]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/recipes/70-test_tlsextms.t
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add a best effort test to check shared library consistency
[thirdparty/openssl.git] / test / recipes / 70-test_tlsextms.t
CommitLineData
42a8b3f9
DSH		 1#!/usr/bin/perl
2# Written by Stephen Henson for the OpenSSL project.
3# ====================================================================
4# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9#
10# 1. Redistributions of source code must retain the above copyright
11# notice, this list of conditions and the following disclaimer.
12#
13# 2. Redistributions in binary form must reproduce the above copyright
14# notice, this list of conditions and the following disclaimer in
15# the documentation and/or other materials provided with the
16# distribution.
17#
18# 3. All advertising materials mentioning features or use of this
19# software must display the following acknowledgment:
20# "This product includes software developed by the OpenSSL Project
21# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22#
23# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24# endorse or promote products derived from this software without
25# prior written permission. For written permission, please contact
26# openssl-core@openssl.org.
27#
28# 5. Products derived from this software may not be called "OpenSSL"
29# nor may "OpenSSL" appear in their names without prior written
30# permission of the OpenSSL Project.
31#
32# 6. Redistributions of any form whatsoever must retain the following
33# acknowledgment:
34# "This product includes software developed by the OpenSSL Project
35# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36#
37# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48# OF THE POSSIBILITY OF SUCH DAMAGE.
49# ====================================================================
50#
51# This product includes cryptographic software written by Eric Young
52# (eay@cryptsoft.com). This product includes software written by Tim
53# Hudson (tjh@cryptsoft.com).
54
55use strict;
42e0ccdf 56use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
3f22ed2f 57use OpenSSL::Test::Utils;
42a8b3f9
DSH		 58use TLSProxy::Proxy;
59use File::Temp qw(tempfile);
60
61my $test_name = "test_tlsextms";
62setup($test_name);
63
60f9f1e1 64plan skip_all => "TLSProxy isn't usable on $^O"
2d32d3be 65 if $^O =~ /^(VMS|MSWin32)$/;
60f9f1e1 66
2dd400bd 67plan skip_all => "$test_name needs the dynamic engine feature enabled"
19ab5790 68 if disabled("engine") || disabled("dynamic-engine");
42a8b3f9 69
f9e55034
MC		 70plan skip_all => "$test_name needs the sock feature enabled"
71 if disabled("sock");
72
42a8b3f9
DSH		 73$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
74
75sub checkmessages($$$$$);
76sub setrmextms($$);
77sub clearall();
78
79my $crmextms = 0;
80my $srmextms = 0;
81my $cextms = 0;
82my $sextms = 0;
83my $fullhand = 0;
84
85my $proxy = TLSProxy::Proxy->new(
86 \&extms_filter,
25c78440 87 cmdstr(app(["openssl"]), display => 1),
42e0ccdf 88 srctop_file("apps", "server.pem"),
b44b935e 89 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
42a8b3f9
DSH		 90);
91
92plan tests => 9;
93
94#Test 1: By default server and client should send extended master secret
95# extension.
96#Expected result: ClientHello extension seen; ServerHello extension seen
97# Full handshake
98
99setrmextms(0, 0);
100$proxy->start();
101checkmessages(1, "Default extended master secret test", 1, 1, 1);
102
103#Test 2: If client omits extended master secret extension, server should too.
104#Expected result: ClientHello extension not seen; ServerHello extension not seen
105# Full handshake
106
107clearall();
108setrmextms(1, 0);
109$proxy->start();
110checkmessages(2, "No client extension extended master secret test", 0, 0, 1);
111
112# Test 3: same as 1 but with session tickets disabled.
113# Expected result: same as test 1.
114
115clearall();
116$proxy->clientflags("-no_ticket");
117setrmextms(0, 0);
118$proxy->start();
119checkmessages(3, "No ticket extended master secret test", 1, 1, 1);
120
121# Test 4: same as 2 but with session tickets disabled.
122# Expected result: same as test 2.
123
124clearall();
125$proxy->clientflags("-no_ticket");
126setrmextms(1, 0);
127$proxy->start();
128checkmessages(2, "No ticket, no client extension extended master secret test", 0, 0, 1);
129
130#Test 5: Session resumption extended master secret test
131#
132#Expected result: ClientHello extension seen; ServerHello extension seen
133# Abbreviated handshake
134
135clearall();
136setrmextms(0, 0);
137(my $fh, my $session) = tempfile();
138$proxy->serverconnects(2);
139$proxy->clientflags("-sess_out ".$session);
140$proxy->start();
5427976d 141$proxy->clearClient();
42a8b3f9
DSH		 142$proxy->clientflags("-sess_in ".$session);
143$proxy->clientstart();
144checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
145
b6453a68 146#Test 6: Session resumption extended master secret test original session
42a8b3f9
DSH		 147# omits extension. Server must not resume session.
148#Expected result: ClientHello extension seen; ServerHello extension seen
149# Full handshake
150
151clearall();
152setrmextms(1, 0);
153($fh, $session) = tempfile();
154$proxy->serverconnects(2);
155$proxy->clientflags("-sess_out ".$session);
156$proxy->start();
5427976d 157$proxy->clearClient();
42a8b3f9
DSH		 158$proxy->clientflags("-sess_in ".$session);
159setrmextms(0, 0);
160$proxy->clientstart();
161checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
162
163#Test 7: Session resumption extended master secret test resumed session
164# omits client extension. Server must abort connection.
165#Expected result: aborted connection.
166
167clearall();
168setrmextms(0, 0);
169($fh, $session) = tempfile();
170$proxy->serverconnects(2);
171$proxy->clientflags("-sess_out ".$session);
172$proxy->start();
5427976d 173$proxy->clearClient();
42a8b3f9
DSH		 174$proxy->clientflags("-sess_in ".$session);
175setrmextms(1, 0);
176$proxy->clientstart();
b6453a68 177ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
42a8b3f9
DSH		 178
179#Test 8: Session resumption extended master secret test resumed session
180# omits server extension. Client must abort connection.
181#Expected result: aborted connection.
182
183clearall();
184setrmextms(0, 0);
185($fh, $session) = tempfile();
186$proxy->serverconnects(2);
187$proxy->clientflags("-sess_out ".$session);
188$proxy->start();
5427976d 189$proxy->clearClient();
42a8b3f9
DSH		 190$proxy->clientflags("-sess_in ".$session);
191setrmextms(0, 1);
192$proxy->clientstart();
193ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
194
195#Test 9: Session resumption extended master secret test initial session
196# omits server extension. Client must abort connection.
197#Expected result: aborted connection.
198
199clearall();
200setrmextms(0, 1);
201($fh, $session) = tempfile();
202$proxy->serverconnects(2);
203$proxy->clientflags("-sess_out ".$session);
204$proxy->start();
5427976d 205$proxy->clearClient();
42a8b3f9
DSH		 206$proxy->clientflags("-sess_in ".$session);
207setrmextms(0, 0);
208$proxy->clientstart();
209ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2");
210
211sub extms_filter
212{
213 my $proxy = shift;
214
215 foreach my $message (@{$proxy->message_list}) {
216 if ($crmextms && $message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
aa474d1f 217 $message->delete_extension(TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET);
42a8b3f9
DSH		 218 $message->repack();
219 }
220 if ($srmextms && $message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
aa474d1f 221 $message->delete_extension(TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET);
42a8b3f9
DSH		 222 $message->repack();
223 }
224 }
225}
226
227sub checkmessages($$$$$)
228{
229 my ($testno, $testname, $testcextms, $testsextms, $testhand) = @_;
230
231 subtest $testname => sub {
232
233 foreach my $message (@{$proxy->message_list}) {
234 if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO
235 || $message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
236 #Get the extensions data
237 my %extensions = %{$message->extension_data};
238 if (defined
aa474d1f 239 $extensions{TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET}) {
42a8b3f9
DSH		 240 if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
241 $cextms = 1;
242 } else {
243 $sextms = 1;
244 }
245 }
246 } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) {
247 #Must be doing a full handshake
248 $fullhand = 1;
249 }
250 }
251
252 plan tests => 4;
253
254 ok(TLSProxy::Message->success, "Handshake");
255
256 ok($testcextms == $cextms,
257 "ClientHello extension extended master secret check");
258 ok($testsextms == $sextms,
259 "ServerHello extension extended master secret check");
260 ok($testhand == $fullhand,
261 "Extended master secret full handshake check");
262
263 }
264}
265
266sub setrmextms($$)
267{
268 ($crmextms, $srmextms) = @_;
269}
270
271sub clearall()
272{
273 $cextms = 0;
274 $sextms = 0;
275 $fullhand = 0;
276 $proxy->clear();
277}
A mirror of the official openssl repository