diff options
Diffstat (limited to 'deps/openssl/openssl/test/sslapitest.c')
-rw-r--r-- | deps/openssl/openssl/test/sslapitest.c | 345 |
1 files changed, 337 insertions, 8 deletions
diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c index 2261fe4a7a..7a142268fa 100644 --- a/deps/openssl/openssl/test/sslapitest.c +++ b/deps/openssl/openssl/test/sslapitest.c @@ -42,6 +42,7 @@ static int find_session_cb_cnt = 0; static SSL_SESSION *create_a_psk(SSL *ssl); #endif +static char *certsdir = NULL; static char *cert = NULL; static char *privkey = NULL; static char *srpvfile = NULL; @@ -3289,6 +3290,142 @@ static int test_ciphersuite_change(void) } /* + * Test TLSv1.3 Cipher Suite + * Test 0 = Set TLS1.3 cipher on context + * Test 1 = Set TLS1.3 cipher on SSL + * Test 2 = Set TLS1.3 and TLS1.2 cipher on context + * Test 3 = Set TLS1.3 and TLS1.2 cipher on SSL + */ +static int test_tls13_ciphersuite(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + static const char *t13_ciphers[] = { + TLS1_3_RFC_AES_128_GCM_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384, + TLS1_3_RFC_AES_128_CCM_SHA256, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384 ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, +# endif + TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256 + }; + const char *t13_cipher = NULL; + const char *t12_cipher = NULL; + const char *negotiated_scipher; + const char *negotiated_ccipher; + int set_at_ctx = 0; + int set_at_ssl = 0; + int testresult = 0; + int max_ver; + size_t i; + + switch (idx) { + case 0: + set_at_ctx = 1; + break; + case 1: + set_at_ssl = 1; + break; + case 2: + set_at_ctx = 1; + t12_cipher = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256; + break; + case 3: + set_at_ssl = 1; + t12_cipher = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256; + break; + } + + for (max_ver = TLS1_2_VERSION; max_ver <= TLS1_3_VERSION; max_ver++) { +# ifdef OPENSSL_NO_TLS1_2 + if (max_ver == TLS1_2_VERSION) + continue; +# endif + for (i = 0; i < OSSL_NELEM(t13_ciphers); i++) { + t13_cipher = t13_ciphers[i]; + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, max_ver, + &sctx, &cctx, cert, privkey))) + goto end; + + if (set_at_ctx) { + if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, t13_cipher)) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, t13_cipher))) + goto end; + if (t12_cipher != NULL) { + if (!TEST_true(SSL_CTX_set_cipher_list(sctx, t12_cipher)) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + t12_cipher))) + goto end; + } + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (set_at_ssl) { + if (!TEST_true(SSL_set_ciphersuites(serverssl, t13_cipher)) + || !TEST_true(SSL_set_ciphersuites(clientssl, t13_cipher))) + goto end; + if (t12_cipher != NULL) { + if (!TEST_true(SSL_set_cipher_list(serverssl, t12_cipher)) + || !TEST_true(SSL_set_cipher_list(clientssl, + t12_cipher))) + goto end; + } + } + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + negotiated_scipher = SSL_CIPHER_get_name(SSL_get_current_cipher( + serverssl)); + negotiated_ccipher = SSL_CIPHER_get_name(SSL_get_current_cipher( + clientssl)); + if (!TEST_str_eq(negotiated_scipher, negotiated_ccipher)) + goto end; + + /* + * TEST_strn_eq is used below because t13_cipher can contain + * multiple ciphersuites + */ + if (max_ver == TLS1_3_VERSION + && !TEST_strn_eq(t13_cipher, negotiated_scipher, + strlen(negotiated_scipher))) + goto end; + +# ifndef OPENSSL_NO_TLS1_2 + /* Below validation is not done when t12_cipher is NULL */ + if (max_ver == TLS1_2_VERSION && t12_cipher != NULL + && !TEST_str_eq(t12_cipher, negotiated_scipher)) + goto end; +# endif + + SSL_free(serverssl); + serverssl = NULL; + SSL_free(clientssl); + clientssl = NULL; + SSL_CTX_free(sctx); + sctx = NULL; + SSL_CTX_free(cctx); + cctx = NULL; + } + } + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +/* * Test TLSv1.3 PSKs * Test 0 = Test new style callbacks * Test 1 = Test both new and old style callbacks @@ -4290,7 +4427,95 @@ static int test_key_update(void) || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)), strlen(mess))) goto end; + + if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess)) + || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)), + strlen(mess))) + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +/* + * Test we can handle a KeyUpdate (update requested) message while write data + * is pending. + * Test 0: Client sends KeyUpdate while Server is writing + * Test 1: Server sends KeyUpdate while Client is writing + */ +static int test_key_update_in_write(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char buf[20]; + static char *mess = "A test message"; + BIO *bretry = BIO_new(bio_s_always_retry()); + BIO *tmp = NULL; + SSL *peerupdate = NULL, *peerwrite = NULL; + + if (!TEST_ptr(bretry) + || !TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, + 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + peerupdate = tst == 0 ? clientssl : serverssl; + peerwrite = tst == 0 ? serverssl : clientssl; + + if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED)) + || !TEST_true(SSL_do_handshake(peerupdate))) + goto end; + + /* Swap the writing endpoint's write BIO to force a retry */ + tmp = SSL_get_wbio(peerwrite); + if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) { + tmp = NULL; + goto end; } + SSL_set0_wbio(peerwrite, bretry); + bretry = NULL; + + /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */ + if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1) + || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE)) + goto end; + + /* Reinstate the original writing endpoint's write BIO */ + SSL_set0_wbio(peerwrite, tmp); + tmp = NULL; + + /* Now read some data - we will read the key update */ + if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1) + || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ)) + goto end; + + /* + * Complete the write we started previously and read it from the other + * endpoint + */ + if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess)) + || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) + goto end; + + /* Write more data to ensure we send the KeyUpdate message back */ + if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess)) + || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) + goto end; testresult = 1; @@ -4299,6 +4524,8 @@ static int test_key_update(void) SSL_free(clientssl); SSL_CTX_free(sctx); SSL_CTX_free(cctx); + BIO_free(bretry); + BIO_free(tmp); return testresult; } @@ -5572,6 +5799,12 @@ static int cert_cb_cnt; static int cert_cb(SSL *s, void *arg) { SSL_CTX *ctx = (SSL_CTX *)arg; + BIO *in = NULL; + EVP_PKEY *pkey = NULL; + X509 *x509 = NULL, *rootx = NULL; + STACK_OF(X509) *chain = NULL; + char *rootfile = NULL, *ecdsacert = NULL, *ecdsakey = NULL; + int ret = 0; if (cert_cb_cnt == 0) { /* Suspend the handshake */ @@ -5592,10 +5825,60 @@ static int cert_cb(SSL *s, void *arg) return 0; cert_cb_cnt++; return 1; + } else if (cert_cb_cnt == 3) { + int rv; + + rootfile = test_mk_file_path(certsdir, "rootcert.pem"); + ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem"); + ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem"); + if (!TEST_ptr(rootfile) || !TEST_ptr(ecdsacert) || !TEST_ptr(ecdsakey)) + goto out; + chain = sk_X509_new_null(); + if (!TEST_ptr(chain)) + goto out; + if (!TEST_ptr(in = BIO_new(BIO_s_file())) + || !TEST_int_ge(BIO_read_filename(in, rootfile), 0) + || !TEST_ptr(rootx = PEM_read_bio_X509(in, NULL, NULL, NULL)) + || !TEST_true(sk_X509_push(chain, rootx))) + goto out; + rootx = NULL; + BIO_free(in); + if (!TEST_ptr(in = BIO_new(BIO_s_file())) + || !TEST_int_ge(BIO_read_filename(in, ecdsacert), 0) + || !TEST_ptr(x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) + goto out; + BIO_free(in); + if (!TEST_ptr(in = BIO_new(BIO_s_file())) + || !TEST_int_ge(BIO_read_filename(in, ecdsakey), 0) + || !TEST_ptr(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) + goto out; + rv = SSL_check_chain(s, x509, pkey, chain); + /* + * If the cert doesn't show as valid here (e.g., because we don't + * have any shared sigalgs), then we will not set it, and there will + * be no certificate at all on the SSL or SSL_CTX. This, in turn, + * will cause tls_choose_sigalgs() to fail the connection. + */ + if ((rv & (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) + == (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) { + if (!SSL_use_cert_and_key(s, x509, pkey, NULL, 1)) + goto out; + } + + ret = 1; } /* Abort the handshake */ - return 0; + out: + OPENSSL_free(ecdsacert); + OPENSSL_free(ecdsakey); + OPENSSL_free(rootfile); + BIO_free(in); + EVP_PKEY_free(pkey); + X509_free(x509); + X509_free(rootx); + sk_X509_pop_free(chain, X509_free); + return ret; } /* @@ -5603,6 +5886,10 @@ static int cert_cb(SSL *s, void *arg) * Test 0: Callback fails * Test 1: Success - no SSL_set_SSL_CTX() in the callback * Test 2: Success - SSL_set_SSL_CTX() in the callback + * Test 3: Success - Call SSL_check_chain from the callback + * Test 4: Failure - SSL_check_chain fails from callback due to bad cert in the + * chain + * Test 5: Failure - SSL_check_chain fails from callback due to bad ee cert */ static int test_cert_cb_int(int prot, int tst) { @@ -5610,6 +5897,12 @@ static int test_cert_cb_int(int prot, int tst) SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0, ret; +#ifdef OPENSSL_NO_EC + /* We use an EC cert in these tests, so we skip in a no-ec build */ + if (tst >= 3) + return 1; +#endif + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), TLS1_VERSION, @@ -5619,8 +5912,11 @@ static int test_cert_cb_int(int prot, int tst) if (tst == 0) cert_cb_cnt = -1; + else if (tst >= 3) + cert_cb_cnt = 3; else cert_cb_cnt = 0; + if (tst == 2) snictx = SSL_CTX_new(TLS_server_method()); SSL_CTX_set_cert_cb(sctx, cert_cb, snictx); @@ -5629,9 +5925,28 @@ static int test_cert_cb_int(int prot, int tst) NULL, NULL))) goto end; + if (tst == 4) { + /* + * We cause SSL_check_chain() to fail by specifying sig_algs that + * the chain doesn't meet (the root uses an RSA cert) + */ + if (!TEST_true(SSL_set1_sigalgs_list(clientssl, + "ecdsa_secp256r1_sha256"))) + goto end; + } else if (tst == 5) { + /* + * We cause SSL_check_chain() to fail by specifying sig_algs that + * the ee cert doesn't meet (the ee uses an ECDSA cert) + */ + if (!TEST_true(SSL_set1_sigalgs_list(clientssl, + "rsa_pss_rsae_sha256:rsa_pkcs1_sha256"))) + goto end; + } + ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); - if (!TEST_true(tst == 0 ? !ret : ret) - || (tst > 0 && !TEST_int_eq(cert_cb_cnt, 2))) { + if (!TEST_true(tst == 0 || tst == 4 || tst == 5 ? !ret : ret) + || (tst > 0 + && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) { goto end; } @@ -5892,10 +6207,9 @@ static int test_ca_names(int tst) int setup_tests(void) { - if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1)) - || !TEST_ptr(srpvfile = test_get_argument(2)) - || !TEST_ptr(tmpfilename = test_get_argument(3))) + if (!TEST_ptr(certsdir = test_get_argument(0)) + || !TEST_ptr(srpvfile = test_get_argument(1)) + || !TEST_ptr(tmpfilename = test_get_argument(2))) return 0; if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) { @@ -5914,6 +6228,16 @@ int setup_tests(void) #endif } + cert = test_mk_file_path(certsdir, "servercert.pem"); + if (cert == NULL) + return 0; + + privkey = test_mk_file_path(certsdir, "serverkey.pem"); + if (privkey == NULL) { + OPENSSL_free(cert); + return 0; + } + ADD_TEST(test_large_message_tls); ADD_TEST(test_large_message_tls_read_ahead); #ifndef OPENSSL_NO_DTLS @@ -5966,6 +6290,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_set_ciphersuite, 10); ADD_TEST(test_ciphersuite_change); + ADD_ALL_TESTS(test_tls13_ciphersuite, 4); #ifdef OPENSSL_NO_PSK ADD_ALL_TESTS(test_tls13_psk, 1); #else @@ -5982,6 +6307,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_export_key_mat_early, 3); ADD_TEST(test_key_update); + ADD_ALL_TESTS(test_key_update_in_write, 2); #endif ADD_ALL_TESTS(test_ssl_clear, 2); ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test)); @@ -5993,7 +6319,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); ADD_ALL_TESTS(test_ticket_callbacks, 12); ADD_ALL_TESTS(test_shutdown, 7); - ADD_ALL_TESTS(test_cert_cb, 3); + ADD_ALL_TESTS(test_cert_cb, 6); ADD_ALL_TESTS(test_client_cert_cb, 2); ADD_ALL_TESTS(test_ca_names, 3); return 1; @@ -6001,5 +6327,8 @@ int setup_tests(void) void cleanup_tests(void) { + OPENSSL_free(cert); + OPENSSL_free(privkey); bio_s_mempacket_test_free(); + bio_s_always_retry_free(); } |