| /* |
| * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. |
| * |
| * Licensed under the Apache License 2.0 (the "License"). You may not use |
| * this file except in compliance with the License. You can obtain a copy |
| * in the file LICENSE in the source distribution or at |
| * https://www.openssl.org/source/license.html |
| */ |
| |
| /* |
| * We need access to the deprecated low level HMAC APIs for legacy purposes |
| * when the deprecated calls are not hidden |
| */ |
| #ifndef OPENSSL_NO_DEPRECATED_3_0 |
| # define OPENSSL_SUPPRESS_DEPRECATED |
| #endif |
| |
| #include <stdio.h> |
| #include <string.h> |
| |
| #include <openssl/opensslconf.h> |
| #include <openssl/bio.h> |
| #include <openssl/crypto.h> |
| #include <openssl/ssl.h> |
| #include <openssl/ocsp.h> |
| #include <openssl/srp.h> |
| #include <openssl/txt_db.h> |
| #include <openssl/aes.h> |
| #include <openssl/rand.h> |
| #include <openssl/core_names.h> |
| #include <openssl/core_dispatch.h> |
| #include <openssl/provider.h> |
| #include <openssl/param_build.h> |
| #include <openssl/x509v3.h> |
| #include <openssl/dh.h> |
| |
| #include "helpers/ssltestlib.h" |
| #include "testutil.h" |
| #include "testutil/output.h" |
| #include "internal/nelem.h" |
| #include "internal/ktls.h" |
| #include "../ssl/ssl_local.h" |
| #include "filterprov.h" |
| |
| #undef OSSL_NO_USABLE_TLS1_3 |
| #if defined(OPENSSL_NO_TLS1_3) \ |
| || (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH)) |
| /* |
| * If we don't have ec or dh then there are no built-in groups that are usable |
| * with TLSv1.3 |
| */ |
| # define OSSL_NO_USABLE_TLS1_3 |
| #endif |
| |
| /* Defined in tls-provider.c */ |
| int tls_provider_init(const OSSL_CORE_HANDLE *handle, |
| const OSSL_DISPATCH *in, |
| const OSSL_DISPATCH **out, |
| void **provctx); |
| |
| static OSSL_LIB_CTX *libctx = NULL; |
| static OSSL_PROVIDER *defctxnull = NULL; |
| |
| #ifndef OSSL_NO_USABLE_TLS1_3 |
| |
| static SSL_SESSION *clientpsk = NULL; |
| static SSL_SESSION *serverpsk = NULL; |
| static const char *pskid = "Identity"; |
| static const char *srvid; |
| |
| static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, |
| size_t *idlen, SSL_SESSION **sess); |
| static int find_session_cb(SSL *ssl, const unsigned char *identity, |
| size_t identity_len, SSL_SESSION **sess); |
| |
| static int use_session_cb_cnt = 0; |
| static int find_session_cb_cnt = 0; |
| |
| static SSL_SESSION *create_a_psk(SSL *ssl); |
| #endif |
| |
| static char *certsdir = NULL; |
| static char *cert = NULL; |
| static char *privkey = NULL; |
| static char *cert2 = NULL; |
| static char *privkey2 = NULL; |
| static char *cert1024 = NULL; |
| static char *privkey1024 = NULL; |
| static char *cert3072 = NULL; |
| static char *privkey3072 = NULL; |
| static char *cert4096 = NULL; |
| static char *privkey4096 = NULL; |
| static char *cert8192 = NULL; |
| static char *privkey8192 = NULL; |
| static char *srpvfile = NULL; |
| static char *tmpfilename = NULL; |
| static char *dhfile = NULL; |
| |
| static int is_fips = 0; |
| |
| #define LOG_BUFFER_SIZE 2048 |
| static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; |
| static size_t server_log_buffer_index = 0; |
| static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; |
| static size_t client_log_buffer_index = 0; |
| static int error_writing_log = 0; |
| |
| #ifndef OPENSSL_NO_OCSP |
| static const unsigned char orespder[] = "Dummy OCSP Response"; |
| static int ocsp_server_called = 0; |
| static int ocsp_client_called = 0; |
| |
| static int cdummyarg = 1; |
| static X509 *ocspcert = NULL; |
| #endif |
| |
| #define NUM_EXTRA_CERTS 40 |
| #define CLIENT_VERSION_LEN 2 |
| |
| /* |
| * This structure is used to validate that the correct number of log messages |
| * of various types are emitted when emitting secret logs. |
| */ |
| struct sslapitest_log_counts { |
| unsigned int rsa_key_exchange_count; |
| unsigned int master_secret_count; |
| unsigned int client_early_secret_count; |
| unsigned int client_handshake_secret_count; |
| unsigned int server_handshake_secret_count; |
| unsigned int client_application_secret_count; |
| unsigned int server_application_secret_count; |
| unsigned int early_exporter_secret_count; |
| unsigned int exporter_secret_count; |
| }; |
| |
| |
| static unsigned char serverinfov1[] = { |
| 0xff, 0xff, /* Dummy extension type */ |
| 0x00, 0x01, /* Extension length is 1 byte */ |
| 0xff /* Dummy extension data */ |
| }; |
| |
| static unsigned char serverinfov2[] = { |
| 0x00, 0x00, 0x00, |
| (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */ |
| 0xff, 0xff, /* Dummy extension type */ |
| 0x00, 0x01, /* Extension length is 1 byte */ |
| 0xff /* Dummy extension data */ |
| }; |
| |
| static int hostname_cb(SSL *s, int *al, void *arg) |
| { |
| const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); |
| |
| if (hostname != NULL && (strcmp(hostname, "goodhost") == 0 |
| || strcmp(hostname, "altgoodhost") == 0)) |
| return SSL_TLSEXT_ERR_OK; |
| |
| return SSL_TLSEXT_ERR_NOACK; |
| } |
| |
| static void client_keylog_callback(const SSL *ssl, const char *line) |
| { |
| int line_length = strlen(line); |
| |
| /* If the log doesn't fit, error out. */ |
| if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) { |
| TEST_info("Client log too full"); |
| error_writing_log = 1; |
| return; |
| } |
| |
| strcat(client_log_buffer, line); |
| client_log_buffer_index += line_length; |
| client_log_buffer[client_log_buffer_index++] = '\n'; |
| } |
| |
| static void server_keylog_callback(const SSL *ssl, const char *line) |
| { |
| int line_length = strlen(line); |
| |
| /* If the log doesn't fit, error out. */ |
| if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) { |
| TEST_info("Server log too full"); |
| error_writing_log = 1; |
| return; |
| } |
| |
| strcat(server_log_buffer, line); |
| server_log_buffer_index += line_length; |
| server_log_buffer[server_log_buffer_index++] = '\n'; |
| } |
| |
| static int compare_hex_encoded_buffer(const char *hex_encoded, |
| size_t hex_length, |
| const uint8_t *raw, |
| size_t raw_length) |
| { |
| size_t i, j; |
| char hexed[3]; |
| |
| if (!TEST_size_t_eq(raw_length * 2, hex_length)) |
| return 1; |
| |
| for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) { |
| sprintf(hexed, "%02x", raw[i]); |
| if (!TEST_int_eq(hexed[0], hex_encoded[j]) |
| || !TEST_int_eq(hexed[1], hex_encoded[j + 1])) |
| return 1; |
| } |
| |
| return 0; |
| } |
| |
| static int test_keylog_output(char *buffer, const SSL *ssl, |
| const SSL_SESSION *session, |
| struct sslapitest_log_counts *expected) |
| { |
| char *token = NULL; |
| unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0}; |
| size_t client_random_size = SSL3_RANDOM_SIZE; |
| unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0}; |
| size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH; |
| unsigned int rsa_key_exchange_count = 0; |
| unsigned int master_secret_count = 0; |
| unsigned int client_early_secret_count = 0; |
| unsigned int client_handshake_secret_count = 0; |
| unsigned int server_handshake_secret_count = 0; |
| unsigned int client_application_secret_count = 0; |
| unsigned int server_application_secret_count = 0; |
| unsigned int early_exporter_secret_count = 0; |
| unsigned int exporter_secret_count = 0; |
| |
| for (token = strtok(buffer, " \n"); token != NULL; |
| token = strtok(NULL, " \n")) { |
| if (strcmp(token, "RSA") == 0) { |
| /* |
| * Premaster secret. Tokens should be: 16 ASCII bytes of |
| * hex-encoded encrypted secret, then the hex-encoded pre-master |
| * secret. |
| */ |
| if (!TEST_ptr(token = strtok(NULL, " \n"))) |
| return 0; |
| if (!TEST_size_t_eq(strlen(token), 16)) |
| return 0; |
| if (!TEST_ptr(token = strtok(NULL, " \n"))) |
| return 0; |
| /* |
| * We can't sensibly check the log because the premaster secret is |
| * transient, and OpenSSL doesn't keep hold of it once the master |
| * secret is generated. |
| */ |
| rsa_key_exchange_count++; |
| } else if (strcmp(token, "CLIENT_RANDOM") == 0) { |
| /* |
| * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded |
| * client random, then the hex-encoded master secret. |
| */ |
| client_random_size = SSL_get_client_random(ssl, |
| actual_client_random, |
| SSL3_RANDOM_SIZE); |
| if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE)) |
| return 0; |
| |
| if (!TEST_ptr(token = strtok(NULL, " \n"))) |
| return 0; |
| if (!TEST_size_t_eq(strlen(token), 64)) |
| return 0; |
| if (!TEST_false(compare_hex_encoded_buffer(token, 64, |
| actual_client_random, |
| client_random_size))) |
| return 0; |
| |
| if (!TEST_ptr(token = strtok(NULL, " \n"))) |
| return 0; |
| master_key_size = SSL_SESSION_get_master_key(session, |
| actual_master_key, |
| master_key_size); |
| if (!TEST_size_t_ne(master_key_size, 0)) |
| return 0; |
| if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token), |
| actual_master_key, |
| master_key_size))) |
| return 0; |
| master_secret_count++; |
| } else if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0 |
| || strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0 |
| || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0 |
| || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0 |
| || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0 |
| || strcmp(token, "EARLY_EXPORTER_SECRET") == 0 |
| || strcmp(token, "EXPORTER_SECRET") == 0) { |
| /* |
| * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded |
| * client random, and then the hex-encoded secret. In this case, |
| * we treat all of these secrets identically and then just |
| * distinguish between them when counting what we saw. |
| */ |
| if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0) |
| client_early_secret_count++; |
| else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0) |
| client_handshake_secret_count++; |
| else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0) |
| server_handshake_secret_count++; |
| else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0) |
| client_application_secret_count++; |
| else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) |
| server_application_secret_count++; |
| else if (strcmp(token, "EARLY_EXPORTER_SECRET") == 0) |
| early_exporter_secret_count++; |
| else if (strcmp(token, "EXPORTER_SECRET") == 0) |
| exporter_secret_count++; |
| |
| client_random_size = SSL_get_client_random(ssl, |
| actual_client_random, |
| SSL3_RANDOM_SIZE); |
| if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE)) |
| return 0; |
| |
| if (!TEST_ptr(token = strtok(NULL, " \n"))) |
| return 0; |
| if (!TEST_size_t_eq(strlen(token), 64)) |
| return 0; |
| if (!TEST_false(compare_hex_encoded_buffer(token, 64, |
| actual_client_random, |
| client_random_size))) |
| return 0; |
| |
| if (!TEST_ptr(token = strtok(NULL, " \n"))) |
| return 0; |
| } else { |
| TEST_info("Unexpected token %s\n", token); |
| return 0; |
| } |
| } |
| |
| /* Got what we expected? */ |
| if (!TEST_size_t_eq(rsa_key_exchange_count, |
| expected->rsa_key_exchange_count) |
| || !TEST_size_t_eq(master_secret_count, |
| expected->master_secret_count) |
| || !TEST_size_t_eq(client_early_secret_count, |
| expected->client_early_secret_count) |
| || !TEST_size_t_eq(client_handshake_secret_count, |
| expected->client_handshake_secret_count) |
| || !TEST_size_t_eq(server_handshake_secret_count, |
| expected->server_handshake_secret_count) |
| || !TEST_size_t_eq(client_application_secret_count, |
| expected->client_application_secret_count) |
| || !TEST_size_t_eq(server_application_secret_count, |
| expected->server_application_secret_count) |
| || !TEST_size_t_eq(early_exporter_secret_count, |
| expected->early_exporter_secret_count) |
| || !TEST_size_t_eq(exporter_secret_count, |
| expected->exporter_secret_count)) |
| return 0; |
| return 1; |
| } |
| |
| #if !defined(OPENSSL_NO_TLS1_2) || defined(OSSL_NO_USABLE_TLS1_3) |
| static int test_keylog(void) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| int testresult = 0; |
| struct sslapitest_log_counts expected; |
| |
| /* Clean up logging space */ |
| memset(&expected, 0, sizeof(expected)); |
| memset(client_log_buffer, 0, sizeof(client_log_buffer)); |
| memset(server_log_buffer, 0, sizeof(server_log_buffer)); |
| client_log_buffer_index = 0; |
| server_log_buffer_index = 0; |
| error_writing_log = 0; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), |
| TLS1_VERSION, 0, |
| &sctx, &cctx, cert, privkey))) |
| return 0; |
| |
| /* We cannot log the master secret for TLSv1.3, so we should forbid it. */ |
| SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3); |
| SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3); |
| |
| /* We also want to ensure that we use RSA-based key exchange. */ |
| if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA"))) |
| goto end; |
| |
| if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) |
| || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) |
| goto end; |
| SSL_CTX_set_keylog_callback(cctx, client_keylog_callback); |
| if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) |
| == client_keylog_callback)) |
| goto end; |
| SSL_CTX_set_keylog_callback(sctx, server_keylog_callback); |
| if (!TEST_true(SSL_CTX_get_keylog_callback(sctx) |
| == server_keylog_callback)) |
| goto end; |
| |
| /* Now do a handshake and check that the logs have been written to. */ |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL)) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_false(error_writing_log) |
| || !TEST_int_gt(client_log_buffer_index, 0) |
| || !TEST_int_gt(server_log_buffer_index, 0)) |
| goto end; |
| |
| /* |
| * Now we want to test that our output data was vaguely sensible. We |
| * do that by using strtok and confirming that we have more or less the |
| * data we expect. For both client and server, we expect to see one master |
| * secret. The client should also see a RSA key exchange. |
| */ |
| expected.rsa_key_exchange_count = 1; |
| expected.master_secret_count = 1; |
| if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, |
| SSL_get_session(clientssl), &expected))) |
| goto end; |
| |
| expected.rsa_key_exchange_count = 0; |
| if (!TEST_true(test_keylog_output(server_log_buffer, serverssl, |
| SSL_get_session(serverssl), &expected))) |
| goto end; |
| |
| testresult = 1; |
| |
| end: |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| return testresult; |
| } |
| #endif |
| |
| #ifndef OSSL_NO_USABLE_TLS1_3 |
| static int test_keylog_no_master_key(void) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| SSL_SESSION *sess = NULL; |
| int testresult = 0; |
| struct sslapitest_log_counts expected; |
| unsigned char buf[1]; |
| size_t readbytes, written; |
| |
| /* Clean up logging space */ |
| memset(&expected, 0, sizeof(expected)); |
| memset(client_log_buffer, 0, sizeof(client_log_buffer)); |
| memset(server_log_buffer, 0, sizeof(server_log_buffer)); |
| client_log_buffer_index = 0; |
| server_log_buffer_index = 0; |
| error_writing_log = 0; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), TLS1_VERSION, 0, |
| &sctx, &cctx, cert, privkey)) |
| || !TEST_true(SSL_CTX_set_max_early_data(sctx, |
| SSL3_RT_MAX_PLAIN_LENGTH))) |
| return 0; |
| |
| if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) |
| || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) |
| goto end; |
| |
| SSL_CTX_set_keylog_callback(cctx, client_keylog_callback); |
| if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) |
| == client_keylog_callback)) |
| goto end; |
| |
| SSL_CTX_set_keylog_callback(sctx, server_keylog_callback); |
| if (!TEST_true(SSL_CTX_get_keylog_callback(sctx) |
| == server_keylog_callback)) |
| goto end; |
| |
| /* Now do a handshake and check that the logs have been written to. */ |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL)) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_false(error_writing_log)) |
| goto end; |
| |
| /* |
| * Now we want to test that our output data was vaguely sensible. For this |
| * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for |
| * TLSv1.3, but we do expect both client and server to emit keys. |
| */ |
| expected.client_handshake_secret_count = 1; |
| expected.server_handshake_secret_count = 1; |
| expected.client_application_secret_count = 1; |
| expected.server_application_secret_count = 1; |
| expected.exporter_secret_count = 1; |
| if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, |
| SSL_get_session(clientssl), &expected)) |
| || !TEST_true(test_keylog_output(server_log_buffer, serverssl, |
| SSL_get_session(serverssl), |
| &expected))) |
| goto end; |
| |
| /* Terminate old session and resume with early data. */ |
| sess = SSL_get1_session(clientssl); |
| SSL_shutdown(clientssl); |
| SSL_shutdown(serverssl); |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| serverssl = clientssl = NULL; |
| |
| /* Reset key log */ |
| memset(client_log_buffer, 0, sizeof(client_log_buffer)); |
| memset(server_log_buffer, 0, sizeof(server_log_buffer)); |
| client_log_buffer_index = 0; |
| server_log_buffer_index = 0; |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL)) |
| || !TEST_true(SSL_set_session(clientssl, sess)) |
| /* Here writing 0 length early data is enough. */ |
| || !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written)) |
| || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), |
| &readbytes), |
| SSL_READ_EARLY_DATA_ERROR) |
| || !TEST_int_eq(SSL_get_early_data_status(serverssl), |
| SSL_EARLY_DATA_ACCEPTED) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_true(SSL_session_reused(clientssl))) |
| goto end; |
| |
| /* In addition to the previous entries, expect early secrets. */ |
| expected.client_early_secret_count = 1; |
| expected.early_exporter_secret_count = 1; |
| if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, |
| SSL_get_session(clientssl), &expected)) |
| || !TEST_true(test_keylog_output(server_log_buffer, serverssl, |
| SSL_get_session(serverssl), |
| &expected))) |
| goto end; |
| |
| testresult = 1; |
| |
| end: |
| SSL_SESSION_free(sess); |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| return testresult; |
| } |
| #endif |
| |
| static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg) |
| { |
| int res = X509_verify_cert(ctx); |
| int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); |
| SSL *ssl; |
| |
| /* this should not happen but check anyway */ |
| if (idx < 0 |
| || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) |
| return 0; |
| |
| if (res == 0 && X509_STORE_CTX_get_error(ctx) == |
| X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) |
| /* indicate SSL_ERROR_WANT_RETRY_VERIFY */ |
| return SSL_set_retry_verify(ssl); |
| |
| return res; |
| } |
| |
| static int test_client_cert_verify_cb(void) |
| { |
| /* server key, cert, chain, and root */ |
| char *skey = test_mk_file_path(certsdir, "leaf.key"); |
| char *leaf = test_mk_file_path(certsdir, "leaf.pem"); |
| char *int2 = test_mk_file_path(certsdir, "subinterCA.pem"); |
| char *int1 = test_mk_file_path(certsdir, "interCA.pem"); |
| char *root = test_mk_file_path(certsdir, "rootCA.pem"); |
| X509 *crt1 = NULL, *crt2 = NULL; |
| STACK_OF(X509) *server_chain; |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| int testresult = 0; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), TLS1_VERSION, 0, |
| &sctx, &cctx, NULL, NULL))) |
| goto end; |
| if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(sctx, leaf), 1) |
| || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx, skey, |
| SSL_FILETYPE_PEM), 1) |
| || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1)) |
| goto end; |
| if (!TEST_true(SSL_CTX_load_verify_locations(cctx, root, NULL))) |
| goto end; |
| SSL_CTX_set_verify(cctx, SSL_VERIFY_PEER, NULL); |
| SSL_CTX_set_cert_verify_callback(cctx, verify_retry_cb, NULL); |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL))) |
| goto end; |
| |
| /* attempt SSL_connect() with incomplete server chain */ |
| if (!TEST_false(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_WANT_RETRY_VERIFY))) |
| goto end; |
| |
| /* application provides intermediate certs needed to verify server cert */ |
| if (!TEST_ptr((crt1 = load_cert_pem(int1, libctx))) |
| || !TEST_ptr((crt2 = load_cert_pem(int2, libctx))) |
| || !TEST_ptr((server_chain = SSL_get_peer_cert_chain(clientssl)))) |
| goto end; |
| /* add certs in reverse order to demonstrate real chain building */ |
| if (!TEST_true(sk_X509_push(server_chain, crt1))) |
| goto end; |
| crt1 = NULL; |
| if (!TEST_true(sk_X509_push(server_chain, crt2))) |
| goto end; |
| crt2 = NULL; |
| |
| /* continue SSL_connect(), must now succeed with completed server chain */ |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE))) |
| goto end; |
| |
| testresult = 1; |
| |
| end: |
| X509_free(crt1); |
| X509_free(crt2); |
| if (clientssl != NULL) { |
| SSL_shutdown(clientssl); |
| SSL_free(clientssl); |
| } |
| if (serverssl != NULL) { |
| SSL_shutdown(serverssl); |
| SSL_free(serverssl); |
| } |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| OPENSSL_free(skey); |
| OPENSSL_free(leaf); |
| OPENSSL_free(int2); |
| OPENSSL_free(int1); |
| OPENSSL_free(root); |
| |
| return testresult; |
| } |
| |
| static int test_ssl_build_cert_chain(void) |
| { |
| int ret = 0; |
| SSL_CTX *ssl_ctx = NULL; |
| SSL *ssl = NULL; |
| char *skey = test_mk_file_path(certsdir, "leaf.key"); |
| char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); |
| |
| if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) |
| goto end; |
| if (!TEST_ptr(ssl = SSL_new(ssl_ctx))) |
| goto end; |
| /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ |
| if (!TEST_int_eq(SSL_use_certificate_chain_file(ssl, leaf_chain), 1) |
| || !TEST_int_eq(SSL_use_PrivateKey_file(ssl, skey, SSL_FILETYPE_PEM), 1) |
| || !TEST_int_eq(SSL_check_private_key(ssl), 1)) |
| goto end; |
| if (!TEST_true(SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_NO_ROOT |
| | SSL_BUILD_CHAIN_FLAG_CHECK))) |
| goto end; |
| ret = 1; |
| end: |
| SSL_free(ssl); |
| SSL_CTX_free(ssl_ctx); |
| OPENSSL_free(leaf_chain); |
| OPENSSL_free(skey); |
| return ret; |
| } |
| |
| static int get_password_cb(char *buf, int size, int rw_flag, void *userdata) |
| { |
| static const char pass[] = "testpass"; |
| |
| if (!TEST_int_eq(size, PEM_BUFSIZE)) |
| return -1; |
| |
| memcpy(buf, pass, sizeof(pass) - 1); |
| return sizeof(pass) - 1; |
| } |
| |
| static int test_ssl_ctx_build_cert_chain(void) |
| { |
| int ret = 0; |
| SSL_CTX *ctx = NULL; |
| char *skey = test_mk_file_path(certsdir, "leaf-encrypted.key"); |
| char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); |
| |
| if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) |
| goto end; |
| SSL_CTX_set_default_passwd_cb(ctx, get_password_cb); |
| /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ |
| if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(ctx, leaf_chain), 1) |
| || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, skey, |
| SSL_FILETYPE_PEM), 1) |
| || !TEST_int_eq(SSL_CTX_check_private_key(ctx), 1)) |
| goto end; |
| if (!TEST_true(SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT |
| | SSL_BUILD_CHAIN_FLAG_CHECK))) |
| goto end; |
| ret = 1; |
| end: |
| SSL_CTX_free(ctx); |
| OPENSSL_free(leaf_chain); |
| OPENSSL_free(skey); |
| return ret; |
| } |
| |
| #ifndef OPENSSL_NO_TLS1_2 |
| static int full_client_hello_callback(SSL *s, int *al, void *arg) |
| { |
| int *ctr = arg; |
| const unsigned char *p; |
| int *exts; |
| /* We only configure two ciphers, but the SCSV is added automatically. */ |
| #ifdef OPENSSL_NO_EC |
| const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff}; |
| #else |
| const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0, |
| 0x2c, 0x00, 0xff}; |
| #endif |
| const int expected_extensions[] = { |
| #ifndef OPENSSL_NO_EC |
| 11, 10, |
| #endif |
| 35, 22, 23, 13}; |
| size_t len; |
| |
| /* Make sure we can defer processing and get called back. */ |
| if ((*ctr)++ == 0) |
| return SSL_CLIENT_HELLO_RETRY; |
| |
| len = SSL_client_hello_get0_ciphers(s, &p); |
| if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers)) |
| || !TEST_size_t_eq( |
| SSL_client_hello_get0_compression_methods(s, &p), 1) |
| || !TEST_int_eq(*p, 0)) |
| return SSL_CLIENT_HELLO_ERROR; |
| if (!SSL_client_hello_get1_extensions_present(s, &exts, &len)) |
| return SSL_CLIENT_HELLO_ERROR; |
| if (len != OSSL_NELEM(expected_extensions) || |
| memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) { |
| printf("ClientHello callback expected extensions mismatch\n"); |
| OPENSSL_free(exts); |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| OPENSSL_free(exts); |
| return SSL_CLIENT_HELLO_SUCCESS; |
| } |
| |
| static int test_client_hello_cb(void) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| int testctr = 0, testresult = 0; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), TLS1_VERSION, 0, |
| &sctx, &cctx, cert, privkey))) |
| goto end; |
| SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr); |
| |
| /* The gimpy cipher list we configure can't do TLS 1.3. */ |
| SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); |
| |
| if (!TEST_true(SSL_CTX_set_cipher_list(cctx, |
| "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384")) |
| || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL)) |
| || !TEST_false(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_WANT_CLIENT_HELLO_CB)) |
| /* |
| * Passing a -1 literal is a hack since |
| * the real value was lost. |
| * */ |
| || !TEST_int_eq(SSL_get_error(serverssl, -1), |
| SSL_ERROR_WANT_CLIENT_HELLO_CB) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE))) |
| goto end; |
| |
| testresult = 1; |
| |
| end: |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| return testresult; |
| } |
| |
| static int test_no_ems(void) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| int testresult = 0; |
| |
| if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), |
| TLS1_VERSION, TLS1_2_VERSION, |
| &sctx, &cctx, cert, privkey)) { |
| printf("Unable to create SSL_CTX pair\n"); |
| goto end; |
| } |
| |
| SSL_CTX_set_options(sctx, SSL_OP_NO_EXTENDED_MASTER_SECRET); |
| |
| if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { |
| printf("Unable to create SSL objects\n"); |
| goto end; |
| } |
| |
| if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { |
| printf("Creating SSL connection failed\n"); |
| goto end; |
| } |
| |
| if (SSL_get_extms_support(serverssl)) { |
| printf("Server reports Extended Master Secret support\n"); |
| goto end; |
| } |
| |
| if (SSL_get_extms_support(clientssl)) { |
| printf("Client reports Extended Master Secret support\n"); |
| goto end; |
| } |
| testresult = 1; |
| |
| end: |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| return testresult; |
| } |
| |
| /* |
| * Very focused test to exercise a single case in the server-side state |
| * machine, when the ChangeCipherState message needs to actually change |
| * from one cipher to a different cipher (i.e., not changing from null |
| * encryption to real encryption). |
| */ |
| static int test_ccs_change_cipher(void) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| SSL_SESSION *sess = NULL, *sesspre, *sesspost; |
| int testresult = 0; |
| int i; |
| unsigned char buf; |
| size_t readbytes; |
| |
| /* |
| * Create a connection so we can resume and potentially (but not) use |
| * a different cipher in the second connection. |
| */ |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), |
| TLS1_VERSION, TLS1_2_VERSION, |
| &sctx, &cctx, cert, privkey)) |
| || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET)) |
| || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
| NULL, NULL)) |
| || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_ptr(sesspre = SSL_get0_session(serverssl)) |
| || !TEST_ptr(sess = SSL_get1_session(clientssl))) |
| goto end; |
| |
| shutdown_ssl_connection(serverssl, clientssl); |
| serverssl = clientssl = NULL; |
| |
| /* Resume, preferring a different cipher. Our server will force the |
| * same cipher to be used as the initial handshake. */ |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
| NULL, NULL)) |
| || !TEST_true(SSL_set_session(clientssl, sess)) |
| || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384:AES128-GCM-SHA256")) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_true(SSL_session_reused(clientssl)) |
| || !TEST_true(SSL_session_reused(serverssl)) |
| || !TEST_ptr(sesspost = SSL_get0_session(serverssl)) |
| || !TEST_ptr_eq(sesspre, sesspost) |
| || !TEST_int_eq(TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, |
| SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl)))) |
| goto end; |
| shutdown_ssl_connection(serverssl, clientssl); |
| serverssl = clientssl = NULL; |
| |
| /* |
| * Now create a fresh connection and try to renegotiate a different |
| * cipher on it. |
| */ |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
| NULL, NULL)) |
| || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_ptr(sesspre = SSL_get0_session(serverssl)) |
| || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")) |
| || !TEST_true(SSL_renegotiate(clientssl)) |
| || !TEST_true(SSL_renegotiate_pending(clientssl))) |
| goto end; |
| /* Actually drive the renegotiation. */ |
| for (i = 0; i < 3; i++) { |
| if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { |
| if (!TEST_ulong_eq(readbytes, 0)) |
| goto end; |
| } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), |
| SSL_ERROR_WANT_READ)) { |
| goto end; |
| } |
| if (SSL_read_ex(serverssl, &buf, sizeof(buf), &readbytes) > 0) { |
| if (!TEST_ulong_eq(readbytes, 0)) |
| goto end; |
| } else if (!TEST_int_eq(SSL_get_error(serverssl, 0), |
| SSL_ERROR_WANT_READ)) { |
| goto end; |
| } |
| } |
| /* sesspre and sesspost should be different since the cipher changed. */ |
| if (!TEST_false(SSL_renegotiate_pending(clientssl)) |
| || !TEST_false(SSL_session_reused(clientssl)) |
| || !TEST_false(SSL_session_reused(serverssl)) |
| || !TEST_ptr(sesspost = SSL_get0_session(serverssl)) |
| || !TEST_ptr_ne(sesspre, sesspost) |
| || !TEST_int_eq(TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, |
| SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl)))) |
| goto end; |
| |
| shutdown_ssl_connection(serverssl, clientssl); |
| serverssl = clientssl = NULL; |
| |
| testresult = 1; |
| |
| end: |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| SSL_SESSION_free(sess); |
| |
| return testresult; |
| } |
| #endif |
| |
| static int execute_test_large_message(const SSL_METHOD *smeth, |
| const SSL_METHOD *cmeth, |
| int min_version, int max_version, |
| int read_ahead) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| int testresult = 0; |
| int i; |
| BIO *certbio = NULL; |
| X509 *chaincert = NULL; |
| int certlen; |
| |
| if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))) |
| goto end; |
| |
| if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL))) |
| goto end; |
| |
| if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL) |
| goto end; |
| BIO_free(certbio); |
| certbio = NULL; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version, |
| max_version, &sctx, &cctx, cert, |
| privkey))) |
| goto end; |
| |
| #ifdef OPENSSL_NO_DTLS1_2 |
| if (smeth == DTLS_server_method()) { |
| /* |
| * Default sigalgs are SHA1 based in <DTLS1.2 which is in security |
| * level 0 |
| */ |
| if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) |
| || !TEST_true(SSL_CTX_set_cipher_list(cctx, |
| "DEFAULT:@SECLEVEL=0"))) |
| goto end; |
| } |
| #endif |
| |
| if (read_ahead) { |
| /* |
| * Test that read_ahead works correctly when dealing with large |
| * records |
| */ |
| SSL_CTX_set_read_ahead(cctx, 1); |
| } |
| |
| /* |
| * We assume the supplied certificate is big enough so that if we add |
| * NUM_EXTRA_CERTS it will make the overall message large enough. The |
| * default buffer size is requested to be 16k, but due to the way BUF_MEM |
| * works, it ends up allocating a little over 21k (16 * 4/3). So, in this |
| * test we need to have a message larger than that. |
| */ |
| certlen = i2d_X509(chaincert, NULL); |
| OPENSSL_assert(certlen * NUM_EXTRA_CERTS > |
| (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); |
| for (i = 0; i < NUM_EXTRA_CERTS; i++) { |
| if (!X509_up_ref(chaincert)) |
| goto end; |
| if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) { |
| X509_free(chaincert); |
| goto end; |
| } |
| } |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
| NULL, NULL)) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE))) |
| goto end; |
| |
| /* |
| * Calling SSL_clear() first is not required but this tests that SSL_clear() |
| * doesn't leak. |
| */ |
| if (!TEST_true(SSL_clear(serverssl))) |
| goto end; |
| |
| testresult = 1; |
| end: |
| BIO_free(certbio); |
| X509_free(chaincert); |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| return testresult; |
| } |
| |
| #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_KTLS) && \ |
| !(defined(OSSL_NO_USABLE_TLS1_3) && defined(OPENSSL_NO_TLS1_2)) |
| /* sock must be connected */ |
| static int ktls_chk_platform(int sock) |
| { |
| if (!ktls_enable(sock)) |
| return 0; |
| return 1; |
| } |
| |
| static int ping_pong_query(SSL *clientssl, SSL *serverssl) |
| { |
| static char count = 1; |
| unsigned char cbuf[16000] = {0}; |
| unsigned char sbuf[16000]; |
| size_t err = 0; |
| char crec_wseq_before[SEQ_NUM_SIZE]; |
| char crec_wseq_after[SEQ_NUM_SIZE]; |
| char crec_rseq_before[SEQ_NUM_SIZE]; |
| char crec_rseq_after[SEQ_NUM_SIZE]; |
| char srec_wseq_before[SEQ_NUM_SIZE]; |
| char srec_wseq_after[SEQ_NUM_SIZE]; |
| char srec_rseq_before[SEQ_NUM_SIZE]; |
| char srec_rseq_after[SEQ_NUM_SIZE]; |
| |
| cbuf[0] = count++; |
| memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); |
| memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); |
| memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); |
| memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); |
| |
| if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf))) |
| goto end; |
| |
| while ((err = SSL_read(serverssl, &sbuf, sizeof(sbuf))) != sizeof(sbuf)) { |
| if (SSL_get_error(serverssl, err) != SSL_ERROR_WANT_READ) { |
| goto end; |
| } |
| } |
| |
| if (!TEST_true(SSL_write(serverssl, sbuf, sizeof(sbuf)) == sizeof(sbuf))) |
| goto end; |
| |
| while ((err = SSL_read(clientssl, &cbuf, sizeof(cbuf))) != sizeof(cbuf)) { |
| if (SSL_get_error(clientssl, err) != SSL_ERROR_WANT_READ) { |
| goto end; |
| } |
| } |
| |
| memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); |
| memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); |
| memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); |
| memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); |
| |
| /* verify the payload */ |
| if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) |
| goto end; |
| |
| /* |
| * If ktls is used then kernel sequences are used instead of |
| * OpenSSL sequences |
| */ |
| if (!BIO_get_ktls_send(clientssl->wbio)) { |
| if (!TEST_mem_ne(crec_wseq_before, SEQ_NUM_SIZE, |
| crec_wseq_after, SEQ_NUM_SIZE)) |
| goto end; |
| } else { |
| if (!TEST_mem_eq(crec_wseq_before, SEQ_NUM_SIZE, |
| crec_wseq_after, SEQ_NUM_SIZE)) |
| goto end; |
| } |
| |
| if (!BIO_get_ktls_send(serverssl->wbio)) { |
| if (!TEST_mem_ne(srec_wseq_before, SEQ_NUM_SIZE, |
| srec_wseq_after, SEQ_NUM_SIZE)) |
| goto end; |
| } else { |
| if (!TEST_mem_eq(srec_wseq_before, SEQ_NUM_SIZE, |
| srec_wseq_after, SEQ_NUM_SIZE)) |
| goto end; |
| } |
| |
| if (!BIO_get_ktls_recv(clientssl->wbio)) { |
| if (!TEST_mem_ne(crec_rseq_before, SEQ_NUM_SIZE, |
| crec_rseq_after, SEQ_NUM_SIZE)) |
| goto end; |
| } else { |
| if (!TEST_mem_eq(crec_rseq_before, SEQ_NUM_SIZE, |
| crec_rseq_after, SEQ_NUM_SIZE)) |
| goto end; |
| } |
| |
| if (!BIO_get_ktls_recv(serverssl->wbio)) { |
| if (!TEST_mem_ne(srec_rseq_before, SEQ_NUM_SIZE, |
| srec_rseq_after, SEQ_NUM_SIZE)) |
| goto end; |
| } else { |
| if (!TEST_mem_eq(srec_rseq_before, SEQ_NUM_SIZE, |
| srec_rseq_after, SEQ_NUM_SIZE)) |
| goto end; |
| } |
| |
| return 1; |
| end: |
| return 0; |
| } |
| |
| static int execute_test_ktls(int cis_ktls, int sis_ktls, |
| int tls_version, const char *cipher) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| int ktls_used = 0, testresult = 0; |
| int cfd = -1, sfd = -1; |
| int rx_supported; |
| |
| if (!TEST_true(create_test_sockets(&cfd, &sfd))) |
| goto end; |
| |
| /* Skip this test if the platform does not support ktls */ |
| if (!ktls_chk_platform(cfd)) { |
| testresult = TEST_skip("Kernel does not support KTLS"); |
| goto end; |
| } |
| |
| if (is_fips && strstr(cipher, "CHACHA") != NULL) { |
| testresult = TEST_skip("CHACHA is not supported in FIPS"); |
| goto end; |
| } |
| |
| /* Create a session based on SHA-256 */ |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), |
| tls_version, tls_version, |
| &sctx, &cctx, cert, privkey))) |
| goto end; |
| |
| if (tls_version == TLS1_3_VERSION) { |
| if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, cipher)) |
| || !TEST_true(SSL_CTX_set_ciphersuites(sctx, cipher))) |
| goto end; |
| } else { |
| if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher)) |
| || !TEST_true(SSL_CTX_set_cipher_list(sctx, cipher))) |
| goto end; |
| } |
| |
| if (!TEST_true(create_ssl_objects2(sctx, cctx, &serverssl, |
| &clientssl, sfd, cfd))) |
| goto end; |
| |
| if (cis_ktls) { |
| if (!TEST_true(SSL_set_options(clientssl, SSL_OP_ENABLE_KTLS))) |
| goto end; |
| } |
| |
| if (sis_ktls) { |
| if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS))) |
| goto end; |
| } |
| |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) |
| goto end; |
| |
| /* |
| * The running kernel may not support a given cipher suite |
| * or direction, so just check that KTLS isn't used when it |
| * isn't enabled. |
| */ |
| if (!cis_ktls) { |
| if (!TEST_false(BIO_get_ktls_send(clientssl->wbio))) |
| goto end; |
| } else { |
| if (BIO_get_ktls_send(clientssl->wbio)) |
| ktls_used = 1; |
| } |
| |
| if (!sis_ktls) { |
| if (!TEST_false(BIO_get_ktls_send(serverssl->wbio))) |
| goto end; |
| } else { |
| if (BIO_get_ktls_send(serverssl->wbio)) |
| ktls_used = 1; |
| } |
| |
| #if defined(OPENSSL_NO_KTLS_RX) |
| rx_supported = 0; |
| #else |
| rx_supported = 1; |
| #endif |
| if (!cis_ktls || !rx_supported) { |
| if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) |
| goto end; |
| } else { |
| if (BIO_get_ktls_send(clientssl->rbio)) |
| ktls_used = 1; |
| } |
| |
| if (!sis_ktls || !rx_supported) { |
| if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio))) |
| goto end; |
| } else { |
| if (BIO_get_ktls_send(serverssl->rbio)) |
| ktls_used = 1; |
| } |
| |
| if ((cis_ktls || sis_ktls) && !ktls_used) { |
| testresult = TEST_skip("KTLS not supported for %s cipher %s", |
| tls_version == TLS1_3_VERSION ? "TLS 1.3" : |
| "TLS 1.2", cipher); |
| goto end; |
| } |
| |
| if (!TEST_true(ping_pong_query(clientssl, serverssl))) |
| goto end; |
| |
| testresult = 1; |
| end: |
| if (clientssl) { |
| SSL_shutdown(clientssl); |
| SSL_free(clientssl); |
| } |
| if (serverssl) { |
| SSL_shutdown(serverssl); |
| SSL_free(serverssl); |
| } |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| serverssl = clientssl = NULL; |
| if (cfd != -1) |
| close(cfd); |
| if (sfd != -1) |
| close(sfd); |
| return testresult; |
| } |
| |
| #define SENDFILE_SZ (16 * 4096) |
| #define SENDFILE_CHUNK (4 * 4096) |
| #define min(a,b) ((a) > (b) ? (b) : (a)) |
| |
| static int execute_test_ktls_sendfile(int tls_version, const char *cipher) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| unsigned char *buf, *buf_dst; |
| BIO *out = NULL, *in = NULL; |
| int cfd = -1, sfd = -1, ffd, err; |
| ssize_t chunk_size = 0; |
| off_t chunk_off = 0; |
| int testresult = 0; |
| FILE *ffdp; |
| |
| buf = OPENSSL_zalloc(SENDFILE_SZ); |
| buf_dst = OPENSSL_zalloc(SENDFILE_SZ); |
| if (!TEST_ptr(buf) || !TEST_ptr(buf_dst) |
| || !TEST_true(create_test_sockets(&cfd, &sfd))) |
| goto end; |
| |
| /* Skip this test if the platform does not support ktls */ |
| if (!ktls_chk_platform(sfd)) { |
| testresult = TEST_skip("Kernel does not support KTLS"); |
| goto end; |
| } |
| |
| if (is_fips && strstr(cipher, "CHACHA") != NULL) { |
| testresult = TEST_skip("CHACHA is not supported in FIPS"); |
| goto end; |
| } |
| |
| /* Create a session based on SHA-256 */ |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), |
| tls_version, tls_version, |
| &sctx, &cctx, cert, privkey))) |
| goto end; |
| |
| if (tls_version == TLS1_3_VERSION) { |
| if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, cipher)) |
| || !TEST_true(SSL_CTX_set_ciphersuites(sctx, cipher))) |
| goto end; |
| } else { |
| if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher)) |
| || !TEST_true(SSL_CTX_set_cipher_list(sctx, cipher))) |
| goto end; |
| } |
| |
| if (!TEST_true(create_ssl_objects2(sctx, cctx, &serverssl, |
| &clientssl, sfd, cfd))) |
| goto end; |
| |
| if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS))) |
| goto end; |
| |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE))) |
| goto end; |
| |
| if (!BIO_get_ktls_send(serverssl->wbio)) { |
| testresult = TEST_skip("Failed to enable KTLS for %s cipher %s", |
| tls_version == TLS1_3_VERSION ? "TLS 1.3" : |
| "TLS 1.2", cipher); |
| goto end; |
| } |
| |
| if (!TEST_int_gt(RAND_bytes_ex(libctx, buf, SENDFILE_SZ, 0), 0)) |
| goto end; |
| |
| out = BIO_new_file(tmpfilename, "wb"); |
| if (!TEST_ptr(out)) |
| goto end; |
| |
| if (BIO_write(out, buf, SENDFILE_SZ) != SENDFILE_SZ) |
| goto end; |
| |
| BIO_free(out); |
| out = NULL; |
| in = BIO_new_file(tmpfilename, "rb"); |
| BIO_get_fp(in, &ffdp); |
| ffd = fileno(ffdp); |
| |
| while (chunk_off < SENDFILE_SZ) { |
| chunk_size = min(SENDFILE_CHUNK, SENDFILE_SZ - chunk_off); |
| while ((err = SSL_sendfile(serverssl, |
| ffd, |
| chunk_off, |
| chunk_size, |
| 0)) != chunk_size) { |
| if (SSL_get_error(serverssl, err) != SSL_ERROR_WANT_WRITE) |
| goto end; |
| } |
| while ((err = SSL_read(clientssl, |
| buf_dst + chunk_off, |
| chunk_size)) != chunk_size) { |
| if (SSL_get_error(clientssl, err) != SSL_ERROR_WANT_READ) |
| goto end; |
| } |
| |
| /* verify the payload */ |
| if (!TEST_mem_eq(buf_dst + chunk_off, |
| chunk_size, |
| buf + chunk_off, |
| chunk_size)) |
| goto end; |
| |
| chunk_off += chunk_size; |
| } |
| |
| testresult = 1; |
| end: |
| if (clientssl) { |
| SSL_shutdown(clientssl); |
| SSL_free(clientssl); |
| } |
| if (serverssl) { |
| SSL_shutdown(serverssl); |
| SSL_free(serverssl); |
| } |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| serverssl = clientssl = NULL; |
| BIO_free(out); |
| BIO_free(in); |
| if (cfd != -1) |
| close(cfd); |
| if (sfd != -1) |
| close(sfd); |
| OPENSSL_free(buf); |
| OPENSSL_free(buf_dst); |
| return testresult; |
| } |
| |
| static struct ktls_test_cipher { |
| int tls_version; |
| const char *cipher; |
| } ktls_test_ciphers[] = { |
| # if !defined(OPENSSL_NO_TLS1_2) |
| # ifdef OPENSSL_KTLS_AES_GCM_128 |
| { TLS1_2_VERSION, "AES128-GCM-SHA256" }, |
| # endif |
| # ifdef OPENSSL_KTLS_AES_CCM_128 |
| { TLS1_2_VERSION, "AES128-CCM"}, |
| # endif |
| # ifdef OPENSSL_KTLS_AES_GCM_256 |
| { TLS1_2_VERSION, "AES256-GCM-SHA384"}, |
| # endif |
| # ifdef OPENSSL_KTLS_CHACHA20_POLY1305 |
| { TLS1_2_VERSION, "ECDHE-RSA-CHACHA20-POLY1305"}, |
| # endif |
| # endif |
| # if !defined(OSSL_NO_USABLE_TLS1_3) |
| # ifdef OPENSSL_KTLS_AES_GCM_128 |
| { TLS1_3_VERSION, "TLS_AES_128_GCM_SHA256" }, |
| # endif |
| # ifdef OPENSSL_KTLS_AES_CCM_128 |
| { TLS1_3_VERSION, "TLS_AES_128_CCM_SHA256" }, |
| # endif |
| # ifdef OPENSSL_KTLS_AES_GCM_256 |
| { TLS1_3_VERSION, "TLS_AES_256_GCM_SHA384" }, |
| # endif |
| # ifdef OPENSSL_KTLS_CHACHA20_POLY1305 |
| { TLS1_3_VERSION, "TLS_CHACHA20_POLY1305_SHA256" }, |
| # endif |
| # endif |
| }; |
| |
| #define NUM_KTLS_TEST_CIPHERS \ |
| (sizeof(ktls_test_ciphers) / sizeof(ktls_test_ciphers[0])) |
| |
| static int test_ktls(int test) |
| { |
| struct ktls_test_cipher *cipher; |
| int cis_ktls, sis_ktls; |
| |
| OPENSSL_assert(test / 4 < (int)NUM_KTLS_TEST_CIPHERS); |
| cipher = &ktls_test_ciphers[test / 4]; |
| |
| cis_ktls = (test & 1) != 0; |
| sis_ktls = (test & 2) != 0; |
| |
| return execute_test_ktls(cis_ktls, sis_ktls, cipher->tls_version, |
| cipher->cipher); |
| } |
| |
| static int test_ktls_sendfile(int tst) |
| { |
| struct ktls_test_cipher *cipher; |
| |
| OPENSSL_assert(tst < (int)NUM_KTLS_TEST_CIPHERS); |
| cipher = &ktls_test_ciphers[tst]; |
| |
| return execute_test_ktls_sendfile(cipher->tls_version, cipher->cipher); |
| } |
| #endif |
| |
| static int test_large_message_tls(void) |
| { |
| return execute_test_large_message(TLS_server_method(), TLS_client_method(), |
| TLS1_VERSION, 0, 0); |
| } |
| |
| static int test_large_message_tls_read_ahead(void) |
| { |
| return execute_test_large_message(TLS_server_method(), TLS_client_method(), |
| TLS1_VERSION, 0, 1); |
| } |
| |
| #ifndef OPENSSL_NO_DTLS |
| static int test_large_message_dtls(void) |
| { |
| # ifdef OPENSSL_NO_DTLS1_2 |
| /* Not supported in the FIPS provider */ |
| if (is_fips) |
| return 1; |
| # endif |
| /* |
| * read_ahead is not relevant to DTLS because DTLS always acts as if |
| * read_ahead is set. |
| */ |
| return execute_test_large_message(DTLS_server_method(), |
| DTLS_client_method(), |
| DTLS1_VERSION, 0, 0); |
| } |
| #endif |
| |
| static int execute_cleanse_plaintext(const SSL_METHOD *smeth, |
| const SSL_METHOD *cmeth, |
| int min_version, int max_version) |
| { |
| size_t i; |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| int testresult = 0; |
| SSL3_RECORD *rr; |
| void *zbuf; |
| |
| static unsigned char cbuf[16000]; |
| static unsigned char sbuf[16000]; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, |
| smeth, cmeth, |
| min_version, max_version, |
| &sctx, &cctx, cert, |
| privkey))) |
| goto end; |
| |
| #ifdef OPENSSL_NO_DTLS1_2 |
| if (smeth == DTLS_server_method()) { |
| # ifdef OPENSSL_NO_DTLS1_2 |
| /* Not supported in the FIPS provider */ |
| if (is_fips) { |
| testresult = 1; |
| goto end; |
| }; |
| # endif |
| /* |
| * Default sigalgs are SHA1 based in <DTLS1.2 which is in security |
| * level 0 |
| */ |
| if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) |
| || !TEST_true(SSL_CTX_set_cipher_list(cctx, |
| "DEFAULT:@SECLEVEL=0"))) |
| goto end; |
| } |
| #endif |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
| NULL, NULL))) |
| goto end; |
| |
| if (!TEST_true(SSL_set_options(serverssl, SSL_OP_CLEANSE_PLAINTEXT))) |
| goto end; |
| |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE))) |
| goto end; |
| |
| for (i = 0; i < sizeof(cbuf); i++) { |
| cbuf[i] = i & 0xff; |
| } |
| |
| if (!TEST_int_eq(SSL_write(clientssl, cbuf, sizeof(cbuf)), sizeof(cbuf))) |
| goto end; |
| |
| if (!TEST_int_eq(SSL_peek(serverssl, &sbuf, sizeof(sbuf)), sizeof(sbuf))) |
| goto end; |
| |
| if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) |
| goto end; |
| |
| /* |
| * Since we called SSL_peek(), we know the data in the record |
| * layer is a plaintext record. We can gather the pointer to check |
| * for zeroization after SSL_read(). |
| */ |
| rr = serverssl->rlayer.rrec; |
| zbuf = &rr->data[rr->off]; |
| if (!TEST_int_eq(rr->length, sizeof(cbuf))) |
| goto end; |
| |
| /* |
| * After SSL_peek() the plaintext must still be stored in the |
| * record. |
| */ |
| if (!TEST_mem_eq(cbuf, sizeof(cbuf), zbuf, sizeof(cbuf))) |
| goto end; |
| |
| memset(sbuf, 0, sizeof(sbuf)); |
| if (!TEST_int_eq(SSL_read(serverssl, &sbuf, sizeof(sbuf)), sizeof(sbuf))) |
| goto end; |
| |
| if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(cbuf))) |
| goto end; |
| |
| /* Check if rbuf is cleansed */ |
| memset(cbuf, 0, sizeof(cbuf)); |
| if (!TEST_mem_eq(cbuf, sizeof(cbuf), zbuf, sizeof(cbuf))) |
| goto end; |
| |
| testresult = 1; |
| end: |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| return testresult; |
| } |
| |
| static int test_cleanse_plaintext(void) |
| { |
| #if !defined(OPENSSL_NO_TLS1_2) |
| if (!TEST_true(execute_cleanse_plaintext(TLS_server_method(), |
| TLS_client_method(), |
| TLS1_2_VERSION, |
| TLS1_2_VERSION))) |
| return 0; |
| |
| #endif |
| |
| #if !defined(OSSL_NO_USABLE_TLS1_3) |
| if (!TEST_true(execute_cleanse_plaintext(TLS_server_method(), |
| TLS_client_method(), |
| TLS1_3_VERSION, |
| TLS1_3_VERSION))) |
| return 0; |
| #endif |
| |
| #if !defined(OPENSSL_NO_DTLS) |
| |
| if (!TEST_true(execute_cleanse_plaintext(DTLS_server_method(), |
| DTLS_client_method(), |
| DTLS1_VERSION, |
| 0))) |
| return 0; |
| #endif |
| return 1; |
| } |
| |
| #ifndef OPENSSL_NO_OCSP |
| static int ocsp_server_cb(SSL *s, void *arg) |
| { |
| int *argi = (int *)arg; |
| unsigned char *copy = NULL; |
| STACK_OF(OCSP_RESPID) *ids = NULL; |
| OCSP_RESPID *id = NULL; |
| |
| if (*argi == 2) { |
| /* In this test we are expecting exactly 1 OCSP_RESPID */ |
| SSL_get_tlsext_status_ids(s, &ids); |
| if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1) |
| return SSL_TLSEXT_ERR_ALERT_FATAL; |
| |
| id = sk_OCSP_RESPID_value(ids, 0); |
| if (id == NULL || !OCSP_RESPID_match_ex(id, ocspcert, libctx, NULL)) |
| return SSL_TLSEXT_ERR_ALERT_FATAL; |
| } else if (*argi != 1) { |
| return SSL_TLSEXT_ERR_ALERT_FATAL; |
| } |
| |
| if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder)))) |
| return SSL_TLSEXT_ERR_ALERT_FATAL; |
| |
| if (!TEST_true(SSL_set_tlsext_status_ocsp_resp(s, copy, |
| sizeof(orespder)))) { |
| OPENSSL_free(copy); |
| return SSL_TLSEXT_ERR_ALERT_FATAL; |
| } |
| ocsp_server_called = 1; |
| return SSL_TLSEXT_ERR_OK; |
| } |
| |
| static int ocsp_client_cb(SSL *s, void *arg) |
| { |
| int *argi = (int *)arg; |
| const unsigned char *respderin; |
| size_t len; |
| |
| if (*argi != 1 && *argi != 2) |
| return 0; |
| |
| len = SSL_get_tlsext_status_ocsp_resp(s, &respderin); |
| if (!TEST_mem_eq(orespder, len, respderin, len)) |
| return 0; |
| |
| ocsp_client_called = 1; |
| return 1; |
| } |
| |
| static int test_tlsext_status_type(void) |
| { |
| SSL_CTX *cctx = NULL, *sctx = NULL; |
| SSL *clientssl = NULL, *serverssl = NULL; |
| int testresult = 0; |
| STACK_OF(OCSP_RESPID) *ids = NULL; |
| OCSP_RESPID *id = NULL; |
| BIO *certbio = NULL; |
| |
| if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), |
| TLS1_VERSION, 0, |
| &sctx, &cctx, cert, privkey)) |
| return 0; |
| |
| if (SSL_CTX_get_tlsext_status_type(cctx) != -1) |
| goto end; |
| |
| /* First just do various checks getting and setting tlsext_status_type */ |
| |
| clientssl = SSL_new(cctx); |
| if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1) |
| || !TEST_true(SSL_set_tlsext_status_type(clientssl, |
| TLSEXT_STATUSTYPE_ocsp)) |
| || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl), |
| TLSEXT_STATUSTYPE_ocsp)) |
| goto end; |
| |
| SSL_free(clientssl); |
| clientssl = NULL; |
| |
| if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp) |
| || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp) |
| goto end; |
| |
| clientssl = SSL_new(cctx); |
| if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) |
| goto end; |
| SSL_free(clientssl); |
| clientssl = NULL; |
| |
| /* |
| * Now actually do a handshake and check OCSP information is exchanged and |
| * the callbacks get called |
| */ |
| SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb); |
| SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg); |
| SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb); |
| SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg); |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL)) |
| || !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_true(ocsp_client_called) |
| || !TEST_true(ocsp_server_called)) |
| goto end; |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| serverssl = NULL; |
| clientssl = NULL; |
| |
| /* Try again but this time force the server side callback to fail */ |
| ocsp_client_called = 0; |
| ocsp_server_called = 0; |
| cdummyarg = 0; |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL)) |
| /* This should fail because the callback will fail */ |
| || !TEST_false(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_false(ocsp_client_called) |
| || !TEST_false(ocsp_server_called)) |
| goto end; |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| serverssl = NULL; |
| clientssl = NULL; |
| |
| /* |
| * This time we'll get the client to send an OCSP_RESPID that it will |
| * accept. |
| */ |
| ocsp_client_called = 0; |
| ocsp_server_called = 0; |
| cdummyarg = 2; |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL))) |
| goto end; |
| |
| /* |
| * We'll just use any old cert for this test - it doesn't have to be an OCSP |
| * specific one. We'll use the server cert. |
| */ |
| if (!TEST_ptr(certbio = BIO_new_file(cert, "r")) |
| || !TEST_ptr(id = OCSP_RESPID_new()) |
| || !TEST_ptr(ids = sk_OCSP_RESPID_new_null()) |
| || !TEST_ptr(ocspcert = X509_new_ex(libctx, NULL)) |
| || !TEST_ptr(PEM_read_bio_X509(certbio, &ocspcert, NULL, NULL)) |
| || !TEST_true(OCSP_RESPID_set_by_key_ex(id, ocspcert, libctx, NULL)) |
| || !TEST_true(sk_OCSP_RESPID_push(ids, id))) |
| goto end; |
| id = NULL; |
| SSL_set_tlsext_status_ids(clientssl, ids); |
| /* Control has been transferred */ |
| ids = NULL; |
| |
| BIO_free(certbio); |
| certbio = NULL; |
| |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_true(ocsp_client_called) |
| || !TEST_true(ocsp_server_called)) |
| goto end; |
| |
| testresult = 1; |
| |
| end: |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free); |
| OCSP_RESPID_free(id); |
| BIO_free(certbio); |
| X509_free(ocspcert); |
| ocspcert = NULL; |
| |
| return testresult; |
| } |
| #endif |
| |
| #if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) |
| static int new_called, remove_called, get_called; |
| |
| static int new_session_cb(SSL *ssl, SSL_SESSION *sess) |
| { |
| new_called++; |
| /* |
| * sess has been up-refed for us, but we don't actually need it so free it |
| * immediately. |
| */ |
| SSL_SESSION_free(sess); |
| return 1; |
| } |
| |
| static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess) |
| { |
| remove_called++; |
| } |
| |
| static SSL_SESSION *get_sess_val = NULL; |
| |
| static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len, |
| int *copy) |
| { |
| get_called++; |
| *copy = 1; |
| return get_sess_val; |
| } |
| |
| static int execute_test_session(int maxprot, int use_int_cache, |
| int use_ext_cache, long s_options) |
| { |
| SSL_CTX *sctx = NULL, *cctx = NULL; |
| SSL *serverssl1 = NULL, *clientssl1 = NULL; |
| SSL *serverssl2 = NULL, *clientssl2 = NULL; |
| # ifndef OPENSSL_NO_TLS1_1 |
| SSL *serverssl3 = NULL, *clientssl3 = NULL; |
| # endif |
| SSL_SESSION *sess1 = NULL, *sess2 = NULL; |
| int testresult = 0, numnewsesstick = 1; |
| |
| new_called = remove_called = 0; |
| |
| /* TLSv1.3 sends 2 NewSessionTickets */ |
| if (maxprot == TLS1_3_VERSION) |
| numnewsesstick = 2; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), TLS1_VERSION, 0, |
| &sctx, &cctx, cert, privkey))) |
| return 0; |
| |
| /* |
| * Only allow the max protocol version so we can force a connection failure |
| * later |
| */ |
| SSL_CTX_set_min_proto_version(cctx, maxprot); |
| SSL_CTX_set_max_proto_version(cctx, maxprot); |
| |
| /* Set up session cache */ |
| if (use_ext_cache) { |
| SSL_CTX_sess_set_new_cb(cctx, new_session_cb); |
| SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb); |
| } |
| if (use_int_cache) { |
| /* Also covers instance where both are set */ |
| SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT); |
| } else { |
| SSL_CTX_set_session_cache_mode(cctx, |
| SSL_SESS_CACHE_CLIENT |
| | SSL_SESS_CACHE_NO_INTERNAL_STORE); |
| } |
| |
| if (s_options) { |
| SSL_CTX_set_options(sctx, s_options); |
| } |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, |
| NULL, NULL)) |
| || !TEST_true(create_ssl_connection(serverssl1, clientssl1, |
| SSL_ERROR_NONE)) |
| || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))) |
| goto end; |
| |
| /* Should fail because it should already be in the cache */ |
| if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1))) |
| goto end; |
| if (use_ext_cache |
| && (!TEST_int_eq(new_called, numnewsesstick) |
| |
| || !TEST_int_eq(remove_called, 0))) |
| goto end; |
| |
| new_called = remove_called = 0; |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, |
| &clientssl2, NULL, NULL)) |
| || !TEST_true(SSL_set_session(clientssl2, sess1)) |
| || !TEST_true(create_ssl_connection(serverssl2, clientssl2, |
| SSL_ERROR_NONE)) |
| || !TEST_true(SSL_session_reused(clientssl2))) |
| goto end; |
| |
| if (maxprot == TLS1_3_VERSION) { |
| /* |
| * In TLSv1.3 we should have created a new session even though we have |
| * resumed. Since we attempted a resume we should also have removed the |
| * old ticket from the cache so that we try to only use tickets once. |
| */ |
| if (use_ext_cache |
| && (!TEST_int_eq(new_called, 1) |
| || !TEST_int_eq(remove_called, 1))) |
| goto end; |
| } else { |
| /* |
| * In TLSv1.2 we expect to have resumed so no sessions added or |
| * removed. |
| */ |
| if (use_ext_cache |
| && (!TEST_int_eq(new_called, 0) |
| || !TEST_int_eq(remove_called, 0))) |
| goto end; |
| } |
| |
| SSL_SESSION_free(sess1); |
| if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2))) |
| goto end; |
| shutdown_ssl_connection(serverssl2, clientssl2); |
| serverssl2 = clientssl2 = NULL; |
| |
| new_called = remove_called = 0; |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, |
| &clientssl2, NULL, NULL)) |
| || !TEST_true(create_ssl_connection(serverssl2, clientssl2, |
| SSL_ERROR_NONE))) |
| goto end; |
| |
| if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2))) |
| goto end; |
| |
| if (use_ext_cache |
| && (!TEST_int_eq(new_called, numnewsesstick) |
| || !TEST_int_eq(remove_called, 0))) |
| goto end; |
| |
| new_called = remove_called = 0; |
| /* |
| * This should clear sess2 from the cache because it is a "bad" session. |
| * See SSL_set_session() documentation. |
| */ |
| if (!TEST_true(SSL_set_session(clientssl2, sess1))) |
| goto end; |
| if (use_ext_cache |
| && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) |
| goto end; |
| if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1)) |
| goto end; |
| |
| if (use_int_cache) { |
| /* Should succeeded because it should not already be in the cache */ |
| if (!TEST_true(SSL_CTX_add_session(cctx, sess2)) |
| || !TEST_true(SSL_CTX_remove_session(cctx, sess2))) |
| goto end; |
| } |
| |
| new_called = remove_called = 0; |
| /* This shouldn't be in the cache so should fail */ |
| if (!TEST_false(SSL_CTX_remove_session(cctx, sess2))) |
| goto end; |
| |
| if (use_ext_cache |
| && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) |
| goto end; |
| |
| # if !defined(OPENSSL_NO_TLS1_1) |
| new_called = remove_called = 0; |
| /* Force a connection failure */ |
| SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION); |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3, |
| &clientssl3, NULL, NULL)) |
| || !TEST_true(SSL_set_session(clientssl3, sess1)) |
| /* This should fail because of the mismatched protocol versions */ |
| || !TEST_false(create_ssl_connection(serverssl3, clientssl3, |
| SSL_ERROR_NONE))) |
| goto end; |
| |
| /* We should have automatically removed the session from the cache */ |
| if (use_ext_cache |
| && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) |
| goto end; |
| |
| /* Should succeed because it should not already be in the cache */ |
| if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2))) |
| goto end; |
| # endif |
| |
| /* Now do some tests for server side caching */ |
| if (use_ext_cache) { |
| SSL_CTX_sess_set_new_cb(cctx, NULL); |
| SSL_CTX_sess_set_remove_cb(cctx, NULL); |
| SSL_CTX_sess_set_new_cb(sctx, new_session_cb); |
| SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb); |
| SSL_CTX_sess_set_get_cb(sctx, get_session_cb); |
| get_sess_val = NULL; |
| } |
| |
| SSL_CTX_set_session_cache_mode(cctx, 0); |
| /* Internal caching is the default on the server side */ |
| if (!use_int_cache) |
| SSL_CTX_set_session_cache_mode(sctx, |
| SSL_SESS_CACHE_SERVER |
| | SSL_SESS_CACHE_NO_INTERNAL_STORE); |
| |
| SSL_free(serverssl1); |
| SSL_free(clientssl1); |
| serverssl1 = clientssl1 = NULL; |
| SSL_free(serverssl2); |
| SSL_free(clientssl2); |
| serverssl2 = clientssl2 = NULL; |
| SSL_SESSION_free(sess1); |
| sess1 = NULL; |
| SSL_SESSION_free(sess2); |
| sess2 = NULL; |
| |
| SSL_CTX_set_max_proto_version(sctx, maxprot); |
| if (maxprot == TLS1_2_VERSION) |
| SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); |
| new_called = remove_called = get_called = 0; |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, |
| NULL, NULL)) |
| || !TEST_true(create_ssl_connection(serverssl1, clientssl1, |
| SSL_ERROR_NONE)) |
| || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)) |
| || !TEST_ptr(sess2 = SSL_get1_session(serverssl1))) |
| goto end; |
| |
| if (use_int_cache) { |
| if (maxprot == TLS1_3_VERSION && !use_ext_cache) { |
| /* |
| * In TLSv1.3 it should not have been added to the internal cache, |
| * except in the case where we also have an external cache (in that |
| * case it gets added to the cache in order to generate remove |
| * events after timeout). |
| */ |
| if (!TEST_false(SSL_CTX_remove_session(sctx, sess2))) |
| goto end; |
| } else { |
| /* Should fail because it should already be in the cache */ |
| if (!TEST_false(SSL_CTX_add_session(sctx, sess2))) |
| goto end; |
| } |
| } |
| |
| if (use_ext_cache) { |
| SSL_SESSION *tmp = sess2; |
| |
| if (!TEST_int_eq(new_called, numnewsesstick) |
| || !TEST_int_eq(remove_called, 0) |
| || !TEST_int_eq(get_called, 0)) |
| goto end; |
| /* |
| * Delete the session from the internal cache to force a lookup from |
| * the external cache. We take a copy first because |
| * SSL_CTX_remove_session() also marks the session as non-resumable. |
| */ |
| if (use_int_cache && maxprot != TLS1_3_VERSION) { |
| if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2)) |
| || !TEST_true(SSL_CTX_remove_session(sctx, sess2))) |
| goto end; |
| SSL_SESSION_free(sess2); |
| } |
| sess2 = tmp; |
| } |
| |
| new_called = remove_called = get_called = 0; |
| get_sess_val = sess2; |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, |
| &clientssl2, NULL, NULL)) |
| || !TEST_true(SSL_set_session(clientssl2, sess1)) |
| || !TEST_true(create_ssl_connection(serverssl2, clientssl2, |
| SSL_ERROR_NONE)) |
| || !TEST_true(SSL_session_reused(clientssl2))) |
| goto end; |
| |
| if (use_ext_cache) { |
| if (!TEST_int_eq(remove_called, 0)) |
| goto end; |
| |
| if (maxprot == TLS1_3_VERSION) { |
| if (!TEST_int_eq(new_called, 1) |
| || !TEST_int_eq(get_called, 0)) |
| goto end; |
| } else { |
| if (!TEST_int_eq(new_called, 0) |
| || !TEST_int_eq(get_called, 1)) |
| goto end; |
| } |
| } |
| |
| testresult = 1; |
| |
| end: |
| SSL_free(serverssl1); |
| SSL_free(clientssl1); |
| SSL_free(serverssl2); |
| SSL_free(clientssl2); |
| # ifndef OPENSSL_NO_TLS1_1 |
| SSL_free(serverssl3); |
| SSL_free(clientssl3); |
| # endif |
| SSL_SESSION_free(sess1); |
| SSL_SESSION_free(sess2); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| return testresult; |
| } |
| #endif /* !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */ |
| |
| static int test_session_with_only_int_cache(void) |
| { |
| #ifndef OSSL_NO_USABLE_TLS1_3 |
| if (!execute_test_session(TLS1_3_VERSION, 1, 0, 0)) |
| return 0; |
| #endif |
| |
| #ifndef OPENSSL_NO_TLS1_2 |
| return execute_test_session(TLS1_2_VERSION, 1, 0, 0); |
| #else |
| return 1; |
| #endif |
| } |
| |
| static int test_session_with_only_ext_cache(void) |
| { |
| #ifndef OSSL_NO_USABLE_TLS1_3 |
| if (!execute_test_session(TLS1_3_VERSION, 0, 1, 0)) |
| return 0; |
| #endif |
| |
| #ifndef OPENSSL_NO_TLS1_2 |
| return execute_test_session(TLS1_2_VERSION, 0, 1, 0); |
| #else |
| return 1; |
| #endif |
| } |
| |
| static int test_session_with_both_cache(void) |
| { |
| #ifndef OSSL_NO_USABLE_TLS1_3 |
| if (!execute_test_session(TLS1_3_VERSION, 1, 1, 0)) |
| return 0; |
| #endif |
| |
| #ifndef OPENSSL_NO_TLS1_2 |
| return execute_test_session(TLS1_2_VERSION, 1, 1, 0); |
| #else |
| return 1; |
| #endif |
| } |
| |
| static int test_session_wo_ca_names(void) |
| { |
| #ifndef OSSL_NO_USABLE_TLS1_3 |
| if (!execute_test_session(TLS1_3_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES)) |
| return 0; |
| #endif |
| |
| #ifndef OPENSSL_NO_TLS1_2 |
| return execute_test_session(TLS1_2_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES); |
| #else |
| return 1; |
| #endif |
| } |
| |
| |
| #ifndef OSSL_NO_USABLE_TLS1_3 |
| static SSL_SESSION *sesscache[6]; |
| static int do_cache; |
| |
| static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess) |
| { |
| if (do_cache) { |
| sesscache[new_called] = sess; |
| } else { |
| /* We don't need the reference to the session, so free it */ |
| SSL_SESSION_free(sess); |
| } |
| new_called++; |
| |
| return 1; |
| } |
| |
| static int post_handshake_verify(SSL *sssl, SSL *cssl) |
| { |
| SSL_set_verify(sssl, SSL_VERIFY_PEER, NULL); |
| if (!TEST_true(SSL_verify_client_post_handshake(sssl))) |
| return 0; |
| |
| /* Start handshake on the server and client */ |
| if (!TEST_int_eq(SSL_do_handshake(sssl), 1) |
| || !TEST_int_le(SSL_read(cssl, NULL, 0), 0) |
| || !TEST_int_le(SSL_read(sssl, NULL, 0), 0) |
| || !TEST_true(create_ssl_connection(sssl, cssl, |
| SSL_ERROR_NONE))) |
| return 0; |
| |
| return 1; |
| } |
| |
| static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx, |
| SSL_CTX **cctx) |
| { |
| int sess_id_ctx = 1; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), TLS1_VERSION, 0, |
| sctx, cctx, cert, privkey)) |
| || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx)) |
| || !TEST_true(SSL_CTX_set_session_id_context(*sctx, |
| (void *)&sess_id_ctx, |
| sizeof(sess_id_ctx)))) |
| return 0; |
| |
| if (stateful) |
| SSL_CTX_set_options(*sctx, SSL_OP_NO_TICKET); |
| |
| SSL_CTX_set_session_cache_mode(*cctx, SSL_SESS_CACHE_CLIENT |
| | SSL_SESS_CACHE_NO_INTERNAL_STORE); |
| SSL_CTX_sess_set_new_cb(*cctx, new_cachesession_cb); |
| |
| return 1; |
| } |
| |
| static int check_resumption(int idx, SSL_CTX *sctx, SSL_CTX *cctx, int succ) |
| { |
| SSL *serverssl = NULL, *clientssl = NULL; |
| int i; |
| |
| /* Test that we can resume with all the tickets we got given */ |
| for (i = 0; i < idx * 2; i++) { |
| new_called = 0; |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL)) |
| || !TEST_true(SSL_set_session(clientssl, sesscache[i]))) |
| goto end; |
| |
| SSL_set_post_handshake_auth(clientssl, 1); |
| |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE))) |
| goto end; |
| |
| /* |
| * Following a successful resumption we only get 1 ticket. After a |
| * failed one we should get idx tickets. |
| */ |
| if (succ) { |
| if (!TEST_true(SSL_session_reused(clientssl)) |
| || !TEST_int_eq(new_called, 1)) |
| goto end; |
| } else { |
| if (!TEST_false(SSL_session_reused(clientssl)) |
| || !TEST_int_eq(new_called, idx)) |
| goto end; |
| } |
| |
| new_called = 0; |
| /* After a post-handshake authentication we should get 1 new ticket */ |
| if (succ |
| && (!post_handshake_verify(serverssl, clientssl) |
| || !TEST_int_eq(new_called, 1))) |
| goto end; |
| |
| SSL_shutdown(clientssl); |
| SSL_shutdown(serverssl); |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| serverssl = clientssl = NULL; |
| SSL_SESSION_free(sesscache[i]); |
| sesscache[i] = NULL; |
| } |
| |
| return 1; |
| |
| end: |
| SSL_free(clientssl); |
| SSL_free(serverssl); |
| return 0; |
| } |
| |
| static int test_tickets(int stateful, int idx) |
| { |
| SSL_CTX *sctx = NULL, *cctx = NULL; |
| SSL *serverssl = NULL, *clientssl = NULL; |
| int testresult = 0; |
| size_t j; |
| |
| /* idx is the test number, but also the number of tickets we want */ |
| |
| new_called = 0; |
| do_cache = 1; |
| |
| if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) |
| goto end; |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL))) |
| goto end; |
| |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| /* Check we got the number of tickets we were expecting */ |
| || !TEST_int_eq(idx, new_called)) |
| goto end; |
| |
| SSL_shutdown(clientssl); |
| SSL_shutdown(serverssl); |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| clientssl = serverssl = NULL; |
| sctx = cctx = NULL; |
| |
| /* |
| * Now we try to resume with the tickets we previously created. The |
| * resumption attempt is expected to fail (because we're now using a new |
| * SSL_CTX). We should see idx number of tickets issued again. |
| */ |
| |
| /* Stop caching sessions - just count them */ |
| do_cache = 0; |
| |
| if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) |
| goto end; |
| |
| if (!check_resumption(idx, sctx, cctx, 0)) |
| goto end; |
| |
| /* Start again with caching sessions */ |
| new_called = 0; |
| do_cache = 1; |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| sctx = cctx = NULL; |
| |
| if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) |
| goto end; |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL))) |
| goto end; |
| |
| SSL_set_post_handshake_auth(clientssl, 1); |
| |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| /* Check we got the number of tickets we were expecting */ |
| || !TEST_int_eq(idx, new_called)) |
| goto end; |
| |
| /* After a post-handshake authentication we should get new tickets issued */ |
| if (!post_handshake_verify(serverssl, clientssl) |
| || !TEST_int_eq(idx * 2, new_called)) |
| goto end; |
| |
| SSL_shutdown(clientssl); |
| SSL_shutdown(serverssl); |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| serverssl = clientssl = NULL; |
| |
| /* Stop caching sessions - just count them */ |
| do_cache = 0; |
| |
| /* |
| * Check we can resume with all the tickets we created. This time around the |
| * resumptions should all be successful. |
| */ |
| if (!check_resumption(idx, sctx, cctx, 1)) |
| goto end; |
| |
| testresult = 1; |
| |
| end: |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| for (j = 0; j < OSSL_NELEM(sesscache); j++) { |
| SSL_SESSION_free(sesscache[j]); |
| sesscache[j] = NULL; |
| } |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| |
| return testresult; |
| } |
| |
| static int test_stateless_tickets(int idx) |
| { |
| return test_tickets(0, idx); |
| } |
| |
| static int test_stateful_tickets(int idx) |
| { |
| return test_tickets(1, idx); |
| } |
| |
| static int test_psk_tickets(void) |
| { |
| SSL_CTX *sctx = NULL, *cctx = NULL; |
| SSL *serverssl = NULL, *clientssl = NULL; |
| int testresult = 0; |
| int sess_id_ctx = 1; |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), TLS1_VERSION, 0, |
| &sctx, &cctx, NULL, NULL)) |
| || !TEST_true(SSL_CTX_set_session_id_context(sctx, |
| (void *)&sess_id_ctx, |
| sizeof(sess_id_ctx)))) |
| goto end; |
| |
| SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT |
| | SSL_SESS_CACHE_NO_INTERNAL_STORE); |
| SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb); |
| SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb); |
| SSL_CTX_sess_set_new_cb(cctx, new_session_cb); |
| use_session_cb_cnt = 0; |
| find_session_cb_cnt = 0; |
| srvid = pskid; |
| new_called = 0; |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
| NULL, NULL))) |
| goto end; |
| clientpsk = serverpsk = create_a_psk(clientssl); |
| if (!TEST_ptr(clientpsk)) |
| goto end; |
| SSL_SESSION_up_ref(clientpsk); |
| |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| || !TEST_int_eq(1, find_session_cb_cnt) |
| || !TEST_int_eq(1, use_session_cb_cnt) |
| /* We should always get 1 ticket when using external PSK */ |
| || !TEST_int_eq(1, new_called)) |
| goto end; |
| |
| testresult = 1; |
| |
| end: |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| SSL_SESSION_free(clientpsk); |
| SSL_SESSION_free(serverpsk); |
| clientpsk = serverpsk = NULL; |
| |
| return testresult; |
| } |
| |
| static int test_extra_tickets(int idx) |
| { |
| SSL_CTX *sctx = NULL, *cctx = NULL; |
| SSL *serverssl = NULL, *clientssl = NULL; |
| BIO *bretry = BIO_new(bio_s_always_retry()); |
| BIO *tmp = NULL; |
| int testresult = 0; |
| int stateful = 0; |
| size_t nbytes; |
| unsigned char c, buf[1]; |
| |
| new_called = 0; |
| do_cache = 1; |
| |
| if (idx >= 3) { |
| idx -= 3; |
| stateful = 1; |
| } |
| |
| if (!TEST_ptr(bretry) || !setup_ticket_test(stateful, idx, &sctx, &cctx)) |
| goto end; |
| SSL_CTX_sess_set_new_cb(sctx, new_session_cb); |
| /* setup_ticket_test() uses new_cachesession_cb which we don't need. */ |
| SSL_CTX_sess_set_new_cb(cctx, new_session_cb); |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, |
| &clientssl, NULL, NULL))) |
| goto end; |
| |
| /* |
| * Note that we have new_session_cb on both sctx and cctx, so new_called is |
| * incremented by both client and server. |
| */ |
| if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE)) |
| /* Check we got the number of tickets we were expecting */ |
| || !TEST_int_eq(idx * 2, new_called) |
| || !TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_int_eq(idx * 2, new_called)) |
| goto end; |
| |
| /* Now try a (real) write to actually send the tickets */ |
| c = '1'; |
| if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) |
| || !TEST_size_t_eq(1, nbytes) |
| || !TEST_int_eq(idx * 2 + 2, new_called) |
| || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) |
| || !TEST_int_eq(idx * 2 + 4, new_called) |
| || !TEST_int_eq(sizeof(buf), nbytes) |
| || !TEST_int_eq(c, buf[0]) |
| || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) |
| goto end; |
| |
| /* Try with only requesting one new ticket, too */ |
| c = '2'; |
| new_called = 0; |
| if (!TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_true(SSL_write_ex(serverssl, &c, sizeof(c), &nbytes)) |
| || !TEST_size_t_eq(sizeof(c), nbytes) |
| || !TEST_int_eq(1, new_called) |
| || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) |
| || !TEST_int_eq(2, new_called) |
| || !TEST_size_t_eq(sizeof(buf), nbytes) |
| || !TEST_int_eq(c, buf[0])) |
| goto end; |
| |
| /* Do it again but use dummy writes to drive the ticket generation */ |
| c = '3'; |
| new_called = 0; |
| if (!TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_true(SSL_write_ex(serverssl, &c, 0, &nbytes)) |
| || !TEST_size_t_eq(0, nbytes) |
| || !TEST_int_eq(2, new_called) |
| || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) |
| || !TEST_int_eq(4, new_called)) |
| goto end; |
| |
| /* Once more, but with SSL_do_handshake() to drive the ticket generation */ |
| c = '4'; |
| new_called = 0; |
| if (!TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_true(SSL_do_handshake(serverssl)) |
| || !TEST_int_eq(2, new_called) |
| || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) |
| || !TEST_int_eq(4, new_called)) |
| goto end; |
| |
| /* |
| * Use the always-retry BIO to exercise the logic that forces ticket |
| * generation to wait until a record boundary. |
| */ |
| c = '5'; |
| new_called = 0; |
| tmp = SSL_get_wbio(serverssl); |
| if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) { |
| tmp = NULL; |
| goto end; |
| } |
| SSL_set0_wbio(serverssl, bretry); |
| bretry = NULL; |
| if (!TEST_false(SSL_write_ex(serverssl, &c, 1, &nbytes)) |
| || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_WANT_WRITE) |
| || !TEST_size_t_eq(nbytes, 0)) |
| goto end; |
| /* Restore a BIO that will let the write succeed */ |
| SSL_set0_wbio(serverssl, tmp); |
| tmp = NULL; |
| /* |
| * These calls should just queue the request and not send anything |
| * even if we explicitly try to hit the state machine. |
| */ |
| if (!TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_true(SSL_new_session_ticket(serverssl)) |
| || !TEST_int_eq(0, new_called) |
| || !TEST_true(SSL_do_handshake(serverssl)) |
| || !TEST_int_eq(0, new_called)) |
| goto end; |
| /* Re-do the write; still no tickets sent */ |
| if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) |
| || !TEST_size_t_eq(1, nbytes) |
| || !TEST_int_eq(0, new_called) |
| || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) |
| || !TEST_int_eq(0, new_called) |
| || !TEST_int_eq(sizeof(buf), nbytes) |
| || !TEST_int_eq(c, buf[0]) |
| || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) |
| goto end; |
| /* Even trying to hit the state machine now will still not send tickets */ |
| if (!TEST_true(SSL_do_handshake(serverssl)) |
| || !TEST_int_eq(0, new_called)) |
| goto end; |
| /* Now the *next* write should send the tickets */ |
| c = '6'; |
| if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) |
| || !TEST_size_t_eq(1, nbytes) |
| || !TEST_int_eq(2, new_called) |
| || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) |
| || !TEST_int_eq(4, new_called) |
| || !TEST_int_eq(sizeof(buf), nbytes) |
| || !TEST_int_eq(c, buf[0]) |
| || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) |
| goto end; |
| |
| SSL_shutdown(clientssl); |
| SSL_shutdown(serverssl); |
| testresult = 1; |
| |
| end: |
| BIO_free(bretry); |
| BIO_free(tmp); |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| clientssl = serverssl = NULL; |
| sctx = cctx = NULL; |
| return testresult; |
| } |
| #endif |
| |
| #define USE_NULL 0 |
| #define USE_BIO_1 1 |
| #define USE_BIO_2 2 |
| #define USE_DEFAULT 3 |
| |
| #define CONNTYPE_CONNECTION_SUCCESS 0 |
| #define CONNTYPE_CONNECTION_FAIL 1 |
| #define CONNTYPE_NO_CONNECTION 2 |
| |
| #define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) |
| #define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2) |
| #if !defined(OSSL_NO_USABLE_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) |
| # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2) |
| #else |
| # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0 |
| #endif |
| |
| #define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \ |
| + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \ |
| + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS |
| |
| static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type) |
| { |
| switch (type) { |
| case USE_NULL: |
| *res = NULL; |
| break; |
| case USE_BIO_1: |
| *res = bio1; |
| break; |
| case USE_BIO_2: |
| *res = bio2; |
| break; |
| } |
| } |
| |
| |
| /* |
| * Tests calls to SSL_set_bio() under various conditions. |
| * |
| * For the first 3 * 3 * 3 * 3 = 81 tests we do 2 calls to SSL_set_bio() with |
| * various combinations of valid BIOs or NULL being set for the rbio/wbio. We |
| * then do more tests where we create a successful connection first using our |
| * standard connection setup functions, and then call SSL_set_bio() with |
| * various combinations of valid BIOs or NULL. We then repeat these tests |
| * following a failed connection. In this last case we are looking to check that |
| * SSL_set_bio() functions correctly in the case where s->bbio is not NULL. |
| */ |
| static int test_ssl_set_bio(int idx) |
| { |
| SSL_CTX *sctx = NULL, *cctx = NULL; |
| BIO *bio1 = NULL; |
| BIO *bio2 = NULL; |
| BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL; |
| SSL *serverssl = NULL, *clientssl = NULL; |
| int initrbio, initwbio, newrbio, newwbio, conntype; |
| int testresult = 0; |
| |
| if (idx < TOTAL_NO_CONN_SSL_SET_BIO_TESTS) { |
| initrbio = idx % 3; |
| idx /= 3; |
| initwbio = idx % 3; |
| idx /= 3; |
| newrbio = idx % 3; |
| idx /= 3; |
| newwbio = idx % 3; |
| conntype = CONNTYPE_NO_CONNECTION; |
| } else { |
| idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS; |
| initrbio = initwbio = USE_DEFAULT; |
| newrbio = idx % 2; |
| idx /= 2; |
| newwbio = idx % 2; |
| idx /= 2; |
| conntype = idx % 2; |
| } |
| |
| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
| TLS_client_method(), TLS1_VERSION, 0, |
| &sctx, &cctx, cert, privkey))) |
| goto end; |
| |
| if (conntype == CONNTYPE_CONNECTION_FAIL) { |
| /* |
| * We won't ever get here if either TLSv1.3 or TLSv1.2 is disabled |
| * because we reduced the number of tests in the definition of |
| * TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS to avoid this scenario. By setting |
| * mismatched protocol versions we will force a connection failure. |
| */ |
| SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION); |
| SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); |
| } |
| |
| if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
| NULL, NULL))) |
| goto end; |
| |
| if (initrbio == USE_BIO_1 |
| || initwbio == USE_BIO_1 |
| || newrbio == USE_BIO_1 |
| || newwbio == USE_BIO_1) { |
| if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem()))) |
| goto end; |
| } |
| |
| if (initrbio == USE_BIO_2 |
| || initwbio == USE_BIO_2 |
| || newrbio == USE_BIO_2 |
| || newwbio == USE_BIO_2) { |
| if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem()))) |
| goto end; |
| } |
| |
| if (initrbio != USE_DEFAULT) { |
| setupbio(&irbio, bio1, bio2, initrbio); |
| setupbio(&iwbio, bio1, bio2, initwbio); |
| SSL_set_bio(clientssl, irbio, iwbio); |
| |
| /* |
| * We want to maintain our own refs to these BIO, so do an up ref for |
| * each BIO that will have ownership transferred in the SSL_set_bio() |
| * call |
| */ |
| if (irbio != NULL) |
| BIO_up_ref(irbio); |
| if (iwbio != NULL && iwbio != irbio) |
| BIO_up_ref(iwbio); |
| } |
| |
| if (conntype != CONNTYPE_NO_CONNECTION |
| && !TEST_true(create_ssl_connection(serverssl, clientssl, |
| SSL_ERROR_NONE) |
| == (conntype == CONNTYPE_CONNECTION_SUCCESS))) |
| goto end; |
| |
| setupbio(&nrbio, bio1, bio2, newrbio); |
| setupbio(&nwbio, bio1, bio2, newwbio); |
| |
| /* |
| * We will (maybe) transfer ownership again so do more up refs. |
| * SSL_set_bio() has some really complicated ownership rules where BIOs have |
| * already been set! |
| */ |
| if (nrbio != NULL |
| && nrbio != irbio |
| && (nwbio != iwbio || nrbio != nwbio)) |
| BIO_up_ref(nrbio); |
| if (nwbio != NULL |
| && nwbio != nrbio |
| && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio))) |
| BIO_up_ref(nwbio); |
| |
| SSL_set_bio(clientssl, nrbio, nwbio); |
| |
| testresult = 1; |
| |
| end: |
| BIO_free(bio1); |
| BIO_free(bio2); |
| |
| /* |
| * This test is checking that the ref counting for SSL_set_bio is correct. |
| * If we get here and we did too many frees then we will fail in the above |
| * functions. |
| */ |
| SSL_free(serverssl); |
| SSL_free(clientssl); |
| SSL_CTX_free(sctx); |
| SSL_CTX_free(cctx); |
| return testresult; |
| } |
| |
| typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t; |
| |
| static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio) |
| { |
| BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL; |
| SSL_CTX *ctx; |
| SSL *ssl = NULL; |
| int testresult = 0; |
| |
| if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method())) |
| || !TEST_ptr(ssl = SSL_new(ctx)) |
| || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl())) |
| || !TEST_ptr(membio1 = BIO_new(BIO_s_mem()))) |
| goto end; |
| |
| BIO_set_ssl(sslbio, ssl, BIO_CLOSE); |
| |
| /* |
| * If anything goes wrong here then we could leak memory. |
| */ |
| BIO_push(sslbio, membio1); |
| |
| /* Verify changing the rbio/wbio directly does not cause leaks */ |
| if (change_bio != NO_BIO_CHANGE) { |
| if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) { |
| ssl = NULL; |
| goto end; |
| } |
| if (change_bio == CHANGE_RBIO) |
| SSL_set0_rbio(ssl, membio2); |
| else |
| SSL_set0_wbio(ssl, membio2); |
| } |
| ssl = NULL; |
| |
| if (pop_ssl) |
| BIO_pop(sslbio); |
| else |
| BIO_pop(membio1); |
| |
| testresult = 1; |
| end: |
| BIO_free(membio1); |
| BIO_free(sslbio); |
| SSL_free(ssl); |
| SSL_CTX_free(ctx); |
| |
| return testresult; |
| } |
| |
| static int test_ssl_bio_pop_next_bio(void) |
| { |
| return execute_test_ssl_bio(0, NO_BIO_CHANGE); |
| } |
| |
| static int test_ssl_bio_pop_ssl_bio(void) |
| { |
| return execute_test_ssl_bio(1, NO_BIO_CHANGE); |
| } |
| |
| static int test_ssl_bio_change_rbio(void) |
| { |
| return execute_test_ssl_bio(0, CHANGE_RBIO); |
| } |
| |
| static int test_ssl_bio_change_wbio(void) |
| { |
| return execute_test_ssl_bio(0, CHANGE_WBIO); |
| } |
| |
| #if !defined(OPENSSL_NO_TLS1_2) || defined(OSSL_NO_USABLE_TLS1_3) |
| typedef struct { |
| /* The list of sig algs */ |
| const int *list; |
| /* The length of the list */ |
| size_t listlen; |
| /* A sigalgs list in string format */ |
| const char *liststr; |
| /* Whether setting the list should succeed */ |
| int valid; |
| /* Whether creating a connection with the list should succeed */ |
| int connsuccess; |
| } sigalgs_list; |
| |
| static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA}; |
| # ifndef OPENSSL_NO_EC |
| static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC}; |
| static
|