3-small-app-data-ssl

[3-small-app-data-ssl]

server = 3-small-app-data-server

client = 3-small-app-data-client

[3-small-app-data-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[3-small-app-data-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-3]

ApplicationData = 4097

# ===========================================================

[4-small-app-data-large-fragment-size]

ssl_conf = 4-small-app-data-large-fragment-size-ssl

[4-small-app-data-large-fragment-size-ssl]

server = 4-small-app-data-large-fragment-size-server

client = 4-small-app-data-large-fragment-size-client

[4-small-app-data-large-fragment-size-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[4-small-app-data-large-fragment-size-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-4]

ApplicationData = 4097

MaxFragmentSize = 16384

# ===========================================================

[5-medium-app-data]

ssl_conf = 5-medium-app-data-ssl

[5-medium-app-data-ssl]

server = 5-medium-app-data-server

client = 5-medium-app-data-client

[5-medium-app-data-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[5-medium-app-data-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-5]

ApplicationData = 32775

# ===========================================================

[6-medium-plus-app-data]

ssl_conf = 6-medium-plus-app-data-ssl

[6-medium-plus-app-data-ssl]

server = 6-medium-plus-app-data-server

client = 6-medium-plus-app-data-client

[6-medium-plus-app-data-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[6-medium-plus-app-data-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-6]

ApplicationData = 131069

# ===========================================================

[7-large-app-data]

ssl_conf = 7-large-app-data-ssl

[7-large-app-data-ssl]

server = 7-large-app-data-server

client = 7-large-app-data-client

[7-large-app-data-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[7-large-app-data-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-7]

ApplicationData = 1048576

# ===========================================================

[8-large-app-data-large-fragment-size]

ssl_conf = 8-large-app-data-large-fragment-size-ssl

[8-large-app-data-large-fragment-size-ssl]

server = 8-large-app-data-large-fragment-size-server

client = 8-large-app-data-large-fragment-size-client

[8-large-app-data-large-fragment-size-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[8-large-app-data-large-fragment-size-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-8]

ApplicationData = 1048576

MaxFragmentSize = 16384

# ===========================================================

[9-large-app-data-odd-fragment-size]

ssl_conf = 9-large-app-data-odd-fragment-size-ssl

[9-large-app-data-odd-fragment-size-ssl]

server = 9-large-app-data-odd-fragment-size-server

client = 9-large-app-data-odd-fragment-size-client

[9-large-app-data-odd-fragment-size-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[9-large-app-data-odd-fragment-size-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-9]

ApplicationData = 1048576

MaxFragmentSize = 5115

# ===========================================================

[10-large-app-data-aes-sha1-multibuffer]

ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl

[10-large-app-data-aes-sha1-multibuffer-ssl]

server = 10-large-app-data-aes-sha1-multibuffer-server

client = 10-large-app-data-aes-sha1-multibuffer-client

[10-large-app-data-aes-sha1-multibuffer-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[10-large-app-data-aes-sha1-multibuffer-client]

CipherString = AES128-SHA

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-10]

ApplicationData = 1048576

MaxFragmentSize = 4096

# ===========================================================

[11-large-app-data-aes-sha2-multibuffer]

ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl

[11-large-app-data-aes-sha2-multibuffer-ssl]

server = 11-large-app-data-aes-sha2-multibuffer-server

client = 11-large-app-data-aes-sha2-multibuffer-client

[11-large-app-data-aes-sha2-multibuffer-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[11-large-app-data-aes-sha2-multibuffer-client]

CipherString = AES128-SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-11]

ApplicationData = 1048576

MaxFragmentSize = 4096

# ===========================================================

[12-large-app-data-aes-sha1-multibuffer-odd-fragment]

ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl

[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl]

server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server

client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client

[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client]

CipherString = AES128-SHA

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-12]

ApplicationData = 1048579

MaxFragmentSize = 5115

# ===========================================================

[13-large-app-data-aes-sha2-multibuffer-odd-fragment]

ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl

[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl]

server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server

client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client

[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client]

CipherString = AES128-SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-13]

ApplicationData = 1048573

MaxFragmentSize = 5125

# ===========================================================

[14-small-app-data-aes-sha1-multibuffer]

ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl

[14-small-app-data-aes-sha1-multibuffer-ssl]

server = 14-small-app-data-aes-sha1-multibuffer-server

client = 14-small-app-data-aes-sha1-multibuffer-client

[14-small-app-data-aes-sha1-multibuffer-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[14-small-app-data-aes-sha1-multibuffer-client]

CipherString = AES128-SHA

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-14]

ApplicationData = 4096

MaxFragmentSize = 4096

# ===========================================================

[15-small-app-data-aes-sha2-multibuffer]

ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl

[15-small-app-data-aes-sha2-multibuffer-ssl]

server = 15-small-app-data-aes-sha2-multibuffer-server

client = 15-small-app-data-aes-sha2-multibuffer-client

[15-small-app-data-aes-sha2-multibuffer-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[15-small-app-data-aes-sha2-multibuffer-client]

CipherString = AES128-SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-15]

ApplicationData = 4096

MaxFragmentSize = 4096