Commit Graph

15 Commits

Author SHA1 Message Date
Matt Caswell 1afcc27f94 Add a test for app data received too early
Add a test for app data which was received prior to the Finished is read
correctly, and that if we continue to read we get the expected result.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/27543)
2025-05-08 14:06:12 -04:00
Tomas Mraz 7ed6de997f Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:35:49 +02:00
Matt Caswell 05752478df Move the ability to load the dasync engine into ssltestlib.c
The sslapitest has a helper function to load the dasync engine which is
useful for testing pipelining. We would like to have the same facility
from sslbuffertest, so we move the function to the common location
ssltestlib.c

Follow on from CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
2024-05-28 13:28:13 +01:00
Rajeev Ranjan b6a5e80167 Add support for integrity-only cipher suites for TLS v1.3
- add test vectors for tls1_3 integrity-only ciphers
- recmethod_local.h: add new member for MAC
- tls13_meth.c: add MAC only to tls 1.3
- tls13_enc.c: extend function to add MAC only
- ssl_local.h: add ssl_cipher_get_evp_md_mac()
- s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
- ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it
- tls13secretstest.c: add dummy test function
- Configure: add integrity-only-ciphers option
- document the new ciphers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22903)
2024-05-14 15:39:15 +02:00
Tomas Mraz 3860ef2ae6 QUIC: Test connection with large client and server cert chains
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)
2023-10-25 11:14:23 +01:00
Matt Caswell dbbdb940d4 Add a test for retries when sending app data
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22473)
2023-10-24 17:37:19 +01:00
Matt Caswell 1e4fc0b2e5 Add a test for using a PSK with QUIC
Check that we can set and use a PSK when establishing a QUIC connection.

Fixes openssl/project#83

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22011)
2023-09-12 15:29:00 +02:00
Matt Caswell da1c088f59 Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 09:59:15 +01:00
Matt Caswell 149c4f9816 Add a test for a retry during the handshake
Test various scenarios for a write retry occuring during a handshake.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21434)
2023-07-17 09:39:46 +10:00
Matt Caswell 8189fe242b Add a test for an app data record appearing before epoch change in DTLS
We had a test for a handshake record appearing before epoch change, and
a test for an app data record appearing before Finished - but not one for
the app data record appearing before epoch change.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20628)
2023-03-31 09:14:24 +01:00
Matt Caswell 0c593328fe Add a simple QUIC test for blocking mode
We create "real" sockets for blocking mode so that we can block on them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:55 +11:00
Matt Caswell 26dad42e9c Add a DTLSv1_listen() test
Add a test to ensure that a connection started via DTLSv1_listen() can
be completed through to handshake success. Previous DTLSv1_listen()
testing only tested the function itself and did not confirm that a
connection can actually be achieved using it.

This is important to test some codepaths being affected by the record layer
refactor.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell 4000827fdb Test that swapping the first app data record with Finished msg works
If the first app data record arrives before the Finished message we should
be able to buffer it and move on to the Finished message.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18868)
2022-08-01 08:08:00 +01:00
Matt Caswell e1c153d31d Add a DTLS next epoch test
Test that if we receive a packet from the next epoch, we can buffer it
and still use it.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18601)
2022-06-28 17:13:49 +02:00
Dr. David von Oheimb 20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13568)
2020-12-01 07:49:38 +01:00