Newer
Older
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
/* Continue writing the message we started earlier */
if (!SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)
|| written != strlen(MSG1)) {
printf("Failed writing message 1\n");
goto end;
}
if (!SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)
|| readbytes != strlen(MSG1)
|| memcmp(MSG1, buf, strlen(MSG1))) {
printf("Failed reading message 1\n");
goto end;
}
if (!SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
|| written != strlen(MSG2)) {
printf("Failed writing message 2\n");
goto end;
}
/*
* Should block due to the NewSessionTicket arrival unless we're using
* read_ahead
*/
if (idx == 0) {
if (SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) {
printf("Unexpected success reading message 2\n");
goto end;
}
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
}
if (!SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
|| readbytes != strlen(MSG2)
|| memcmp(MSG2, buf, strlen(MSG2))) {
printf("Failed reading message 2\n");
goto end;
}
testresult = 1;
end:
if(!testresult)
ERR_print_errors_fp(stdout);
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int test_early_data_not_expected(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess;
unsigned char buf[20];
size_t readbytes, written;
/*
* Test that a server that doesn't try to read early data can handle a
* client sending some.
*/
if (!setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl, &sess, idx))
if (!SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) {
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
printf("Unexpected failure writing message 1\n");
goto end;
}
/*
* Server should skip over early data and then block waiting for client to
* continue handshake
*/
if (SSL_accept(serverssl) > 0) {
printf("Unexpected success setting up server connection\n");
goto end;
}
if (SSL_connect(clientssl) <= 0) {
printf("Failed setting up client connection\n");
goto end;
}
if (SSL_get_early_data_status(serverssl) != SSL_EARLY_DATA_REJECTED) {
printf("Unexpected early data status\n");
goto end;
}
if (SSL_accept(serverssl) <= 0) {
printf("Failed setting up server connection\n");
goto end;
}
if (SSL_get_early_data_status(clientssl) != SSL_EARLY_DATA_REJECTED) {
printf("Unexpected early data status (2)\n");
goto end;
}
/* Send some normal data from client to server */
if (!SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)
|| written != strlen(MSG2)) {
printf("Failed writing message 2\n");
goto end;
}
if (!SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)
|| readbytes != strlen(MSG2)
|| memcmp(MSG2, buf, strlen(MSG2))) {
printf("Failed reading message 2\n");
goto end;
}
testresult = 1;
end:
if(!testresult)
ERR_print_errors_fp(stdout);
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
# ifndef OPENSSL_NO_TLS1_2
static int test_early_data_tls1_2(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
unsigned char buf[20];
size_t readbytes, written;
/*
* Test that a server attempting to read early data can handle a connection
* from a TLSv1.2 client.
*/
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
&cctx, cert, privkey)) {
printf("Unable to create SSL_CTX pair\n");
goto end;
}
/* When idx == 1 we repeat the tests with read_ahead set */
if (idx > 0) {
SSL_CTX_set_read_ahead(cctx, 1);
SSL_CTX_set_read_ahead(sctx, 1);
}
if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
printf("Unable to create SSL objects\n");
goto end;
}
/* Write some data - should block due to handshake with server */
SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
SSL_set_connect_state(clientssl);
if (SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)) {
printf("Unexpected success writing message 1\n");
goto end;
}
/*
* Server should do TLSv1.2 handshake. First it will block waiting for more
* messages from client after ServerDone. Then SSL_read_early_data should
* finish and detect that early data has not been sent
if (SSL_read_early_data(serverssl, buf, sizeof(buf), &readbytes)
!= SSL_READ_EARLY_DATA_ERROR) {
printf("Unexpected success reading early data\n");
goto end;
}
/*
* Continue writing the message we started earlier. Will still block waiting
* for the CCS/Finished from server
*/
if (SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)) {
printf("Unexpected success writing message 1\n");
goto end;
}
if (SSL_read_early_data(serverssl, buf, sizeof(buf), &readbytes)
!= SSL_READ_EARLY_DATA_FINISH
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
|| readbytes != 0) {
printf("Failed reading early data\n");
goto end;
}
if (SSL_get_early_data_status(serverssl) != SSL_EARLY_DATA_NOT_SENT) {
printf("Unexpected early data status\n");
goto end;
}
/* Continue writing the message we started earlier */
if (!SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)
|| written != strlen(MSG1)) {
printf("Failed writing message 1\n");
goto end;
}
if (SSL_get_early_data_status(clientssl) != SSL_EARLY_DATA_NOT_SENT) {
printf("Unexpected early data status (2)\n");
goto end;
}
if (!SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)
|| readbytes != strlen(MSG1)
|| memcmp(MSG1, buf, strlen(MSG1))) {
printf("Failed reading message 1\n");
goto end;
}
if (!SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
|| written != strlen(MSG2)) {
printf("Failed writing message 2\n");
goto end;
}
if (!SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
|| readbytes != strlen(MSG2)
|| memcmp(MSG2, buf, strlen(MSG2))) {
printf("Failed reading message 2\n");
goto end;
}
testresult = 1;
end:
if(!testresult)
ERR_print_errors_fp(stdout);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
# endif
#endif
int test_main(int argc, char *argv[])
if (argc != 3) {
printf("Invalid argument count\n");
}
cert = argv[1];
privkey = argv[2];
ADD_TEST(test_tlsext_status_type);
ADD_TEST(test_session_with_only_int_cache);
ADD_TEST(test_session_with_only_ext_cache);
ADD_TEST(test_session_with_both_cache);
ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
ADD_TEST(test_ssl_bio_pop_next_bio);
ADD_TEST(test_ssl_bio_pop_ssl_bio);
ADD_TEST(test_ssl_bio_change_rbio);
ADD_TEST(test_ssl_bio_change_wbio);
ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
ADD_TEST(test_keylog);
#ifndef OPENSSL_NO_TLS1_3
ADD_TEST(test_keylog_no_master_key);
#endif
ADD_ALL_TESTS(test_early_data_read_write, 2);
ADD_ALL_TESTS(test_early_data_skip, 2);
ADD_ALL_TESTS(test_early_data_not_sent, 2);
ADD_ALL_TESTS(test_early_data_not_expected, 2);
ADD_ALL_TESTS(test_early_data_tls1_2, 2);
testresult = run_tests(argv[0]);