Lines Matching +full:srp +full:- +full:capable
2 * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
26 #include <openssl/srp.h>
50 * If we don't have ec or dh then there are no built-in groups that are usable
56 /* Defined in tls-provider.c */
154 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) { in client_keylog_callback()
170 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) { in server_keylog_callback()
226 * hex-encoded encrypted secret, then the hex-encoded pre-master in test_keylog_output()
243 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded in test_keylog_output()
244 * client random, then the hex-encoded master secret. in test_keylog_output()
281 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded in test_keylog_output()
282 * client random, and then the hex-encoded secret. In this case, in test_keylog_output()
326 expected->rsa_key_exchange_count) in test_keylog_output()
328 expected->master_secret_count) in test_keylog_output()
330 expected->client_early_secret_count) in test_keylog_output()
332 expected->client_handshake_secret_count) in test_keylog_output()
334 expected->server_handshake_secret_count) in test_keylog_output()
336 expected->client_application_secret_count) in test_keylog_output()
338 expected->server_application_secret_count) in test_keylog_output()
340 expected->early_exporter_secret_count) in test_keylog_output()
342 expected->exporter_secret_count)) in test_keylog_output()
373 /* We also want to ensure that we use RSA-based key exchange. */ in test_keylog()
649 char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); in test_ssl_build_cert_chain()
677 return -1; in get_password_cb()
679 memcpy(buf, pass, sizeof(pass) - 1); in get_password_cb()
680 return sizeof(pass) - 1; in get_password_cb()
687 char *skey = test_mk_file_path(certsdir, "leaf-encrypted.key"); in test_ssl_ctx_build_cert_chain()
688 char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); in test_ssl_ctx_build_cert_chain()
768 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384")) in test_client_hello_cb()
774 * Passing a -1 literal is a hack since in test_client_hello_cb()
777 || !TEST_int_eq(SSL_get_error(serverssl, -1), in test_client_hello_cb()
840 * Very focused test to exercise a single case in the server-side state
866 || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) in test_ccs_change_cipher()
881 || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384:AES128-GCM-SHA256")) in test_ccs_change_cipher()
900 || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) in test_ccs_change_cipher()
904 || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")) in test_ccs_change_cipher()
1083 memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1084 memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1085 memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1086 memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1106 memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1107 memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1108 memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1109 memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1119 if (!BIO_get_ktls_send(clientssl->wbio)) { in ping_pong_query()
1129 if (!BIO_get_ktls_send(serverssl->wbio)) { in ping_pong_query()
1139 if (!BIO_get_ktls_recv(clientssl->wbio)) { in ping_pong_query()
1149 if (!BIO_get_ktls_recv(serverssl->wbio)) { in ping_pong_query()
1170 int cfd = -1, sfd = -1; in execute_test_ktls()
1187 /* Create a session based on SHA-256 */ in execute_test_ktls()
1227 if (!TEST_false(BIO_get_ktls_send(clientssl->wbio))) in execute_test_ktls()
1230 if (BIO_get_ktls_send(clientssl->wbio)) in execute_test_ktls()
1235 if (!TEST_false(BIO_get_ktls_send(serverssl->wbio))) in execute_test_ktls()
1238 if (BIO_get_ktls_send(serverssl->wbio)) in execute_test_ktls()
1248 if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) in execute_test_ktls()
1251 if (BIO_get_ktls_send(clientssl->rbio)) in execute_test_ktls()
1256 if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio))) in execute_test_ktls()
1259 if (BIO_get_ktls_send(serverssl->rbio)) in execute_test_ktls()
1286 if (cfd != -1) in execute_test_ktls()
1288 if (sfd != -1) in execute_test_ktls()
1303 int cfd = -1, sfd = -1, ffd, err; in execute_test_ktls_sendfile()
1326 /* Create a session based on SHA-256 */ in execute_test_ktls_sendfile()
1354 if (!BIO_get_ktls_send(serverssl->wbio)) { in execute_test_ktls_sendfile()
1378 chunk_size = min(SENDFILE_CHUNK, SENDFILE_SZ - chunk_off); in execute_test_ktls_sendfile()
1419 if (cfd != -1) in execute_test_ktls_sendfile()
1421 if (sfd != -1) in execute_test_ktls_sendfile()
1434 { TLS1_2_VERSION, "AES128-GCM-SHA256" },
1437 { TLS1_2_VERSION, "AES128-CCM"},
1440 { TLS1_2_VERSION, "AES256-GCM-SHA384"},
1444 { TLS1_2_VERSION, "ECDHE-RSA-CHACHA20-POLY1305"},
1478 return execute_test_ktls(cis_ktls, sis_ktls, cipher->tls_version, in test_ktls()
1479 cipher->cipher); in test_ktls()
1489 return execute_test_ktls_sendfile(cipher->tls_version, cipher->cipher); in test_ktls_sendfile()
1754 rr = serverssl->rlayer.rrec; in execute_cleanse_plaintext()
1755 zbuf = &rr->data[rr->off]; in execute_cleanse_plaintext()
1756 if (!TEST_int_eq(rr->length, sizeof(cbuf))) in execute_cleanse_plaintext()
1886 if (SSL_CTX_get_tlsext_status_type(cctx) != -1) in test_tlsext_status_type()
1892 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1) in test_tlsext_status_type()
1961 * We'll just use any old cert for this test - it doesn't have to be an OCSP in test_tlsext_status_type()
2010 * sess has been up-refed for us, but we don't actually need it so free it in new_session_cb()
2265 * SSL_CTX_remove_session() also marks the session as non-resumable. in execute_test_session()
2269 || !TEST_true(sess2->owner != NULL) in execute_test_session()
2270 || !TEST_true(tmp->owner == NULL) in execute_test_session()
2319 /* Don't care about results - cache should only be sess2 at end */ in execute_test_session()
2325 || !TEST_ptr(sess1->owner) in execute_test_session()
2326 || !TEST_ptr_null(sess2->owner)) in execute_test_session()
2497 /* After a post-handshake authentication we should get 1 new ticket */ in check_resumption()
2560 /* Stop caching sessions - just count them */ in test_tickets()
2591 /* After a post-handshake authentication we should get new tickets issued */ in test_tickets()
2602 /* Stop caching sessions - just count them */ in test_tickets()
2707 idx -= 3; in test_extra_tickets()
2783 * Use the always-retry BIO to exercise the logic that forces ticket in test_extra_tickets()
2812 /* Re-do the write; still no tickets sent */ in test_extra_tickets()
2901 * SSL_set_bio() functions correctly in the case where s->bbio is not NULL.
2923 idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS; in test_ssl_set_bio()
3155 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; in test_set_sigalgs()
3167 if (curr->list != NULL) in test_set_sigalgs()
3168 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen); in test_set_sigalgs()
3170 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr); in test_set_sigalgs()
3173 if (curr->valid) in test_set_sigalgs()
3179 if (!curr->valid) { in test_set_sigalgs()
3180 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx); in test_set_sigalgs()
3192 if (curr->list != NULL) in test_set_sigalgs()
3193 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen); in test_set_sigalgs()
3195 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr); in test_set_sigalgs()
3197 if (curr->valid) in test_set_sigalgs()
3203 if (!curr->valid) in test_set_sigalgs()
3209 curr->connsuccess)) in test_set_sigalgs()
3375 * Any ciphersuite using SHA256 will do - it will be compatible with in create_a_psk()
3504 timer = time(NULL) - timer; in check_early_data_timeout()
3623 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen, in test_early_data_read_write()
3625 || !TEST_size_t_eq(rawwritten, rawread - eoedlen)) in test_early_data_read_write()
3651 * post-handshake. We attempt reads which we do not expect to return any in test_early_data_read_write()
3747 * confopt == 0: Configure anti-replay directly
3748 * confopt == 1: Configure anti-replay using SSL_CONF
3778 if (!TEST_int_eq(SSL_CONF_cmd(confctx, "Options", "-AntiReplay"), in test_early_data_replay_int()
3941 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384"))) in early_data_skip_helper()
3956 if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20)))) in early_data_skip_helper()
4033 /* Connection has failed - nothing more to do */ in early_data_skip_helper()
4139 /* Write some data - should block due to handshake with server */ in test_early_data_not_sent()
4239 * it in a resumption handshake - so it is not actually possible for a in test_early_data_psk()
4277 * is associated with each handshake - not the session. Therefore it in test_early_data_psk()
4313 GOODALPNLEN - 1)) in test_early_data_psk()
4328 BADALPNLEN - 1)) in test_early_data_psk()
4331 GOODALPNLEN - 1)) in test_early_data_psk()
4339 connectres = -1; in test_early_data_psk()
4580 /* Write some data - should block due to handshake with server */ in test_early_data_tls1_2()
4641 * Test 1: Set a non-default ciphersuite in the SSL_CTX (no explicit cipher_list)
4643 * Test 3: Set a non-default ciphersuite in the SSL (no explicit cipher_list)
4645 * Test 5: Set a non-default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
4647 * Test 7: Set a non-default ciphersuite in the SSL (SSL_CTX cipher_list)
4649 * Test 9: Set a non-default ciphersuite in the SSL (SSL cipher_list)
4666 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384"))) in test_set_ciphersuite()
4688 if (!TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384"))) in test_set_ciphersuite()
4726 /* Create a session based on SHA-256 */ in test_ciphersuite_change()
4751 /* Check we can resume a session with a different SHA-256 ciphersuite */ in test_ciphersuite_change()
4771 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites in test_ciphersuite_change()
4823 clntsess->cipher = aes_128_gcm_sha256; in test_ciphersuite_change()
4824 clntsess->cipher_id = clntsess->cipher->id; in test_ciphersuite_change()
4827 * Continue the previously started connection. Server has selected a SHA-384 in test_ciphersuite_change()
4828 * ciphersuite, but client thinks the session is for SHA-256, so it should in test_ciphersuite_change()
5077 /*-
5120 idx -= numec; in test_negotiated_group()
5206 /*- in test_negotiated_group()
5214 idx--; in test_negotiated_group()
5556 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384"))) in test_tls13_psk()
5645 memcpy(cookie, cookie_magic_value, sizeof(cookie_magic_value) - 1); in generate_cookie_callback()
5646 *cookie_len = sizeof(cookie_magic_value) - 1; in generate_cookie_callback()
5654 if (cookie_len == sizeof(cookie_magic_value) - 1 in verify_cookie_callback()
5696 * This should fail with a -1 return because we have no callbacks in test_stateless()
5699 || !TEST_int_eq(SSL_stateless(serverssl), -1)) in test_stateless()
5787 return -1; in old_add_cb()
5814 return -1; in old_parse_cb()
5833 return -1; in new_add_cb()
5860 return -1; in new_parse_cb()
6155 const unsigned char *si = &serverinfo_custom_v1[len - 3]; in serverinfo_custom_parse_cb()
6317 sizeof(context) - 1, 1), 0)) in test_export_key_mat()
6332 sizeof(context) - 1, 1), 0)) in test_export_key_mat()
6346 sizeof(context) - 1, 1), 1) in test_export_key_mat()
6360 sizeof(context) -1, 1), in test_export_key_mat()
6452 sizeof(label) - 1, context, sizeof(context) - 1), 1) in test_export_key_mat_early()
6455 sizeof(label) - 1, emptycontext, 0), 1) in test_export_key_mat_early()
6458 sizeof(label) - 1, context, sizeof(context) - 1), 1) in test_export_key_mat_early()
6461 sizeof(label) - 1, emptycontext, 0), 1) in test_export_key_mat_early()
6597 if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1) in test_key_update_peer_in_write()
6605 /* Now read some data - we will read the key update */ in test_key_update_peer_in_write()
6606 if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1) in test_key_update_peer_in_write()
6680 || !TEST_int_eq(SSL_write(local, lwbuf, sizeof(lwbuf)), -1) in test_key_update_peer_in_read()
6681 || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE)) in test_key_update_peer_in_read()
6688 if (!TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), -1) in test_key_update_peer_in_read()
6689 || !TEST_int_eq(SSL_get_error(peer, -1), SSL_ERROR_WANT_READ)) in test_key_update_peer_in_read()
6692 /* Now write some data in peer - we will write the key update */ in test_key_update_peer_in_read()
6762 if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), -1) in test_key_update_local_in_write()
6763 || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE)) in test_key_update_local_in_write()
6787 * read data in peer - we will read the keyupdate msg in test_key_update_local_in_write()
6848 if (!TEST_int_eq(SSL_write(peer, pwbuf, sizeof(pwbuf)), -1) in test_key_update_local_in_read()
6849 || !TEST_int_eq(SSL_get_error(peer, -1), SSL_ERROR_WANT_WRITE)) in test_key_update_local_in_read()
6853 if (!TEST_int_eq(SSL_read(local, lrbuf, sizeof(lrbuf)), -1) in test_key_update_local_in_read()
6854 || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_READ)) in test_key_update_local_in_read()
6872 * read data in peer - we will read the key update in test_key_update_local_in_read()
6924 /* Clear clientssl - we're going to reuse the object */ in test_ssl_clear()
7003 /* Maximum-Fragment-Length TLS extension mode to test */
7141 if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v, in ssl_srp_cb()
7142 user->info) <= 0) { in ssl_srp_cb()
7224 lgN->N, lgN->g, libctx, NULL))) in create_new_vbase()
7231 user_pwd->N = lgN->N; in create_new_vbase()
7232 user_pwd->g = lgN->g; in create_new_vbase()
7233 user_pwd->id = OPENSSL_strdup(userid); in create_new_vbase()
7234 if (!TEST_ptr(user_pwd->id)) in create_new_vbase()
7237 user_pwd->v = verifier; in create_new_vbase()
7238 user_pwd->s = salt; in create_new_vbase()
7241 if (sk_SRP_user_pwd_insert(vbase->users_pwd, user_pwd, 0) == 0) in create_new_vbase()
7255 * SRP tests
7257 * Test 0: Simple successful SRP connection, new vbase
7259 * Test 2: Simple successful SRP connection, vbase loaded from existing file
7262 * Test 4: Simple successful SRP connection, vbase loaded from new file
7297 || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA")) in test_srp()
7340 static int info_cb_this_state = -1;
7512 info_cb_this_state = -1; in test_info_callback()
7671 || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes)) in test_ssl_pending()
7702 "AES128-SHA:AES256-SHA",
7704 "AES256-SHA:DHE-RSA-AES128-SHA",
7706 "AES256-SHA",
7707 "AES256-SHA"
7714 "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
7716 "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
7718 "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
7719 "AES128-SHA"
7724 "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA",
7726 "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA",
7728 "AES128-SHA:AES256-SHA",
7729 "AES128-SHA:AES256-SHA"
7733 "AES128-SHA:AES256-SHA",
7735 "AES128-SHA:DHE-RSA-AES128-SHA",
7737 "AES128-SHA",
7738 "AES128-SHA"
7749 "AES128-SHA:AES256-SHA",
7751 "AES256-SHA:AES128-SHA256",
7754 "TLS_AES_128_GCM_SHA256:AES256-SHA",
7755 "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA"
7761 "AES128-SHA",
7763 "AES256-SHA",
7786 * loaded into it. We run the same tests twice - once with the client side in int_test_ssl_get_shared_ciphers()
7924 if (tick_key_renew == -1) in tick_key_cb()
7927 aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL); in tick_key_cb()
7930 sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL); in tick_key_cb()
7943 ret = -1; in tick_key_cb()
7966 if (tick_key_renew == -1) in tick_key_evp_cb()
7969 aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL); in tick_key_evp_cb()
7982 ret = -1; in tick_key_evp_cb()
8041 tick_key_renew = -1; /* abort sending the ticket/0-length ticket */ in test_ticket_callbacks()
8080 * We only want sessions to resume from tickets - not the session cache. So in test_ticket_callbacks()
8136 || tick_key_renew == -1) { in test_ticket_callbacks()
8221 * Test bi-directional shutdown.
8366 if (!TEST_int_eq(SSL_shutdown(clientssl), -1) in test_shutdown()
8367 || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL)) in test_shutdown()
8398 return -1; in cert_cb()
8418 ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem"); in cert_cb()
8419 ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem"); in cert_cb()
8477 * Test 1: Success - no SSL_set_SSL_CTX() in the callback
8478 * Test 2: Success - SSL_set_SSL_CTX() in the callback
8479 * Test 3: Success - Call SSL_check_chain from the callback
8480 * Test 4: Failure - SSL_check_chain fails from callback due to bad cert in the
8482 * Test 5: Failure - SSL_check_chain fails from callback due to bad ee cert
8491 /* We use an EC cert in these tests, so we skip in a no-ec build */ in test_cert_cb_int()
8504 cert_cb_cnt = -1; in test_cert_cb_int()
8543 && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) { in test_cert_cb_int()
8685 -1, -1, 0))) in test_ca_names_int()
8796 "AES128-SHA",
8797 "AES128-SHA256",
8798 "AES256-SHA",
8799 "AES256-SHA256",
8802 /* Reduce the fragment size - so the multiblock test buffer can be small */
8809 "AES-128-CBC-HMAC-SHA1", in test_multiblock_write()
8810 "AES-128-CBC-HMAC-SHA256", in test_multiblock_write()
8811 "AES-256-CBC-HMAC-SHA1", in test_multiblock_write()
8812 "AES-256-CBC-HMAC-SHA256" in test_multiblock_write()
8824 * Choose a buffer large enough to perform a multi-block operation in test_multiblock_write()
8859 /* settings to force it to use AES-CBC-HMAC_SHA */ in test_multiblock_write()
8876 len -= readbytes; in test_multiblock_write()
8915 early->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; in test_session_timeout()
8916 memset(early->session_id, 1, SSL3_SSL_SESSION_ID_LENGTH); in test_session_timeout()
8917 middle->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; in test_session_timeout()
8918 memset(middle->session_id, 2, SSL3_SSL_SESSION_ID_LENGTH); in test_session_timeout()
8919 late->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; in test_session_timeout()
8920 memset(late->session_id, 3, SSL3_SSL_SESSION_ID_LENGTH); in test_session_timeout()
8928 if (!TEST_ptr(early->prev) in test_session_timeout()
8929 || !TEST_ptr(middle->prev) in test_session_timeout()
8930 || !TEST_ptr(late->prev)) in test_session_timeout()
8933 if (!TEST_int_ne(SSL_SESSION_set_time(early, now - 10), 0) in test_session_timeout()
8944 if (!TEST_ptr(early->prev) in test_session_timeout()
8945 || !TEST_ptr(middle->prev) in test_session_timeout()
8946 || !TEST_ptr(late->prev)) in test_session_timeout()
8950 if (!TEST_ptr_eq(late->next, middle) in test_session_timeout()
8951 || !TEST_ptr_eq(middle->next, early) in test_session_timeout()
8952 || !TEST_ptr_eq(early->prev, middle) in test_session_timeout()
8953 || !TEST_ptr_eq(middle->prev, late)) in test_session_timeout()
8957 SSL_CTX_flush_sessions(ctx, now + TIMEOUT - 1); in test_session_timeout()
8958 if (!TEST_ptr_null(early->prev) in test_session_timeout()
8959 || !TEST_ptr(middle->prev) in test_session_timeout()
8960 || !TEST_ptr(late->prev)) in test_session_timeout()
8965 if (!TEST_ptr_null(early->prev) in test_session_timeout()
8966 || !TEST_ptr_null(middle->prev) in test_session_timeout()
8967 || !TEST_ptr(late->prev)) in test_session_timeout()
8972 if (!TEST_ptr_null(early->prev) in test_session_timeout()
8973 || !TEST_ptr_null(middle->prev) in test_session_timeout()
8974 || !TEST_ptr_null(late->prev)) in test_session_timeout()
8984 if (!TEST_ptr(early->prev) in test_session_timeout()
8985 || !TEST_ptr(middle->prev) in test_session_timeout()
8986 || !TEST_ptr(late->prev)) in test_session_timeout()
8991 if (!TEST_ptr_null(early->prev) in test_session_timeout()
8992 || !TEST_ptr_null(middle->prev) in test_session_timeout()
8993 || !TEST_ptr_null(late->prev)) in test_session_timeout()
9000 now -= 10; in test_session_timeout()
9097 * internal cache - but we will return it anyway from our external cache. in test_session_cache_overflow()
9295 * Test 1: The client only has SHA2-256: only SHA2-256 algorithms shared
9296 * Test 2: The server only has SHA2-256: only SHA2-256 algorithms shared
9325 * Only enable SHA2-256 so rsa_pss_rsae_sha384 should not be offered in test_sigalgs_available()
9327 * *requires* SHA2-256 to be available so we cannot disable that. We in test_sigalgs_available()
9331 "SHA2-256:SHA1"))) in test_sigalgs_available()
9371 "ECDHE-RSA-AES128-GCM-SHA256"))) in test_sigalgs_available()
9375 "ECDHE-ECDSA-AES128-GCM-SHA256"))) in test_sigalgs_available()
9447 OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider"); in test_pluggable_group()
9734 || !TEST_true(SSL_set_cipher_list(serverssl, "DHE-RSA-AES128-SHA"))) in test_set_tmp_dh()
9771 const char *ciphersuite = "DHE-RSA-AES128-SHA"; in test_dh_auto()
9775 /* The FIPS provider doesn't support this DH size - so we ignore it */ in test_dh_auto()
9805 /* The FIPS provider doesn't support this DH size - so we ignore it */ in test_dh_auto()
9808 ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0"; in test_dh_auto()
9812 ciphersuite = "ADH-AES256-SHA256:@SECLEVEL=0"; in test_dh_auto()
10008 /* the set_alpn functions return 0 (false) on success, non-zero (true) on failure */ in test_set_alpn()
10303 * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not
10304 * support this yet. The only pipeline capable cipher that we have is in the
10357 if (!TEST_true(SSL_set_cipher_list(clientssl, "AES128-SHA"))) in test_pipelining()
10386 msglen -= 2; /* Send 2 less bytes */ in test_pipelining()
10388 msglen -= 12; /* Send 12 less bytes */ in test_pipelining()
10405 * (50 bytes in total). This is a ridiculously small number of bytes - in test_pipelining()
10422 * have been used - except in test 3 where only |numpipes - 1| pipelines in test_pipelining()
10423 * will be used. This will result in |numpipes| records (|numpipes - 1| for in test_pipelining()
10425 * expect this to be read in |numpipes| or |numpipes - 1| separate in test_pipelining()
10433 msglen - offset, &readbytes))) in test_pipelining()
10438 : (idx == 3 ? numpipes - 1 : numpipes); in test_pipelining()
10448 size_t sendlen = msglen - offset; in test_pipelining()
10458 * The data was written in |numpipes|, |numpipes - 1| or |numpipes + 1| in test_pipelining()
10472 msglen - readbytes, &readbytes2))) in test_pipelining()
10505 * to indicate retry via -1 - but sometimes BIOs don't do that.
10515 * Test 8-15: Repeat of above with TLSv1.2
10570 if (!TEST_int_eq(SSL_connect(clientssl), -1)) in test_handshake_retry()
10573 if (!TEST_int_eq(SSL_accept(serverssl), -1) in test_handshake_retry()
10574 || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE)) in test_handshake_retry()
10592 set_always_retry_err_val(-1); in test_handshake_retry()
10606 * the same session - and mark the session as not_resuamble at the end
10614 if (cbdata->recurse) in resume_servername_cb()
10617 if ((cbdata->i % 3) != 1) in resume_servername_cb()
10620 cbdata->recurse = 1; in resume_servername_cb()
10622 if (!TEST_true(create_ssl_objects(cbdata->sctx, cbdata->cctx, &serverssl, in resume_servername_cb()
10624 || !TEST_true(SSL_set_session(clientssl, cbdata->sess))) in resume_servername_cb()
10629 * We expect this to fail - because the servername cb will fail. This will in resume_servername_cb()
10642 cbdata->recurse = 0; in resume_servername_cb()
10832 -1, { 0 },
10845 -1, { 0 },
10871 if (np->clientlen == -1) { in test_select_next_proto()
10875 client = np->client; in test_select_next_proto()
10876 clientlen = (unsigned int)np->clientlen; in test_select_next_proto()
10878 if (np->serverlen == -1) { in test_select_next_proto()
10882 server = np->server; in test_select_next_proto()
10883 serverlen = (unsigned int)np->serverlen; in test_select_next_proto()
10888 np->expected_ret)) in test_select_next_proto()
10891 if (np->selectedlen == 0) { in test_select_next_proto()
10895 if (!TEST_mem_eq(out, outlen, np->selected, np->selectedlen)) in test_select_next_proto()
11180 * We add, but don't load the test "tls-provider". We'll load it when we in setup_tests()
11183 if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "tls-provider", in setup_tests()
11212 cert2 = test_mk_file_path(certsdir, "server-ecdsa-cert.pem"); in setup_tests()
11216 privkey2 = test_mk_file_path(certsdir, "server-ecdsa-key.pem"); in setup_tests()
11220 cert1024 = test_mk_file_path(certsdir, "ee-cert-1024.pem"); in setup_tests()
11224 privkey1024 = test_mk_file_path(certsdir, "ee-key-1024.pem"); in setup_tests()
11228 cert3072 = test_mk_file_path(certsdir, "ee-cert-3072.pem"); in setup_tests()
11232 privkey3072 = test_mk_file_path(certsdir, "ee-key-3072.pem"); in setup_tests()
11236 cert4096 = test_mk_file_path(certsdir, "ee-cert-4096.pem"); in setup_tests()
11240 privkey4096 = test_mk_file_path(certsdir, "ee-key-4096.pem"); in setup_tests()
11244 cert8192 = test_mk_file_path(certsdir, "ee-cert-8192.pem"); in setup_tests()
11248 privkey8192 = test_mk_file_path(certsdir, "ee-key-8192.pem"); in setup_tests()