Lines Matching +full:fips +full:- +full:provider +full:- +full:validation
2 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
32 #include <openssl/provider.h>
49 * If we don't have ec or dh then there are no built-in groups that are usable
55 /* Defined in tls-provider.c */
153 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) { in client_keylog_callback()
169 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) { in server_keylog_callback()
225 * hex-encoded encrypted secret, then the hex-encoded pre-master in test_keylog_output()
242 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded in test_keylog_output()
243 * client random, then the hex-encoded master secret. in test_keylog_output()
280 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded in test_keylog_output()
281 * client random, and then the hex-encoded secret. In this case, in test_keylog_output()
325 expected->rsa_key_exchange_count) in test_keylog_output()
327 expected->master_secret_count) in test_keylog_output()
329 expected->client_early_secret_count) in test_keylog_output()
331 expected->client_handshake_secret_count) in test_keylog_output()
333 expected->server_handshake_secret_count) in test_keylog_output()
335 expected->client_application_secret_count) in test_keylog_output()
337 expected->server_application_secret_count) in test_keylog_output()
339 expected->early_exporter_secret_count) in test_keylog_output()
341 expected->exporter_secret_count)) in test_keylog_output()
372 /* We also want to ensure that we use RSA-based key exchange. */ in test_keylog()
648 char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); in test_ssl_build_cert_chain()
676 return -1; in get_password_cb()
678 memcpy(buf, pass, sizeof(pass) - 1); in get_password_cb()
679 return sizeof(pass) - 1; in get_password_cb()
686 char *skey = test_mk_file_path(certsdir, "leaf-encrypted.key"); in test_ssl_ctx_build_cert_chain()
687 char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); in test_ssl_ctx_build_cert_chain()
767 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384")) in test_client_hello_cb()
773 * Passing a -1 literal is a hack since in test_client_hello_cb()
776 || !TEST_int_eq(SSL_get_error(serverssl, -1), in test_client_hello_cb()
839 * Very focused test to exercise a single case in the server-side state
865 || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) in test_ccs_change_cipher()
880 || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384:AES128-GCM-SHA256")) in test_ccs_change_cipher()
899 || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) in test_ccs_change_cipher()
903 || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")) in test_ccs_change_cipher()
1070 memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1071 memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1072 memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1073 memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1093 memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1094 memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1095 memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1096 memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); in ping_pong_query()
1106 if (!BIO_get_ktls_send(clientssl->wbio)) { in ping_pong_query()
1116 if (!BIO_get_ktls_send(serverssl->wbio)) { in ping_pong_query()
1126 if (!BIO_get_ktls_recv(clientssl->wbio)) { in ping_pong_query()
1136 if (!BIO_get_ktls_recv(serverssl->wbio)) { in ping_pong_query()
1157 int cfd = -1, sfd = -1; in execute_test_ktls()
1170 testresult = TEST_skip("CHACHA is not supported in FIPS"); in execute_test_ktls()
1174 /* Create a session based on SHA-256 */ in execute_test_ktls()
1214 if (!TEST_false(BIO_get_ktls_send(clientssl->wbio))) in execute_test_ktls()
1217 if (BIO_get_ktls_send(clientssl->wbio)) in execute_test_ktls()
1222 if (!TEST_false(BIO_get_ktls_send(serverssl->wbio))) in execute_test_ktls()
1225 if (BIO_get_ktls_send(serverssl->wbio)) in execute_test_ktls()
1235 if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) in execute_test_ktls()
1238 if (BIO_get_ktls_send(clientssl->rbio)) in execute_test_ktls()
1243 if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio))) in execute_test_ktls()
1246 if (BIO_get_ktls_send(serverssl->rbio)) in execute_test_ktls()
1273 if (cfd != -1) in execute_test_ktls()
1275 if (sfd != -1) in execute_test_ktls()
1290 int cfd = -1, sfd = -1, ffd, err; in execute_test_ktls_sendfile()
1309 testresult = TEST_skip("CHACHA is not supported in FIPS"); in execute_test_ktls_sendfile()
1313 /* Create a session based on SHA-256 */ in execute_test_ktls_sendfile()
1341 if (!BIO_get_ktls_send(serverssl->wbio)) { in execute_test_ktls_sendfile()
1365 chunk_size = min(SENDFILE_CHUNK, SENDFILE_SZ - chunk_off); in execute_test_ktls_sendfile()
1406 if (cfd != -1) in execute_test_ktls_sendfile()
1408 if (sfd != -1) in execute_test_ktls_sendfile()
1421 { TLS1_2_VERSION, "AES128-GCM-SHA256" },
1424 { TLS1_2_VERSION, "AES128-CCM"},
1427 { TLS1_2_VERSION, "AES256-GCM-SHA384"},
1430 { TLS1_2_VERSION, "ECDHE-RSA-CHACHA20-POLY1305"},
1463 return execute_test_ktls(cis_ktls, sis_ktls, cipher->tls_version, in test_ktls()
1464 cipher->cipher); in test_ktls()
1474 return execute_test_ktls_sendfile(cipher->tls_version, cipher->cipher); in test_ktls_sendfile()
1494 /* Not supported in the FIPS provider */ in test_large_message_dtls()
1532 /* Not supported in the FIPS provider */ in execute_cleanse_plaintext()
1578 rr = serverssl->rlayer.rrec; in execute_cleanse_plaintext()
1579 zbuf = &rr->data[rr->off]; in execute_cleanse_plaintext()
1580 if (!TEST_int_eq(rr->length, sizeof(cbuf))) in execute_cleanse_plaintext()
1706 if (SSL_CTX_get_tlsext_status_type(cctx) != -1) in test_tlsext_status_type()
1712 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1) in test_tlsext_status_type()
1781 * We'll just use any old cert for this test - it doesn't have to be an OCSP in test_tlsext_status_type()
1830 * sess has been up-refed for us, but we don't actually need it so free it in new_session_cb()
2085 * SSL_CTX_remove_session() also marks the session as non-resumable. in execute_test_session()
2137 /* Don't care about results - cache should only be sess2 at end */ in execute_test_session()
2143 || !TEST_ptr(sess1->owner) in execute_test_session()
2144 || !TEST_ptr_null(sess2->owner)) in execute_test_session()
2316 /* After a post-handshake authentication we should get 1 new ticket */ in check_resumption()
2379 /* Stop caching sessions - just count them */ in test_tickets()
2410 /* After a post-handshake authentication we should get new tickets issued */ in test_tickets()
2421 /* Stop caching sessions - just count them */ in test_tickets()
2526 idx -= 3; in test_extra_tickets()
2602 * Use the always-retry BIO to exercise the logic that forces ticket in test_extra_tickets()
2631 /* Re-do the write; still no tickets sent */ in test_extra_tickets()
2720 * SSL_set_bio() functions correctly in the case where s->bbio is not NULL.
2742 idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS; in test_ssl_set_bio()
2974 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; in test_set_sigalgs()
2986 if (curr->list != NULL) in test_set_sigalgs()
2987 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen); in test_set_sigalgs()
2989 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr); in test_set_sigalgs()
2992 if (curr->valid) in test_set_sigalgs()
2998 if (!curr->valid) { in test_set_sigalgs()
2999 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx); in test_set_sigalgs()
3011 if (curr->list != NULL) in test_set_sigalgs()
3012 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen); in test_set_sigalgs()
3014 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr); in test_set_sigalgs()
3016 if (curr->valid) in test_set_sigalgs()
3022 if (!curr->valid) in test_set_sigalgs()
3028 curr->connsuccess)) in test_set_sigalgs()
3403 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen, in test_early_data_read_write()
3405 || !TEST_size_t_eq(rawwritten, rawread - eoedlen)) in test_early_data_read_write()
3431 * post-handshake. We attempt reads which we do not expect to return any in test_early_data_read_write()
3527 * confopt == 0: Configure anti-replay directly
3528 * confopt == 1: Configure anti-replay using SSL_CONF
3557 if (!TEST_int_eq(SSL_CONF_cmd(confctx, "Options", "-AntiReplay"), in test_early_data_replay_int()
3685 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256"))) in early_data_skip_helper()
3700 if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20)))) in early_data_skip_helper()
3777 /* Connection has failed - nothing more to do */ in early_data_skip_helper()
3866 /* Write some data - should block due to handshake with server */ in test_early_data_not_sent()
3965 * it in a resumption handshake - so it is not actually possible for a in test_early_data_psk()
4003 * is associated with each handshake - not the session. Therefore it in test_early_data_psk()
4039 GOODALPNLEN - 1)) in test_early_data_psk()
4054 BADALPNLEN - 1)) in test_early_data_psk()
4057 GOODALPNLEN - 1)) in test_early_data_psk()
4065 connectres = -1; in test_early_data_psk()
4150 /* Skip ChaCha20Poly1305 as currently FIPS module does not support it */ in test_early_data_psk_with_all_ciphers()
4291 /* Write some data - should block due to handshake with server */ in test_early_data_tls1_2()
4352 * Test 1: Set a non-default ciphersuite in the SSL_CTX (no explicit cipher_list)
4354 * Test 3: Set a non-default ciphersuite in the SSL (no explicit cipher_list)
4356 * Test 5: Set a non-default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
4358 * Test 7: Set a non-default ciphersuite in the SSL (SSL_CTX cipher_list)
4360 * Test 9: Set a non-default ciphersuite in the SSL (SSL cipher_list)
4377 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384"))) in test_set_ciphersuite()
4399 if (!TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384"))) in test_set_ciphersuite()
4437 /* Create a session based on SHA-256 */ in test_ciphersuite_change()
4462 /* Check we can resume a session with a different SHA-256 ciphersuite */ in test_ciphersuite_change()
4482 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites in test_ciphersuite_change()
4534 clntsess->cipher = aes_128_gcm_sha256; in test_ciphersuite_change()
4535 clntsess->cipher_id = clntsess->cipher->id; in test_ciphersuite_change()
4538 * Continue the previously started connection. Server has selected a SHA-384 in test_ciphersuite_change()
4539 * ciphersuite, but client thinks the session is for SHA-256, so it should in test_ciphersuite_change()
4784 /*-
4827 idx -= numec; in test_negotiated_group()
4910 /*- in test_negotiated_group()
4918 idx--; in test_negotiated_group()
5077 /* Below validation is not done when t12_cipher is NULL */ in test_tls13_ciphersuite()
5143 * code works even if we are testing with only the FIPS provider loaded. in test_tls13_psk()
5260 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256"))) in test_tls13_psk()
5349 memcpy(cookie, cookie_magic_value, sizeof(cookie_magic_value) - 1); in generate_cookie_callback()
5350 *cookie_len = sizeof(cookie_magic_value) - 1; in generate_cookie_callback()
5358 if (cookie_len == sizeof(cookie_magic_value) - 1 in verify_cookie_callback()
5400 * This should fail with a -1 return because we have no callbacks in test_stateless()
5403 || !TEST_int_eq(SSL_stateless(serverssl), -1)) in test_stateless()
5491 return -1; in old_add_cb()
5518 return -1; in old_parse_cb()
5537 return -1; in new_add_cb()
5564 return -1; in new_parse_cb()
5859 const unsigned char *si = &serverinfo_custom_v1[len - 3]; in serverinfo_custom_parse_cb()
6021 sizeof(context) - 1, 1), 0)) in test_export_key_mat()
6036 sizeof(context) - 1, 1), 0)) in test_export_key_mat()
6050 sizeof(context) - 1, 1), 1) in test_export_key_mat()
6064 sizeof(context) -1, 1), in test_export_key_mat()
6156 sizeof(label) - 1, context, sizeof(context) - 1), 1) in test_export_key_mat_early()
6159 sizeof(label) - 1, emptycontext, 0), 1) in test_export_key_mat_early()
6162 sizeof(label) - 1, context, sizeof(context) - 1), 1) in test_export_key_mat_early()
6165 sizeof(label) - 1, emptycontext, 0), 1) in test_export_key_mat_early()
6301 if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1) in test_key_update_peer_in_write()
6309 /* Now read some data - we will read the key update */ in test_key_update_peer_in_write()
6310 if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1) in test_key_update_peer_in_write()
6384 || !TEST_int_eq(SSL_write(local, lwbuf, sizeof(lwbuf)), -1) in test_key_update_peer_in_read()
6385 || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE)) in test_key_update_peer_in_read()
6392 if (!TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), -1) in test_key_update_peer_in_read()
6393 || !TEST_int_eq(SSL_get_error(peer, -1), SSL_ERROR_WANT_READ)) in test_key_update_peer_in_read()
6396 /* Now write some data in peer - we will write the key update */ in test_key_update_peer_in_read()
6466 if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), -1) in test_key_update_local_in_write()
6467 || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE)) in test_key_update_local_in_write()
6491 * read data in peer - we will read the keyupdate msg in test_key_update_local_in_write()
6552 if (!TEST_int_eq(SSL_write(peer, pwbuf, sizeof(pwbuf)), -1) in test_key_update_local_in_read()
6553 || !TEST_int_eq(SSL_get_error(peer, -1), SSL_ERROR_WANT_WRITE)) in test_key_update_local_in_read()
6557 if (!TEST_int_eq(SSL_read(local, lrbuf, sizeof(lrbuf)), -1) in test_key_update_local_in_read()
6558 || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_READ)) in test_key_update_local_in_read()
6576 * read data in peer - we will read the key update in test_key_update_local_in_read()
6628 /* Clear clientssl - we're going to reuse the object */ in test_ssl_clear()
6707 /* Maximum-Fragment-Length TLS extension mode to test */
6845 if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v, in ssl_srp_cb()
6846 user->info) <= 0) { in ssl_srp_cb()
6928 lgN->N, lgN->g, libctx, NULL))) in create_new_vbase()
6935 user_pwd->N = lgN->N; in create_new_vbase()
6936 user_pwd->g = lgN->g; in create_new_vbase()
6937 user_pwd->id = OPENSSL_strdup(userid); in create_new_vbase()
6938 if (!TEST_ptr(user_pwd->id)) in create_new_vbase()
6941 user_pwd->v = verifier; in create_new_vbase()
6942 user_pwd->s = salt; in create_new_vbase()
6945 if (sk_SRP_user_pwd_insert(vbase->users_pwd, user_pwd, 0) == 0) in create_new_vbase()
7001 || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA")) in test_srp()
7044 static int info_cb_this_state = -1;
7216 info_cb_this_state = -1; in test_info_callback()
7333 /* Not supported in the FIPS provider */ in test_ssl_pending()
7366 || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes)) in test_ssl_pending()
7397 "AES128-SHA:AES256-SHA",
7399 "AES256-SHA:DHE-RSA-AES128-SHA",
7401 "AES256-SHA",
7402 "AES256-SHA"
7409 "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
7411 "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
7413 "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
7414 "AES128-SHA"
7419 "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA",
7421 "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA",
7423 "AES128-SHA:AES256-SHA",
7424 "AES128-SHA:AES256-SHA"
7428 "AES128-SHA:AES256-SHA",
7430 "AES128-SHA:DHE-RSA-AES128-SHA",
7432 "AES128-SHA",
7433 "AES128-SHA"
7444 "AES128-SHA:AES256-SHA",
7446 "AES256-SHA:AES128-SHA256",
7449 "TLS_AES_128_GCM_SHA256:AES256-SHA",
7450 "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA"
7456 "AES128-SHA",
7458 "AES256-SHA",
7478 * Regardless of whether we're testing with the FIPS provider loaded into in int_test_ssl_get_shared_ciphers()
7480 * available. Therefore we use a separate libctx with the default provider in int_test_ssl_get_shared_ciphers()
7481 * loaded into it. We run the same tests twice - once with the client side in int_test_ssl_get_shared_ciphers()
7619 if (tick_key_renew == -1) in tick_key_cb()
7622 aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL); in tick_key_cb()
7625 sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL); in tick_key_cb()
7638 ret = -1; in tick_key_cb()
7661 if (tick_key_renew == -1) in tick_key_evp_cb()
7664 aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL); in tick_key_evp_cb()
7677 ret = -1; in tick_key_evp_cb()
7736 tick_key_renew = -1; /* abort sending the ticket/0-length ticket */ in test_ticket_callbacks()
7775 * We only want sessions to resume from tickets - not the session cache. So in test_ticket_callbacks()
7831 || tick_key_renew == -1) { in test_ticket_callbacks()
7916 * Test bi-directional shutdown.
8061 if (!TEST_int_eq(SSL_shutdown(clientssl), -1) in test_shutdown()
8062 || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL)) in test_shutdown()
8093 return -1; in cert_cb()
8113 ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem"); in cert_cb()
8114 ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem"); in cert_cb()
8172 * Test 1: Success - no SSL_set_SSL_CTX() in the callback
8173 * Test 2: Success - SSL_set_SSL_CTX() in the callback
8174 * Test 3: Success - Call SSL_check_chain from the callback
8175 * Test 4: Failure - SSL_check_chain fails from callback due to bad cert in the
8177 * Test 5: Failure - SSL_check_chain fails from callback due to bad ee cert
8186 /* We use an EC cert in these tests, so we skip in a no-ec build */ in test_cert_cb_int()
8199 cert_cb_cnt = -1; in test_cert_cb_int()
8238 && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) { in test_cert_cb_int()
8380 -1, -1, 0))) in test_ca_names_int()
8491 "AES128-SHA",
8492 "AES128-SHA256",
8493 "AES256-SHA",
8494 "AES256-SHA256",
8497 /* Reduce the fragment size - so the multiblock test buffer can be small */
8504 "AES-128-CBC-HMAC-SHA1", in test_multiblock_write()
8505 "AES-128-CBC-HMAC-SHA256", in test_multiblock_write()
8506 "AES-256-CBC-HMAC-SHA1", in test_multiblock_write()
8507 "AES-256-CBC-HMAC-SHA256" in test_multiblock_write()
8519 * Choose a buffer large enough to perform a multi-block operation in test_multiblock_write()
8554 /* settings to force it to use AES-CBC-HMAC_SHA */ in test_multiblock_write()
8571 len -= readbytes; in test_multiblock_write()
8610 early->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; in test_session_timeout()
8611 memset(early->session_id, 1, SSL3_SSL_SESSION_ID_LENGTH); in test_session_timeout()
8612 middle->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; in test_session_timeout()
8613 memset(middle->session_id, 2, SSL3_SSL_SESSION_ID_LENGTH); in test_session_timeout()
8614 late->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; in test_session_timeout()
8615 memset(late->session_id, 3, SSL3_SSL_SESSION_ID_LENGTH); in test_session_timeout()
8623 if (!TEST_ptr(early->prev) in test_session_timeout()
8624 || !TEST_ptr(middle->prev) in test_session_timeout()
8625 || !TEST_ptr(late->prev)) in test_session_timeout()
8628 if (!TEST_int_ne(SSL_SESSION_set_time(early, now - 10), 0) in test_session_timeout()
8639 if (!TEST_ptr(early->prev) in test_session_timeout()
8640 || !TEST_ptr(middle->prev) in test_session_timeout()
8641 || !TEST_ptr(late->prev)) in test_session_timeout()
8645 if (!TEST_ptr_eq(late->next, middle) in test_session_timeout()
8646 || !TEST_ptr_eq(middle->next, early) in test_session_timeout()
8647 || !TEST_ptr_eq(early->prev, middle) in test_session_timeout()
8648 || !TEST_ptr_eq(middle->prev, late)) in test_session_timeout()
8652 SSL_CTX_flush_sessions(ctx, now + TIMEOUT - 1); in test_session_timeout()
8653 if (!TEST_ptr_null(early->prev) in test_session_timeout()
8654 || !TEST_ptr(middle->prev) in test_session_timeout()
8655 || !TEST_ptr(late->prev)) in test_session_timeout()
8660 if (!TEST_ptr_null(early->prev) in test_session_timeout()
8661 || !TEST_ptr_null(middle->prev) in test_session_timeout()
8662 || !TEST_ptr(late->prev)) in test_session_timeout()
8667 if (!TEST_ptr_null(early->prev) in test_session_timeout()
8668 || !TEST_ptr_null(middle->prev) in test_session_timeout()
8669 || !TEST_ptr_null(late->prev)) in test_session_timeout()
8679 if (!TEST_ptr(early->prev) in test_session_timeout()
8680 || !TEST_ptr(middle->prev) in test_session_timeout()
8681 || !TEST_ptr(late->prev)) in test_session_timeout()
8686 if (!TEST_ptr_null(early->prev) in test_session_timeout()
8687 || !TEST_ptr_null(middle->prev) in test_session_timeout()
8688 || !TEST_ptr_null(late->prev)) in test_session_timeout()
8695 now -= 10; in test_session_timeout()
8870 * Test 1: The client only has SHA2-256: only SHA2-256 algorithms shared
8871 * Test 2: The server only has SHA2-256: only SHA2-256 algorithms shared
8900 * Only enable SHA2-256 so rsa_pss_rsae_sha384 should not be offered in test_sigalgs_available()
8902 * *requires* SHA2-256 to be available so we cannot disable that. We in test_sigalgs_available()
8906 "SHA2-256:SHA1"))) in test_sigalgs_available()
8946 "ECDHE-RSA-AES128-GCM-SHA256"))) in test_sigalgs_available()
8950 "ECDHE-ECDSA-AES128-GCM-SHA256"))) in test_sigalgs_available()
9022 OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider"); in test_pluggable_group()
9023 /* Check that we are not impacted by a provider without any groups */ in test_pluggable_group()
9032 * In this case we assume we've been built with "no-legacy" and skip in test_pluggable_group()
9316 || !TEST_true(SSL_set_cipher_list(serverssl, "DHE-RSA-AES128-SHA"))) in test_set_tmp_dh()
9353 const char *ciphersuite = "DHE-RSA-AES128-SHA"; in test_dh_auto()
9357 /* The FIPS provider doesn't support this DH size - so we ignore it */ in test_dh_auto()
9387 /* The FIPS provider doesn't support this DH size - so we ignore it */ in test_dh_auto()
9390 ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0"; in test_dh_auto()
9394 ciphersuite = "ADH-AES256-SHA256:@SECLEVEL=0"; in test_dh_auto()
9590 /* the set_alpn functions return 0 (false) on success, non-zero (true) on failure */ in test_set_alpn()
9883 OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
9897 * Verify that the default and fips providers in the default libctx are not in setup_tests()
9901 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) in setup_tests()
9920 /* Check we have the expected provider available */ in setup_tests()
9924 /* Check the default provider is not available */ in setup_tests()
9929 if (strcmp(modulename, "fips") == 0) in setup_tests()
9933 * We add, but don't load the test "tls-provider". We'll load it when we in setup_tests()
9936 if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "tls-provider", in setup_tests()
9965 cert2 = test_mk_file_path(certsdir, "server-ecdsa-cert.pem"); in setup_tests()
9969 privkey2 = test_mk_file_path(certsdir, "server-ecdsa-key.pem"); in setup_tests()
9973 cert1024 = test_mk_file_path(certsdir, "ee-cert-1024.pem"); in setup_tests()
9977 privkey1024 = test_mk_file_path(certsdir, "ee-key-1024.pem"); in setup_tests()
9981 cert3072 = test_mk_file_path(certsdir, "ee-cert-3072.pem"); in setup_tests()
9985 privkey3072 = test_mk_file_path(certsdir, "ee-key-3072.pem"); in setup_tests()
9989 cert4096 = test_mk_file_path(certsdir, "ee-cert-4096.pem"); in setup_tests()
9993 privkey4096 = test_mk_file_path(certsdir, "ee-key-4096.pem"); in setup_tests()
9997 cert8192 = test_mk_file_path(certsdir, "ee-cert-8192.pem"); in setup_tests()
10001 privkey8192 = test_mk_file_path(certsdir, "ee-key-8192.pem"); in setup_tests()