2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/opensslconf.h>
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/ssl.h>
16 #include <openssl/ocsp.h>
18 #include "ssltestlib.h"
20 #include "test_main_custom.h"
23 static char *cert
= NULL
;
24 static char *privkey
= NULL
;
26 #define LOG_BUFFER_SIZE 1024
27 static char server_log_buffer
[LOG_BUFFER_SIZE
+ 1] = {0};
28 static int server_log_buffer_index
= 0;
29 static char client_log_buffer
[LOG_BUFFER_SIZE
+ 1] = {0};
30 static int client_log_buffer_index
= 0;
31 static int error_writing_log
= 0;
33 #ifndef OPENSSL_NO_OCSP
34 static const unsigned char orespder
[] = "Dummy OCSP Response";
35 static int ocsp_server_called
= 0;
36 static int ocsp_client_called
= 0;
38 static int cdummyarg
= 1;
39 static X509
*ocspcert
= NULL
;
42 #define NUM_EXTRA_CERTS 40
45 * This structure is used to validate that the correct number of log messages
46 * of various types are emitted when emitting secret logs.
48 struct sslapitest_log_counts
{
49 unsigned int rsa_key_exchange_count
;
50 unsigned int master_secret_count
;
51 unsigned int client_handshake_secret_count
;
52 unsigned int server_handshake_secret_count
;
53 unsigned int client_application_secret_count
;
54 unsigned int server_application_secret_count
;
57 static void client_keylog_callback(const SSL
*ssl
, const char *line
) {
58 int line_length
= strlen(line
);
60 /* If the log doesn't fit, error out. */
61 if ((client_log_buffer_index
+ line_length
) > LOG_BUFFER_SIZE
) {
62 printf("No room in client log\n");
63 error_writing_log
= 1;
67 strcat(client_log_buffer
, line
);
68 client_log_buffer_index
+= line_length
;
69 client_log_buffer
[client_log_buffer_index
] = '\n';
70 client_log_buffer_index
+= 1;
75 static void server_keylog_callback(const SSL
*ssl
, const char *line
) {
76 int line_length
= strlen(line
);
78 /* If the log doesn't fit, error out. */
79 if ((server_log_buffer_index
+ line_length
) > LOG_BUFFER_SIZE
) {
80 printf("No room in server log\n");
81 error_writing_log
= 1;
85 strcat(server_log_buffer
, line
);
86 server_log_buffer_index
+= line_length
;
87 server_log_buffer
[server_log_buffer_index
] = '\n';
88 server_log_buffer_index
+= 1;
93 static int compare_hex_encoded_buffer(const char *hex_encoded
,
100 /* One byte too big, just to be safe. */
103 if ((raw_length
* 2) != hex_length
) {
104 printf("Inconsistent hex encoded lengths.\n");
108 for (i
= j
= 0; (i
< raw_length
) && ((j
+ 1) < hex_length
); i
++) {
109 sprintf(hexed
, "%02x", raw
[i
]);
110 if ((hexed
[0] != hex_encoded
[j
]) || (hexed
[1] != hex_encoded
[j
+ 1])) {
111 printf("Hex output does not match.\n");
120 static int test_keylog_output(char *buffer
, const SSL
*ssl
,
121 const SSL_SESSION
*session
,
122 struct sslapitest_log_counts
*expected
) {
124 unsigned char actual_client_random
[SSL3_RANDOM_SIZE
] = {0};
125 size_t client_random_size
= SSL3_RANDOM_SIZE
;
126 unsigned char actual_master_key
[SSL_MAX_MASTER_KEY_LENGTH
] = {0};
127 size_t master_key_size
= SSL_MAX_MASTER_KEY_LENGTH
;
128 unsigned int rsa_key_exchange_count
= 0;
129 unsigned int master_secret_count
= 0;
130 unsigned int client_handshake_secret_count
= 0;
131 unsigned int server_handshake_secret_count
= 0;
132 unsigned int client_application_secret_count
= 0;
133 unsigned int server_application_secret_count
= 0;
135 token
= strtok(buffer
, " \n");
137 if (strcmp(token
, "RSA") == 0) {
139 * Premaster secret. Tokens should be: 16 ASCII bytes of
140 * hex-encoded encrypted secret, then the hex-encoded pre-master
143 token
= strtok(NULL
, " \n");
145 printf("Unexpectedly short premaster secret log.\n");
148 if (strlen(token
) != 16) {
149 printf("Bad value for encrypted secret: %s\n", token
);
152 token
= strtok(NULL
, " \n");
154 printf("Unexpectedly short premaster secret log.\n");
158 * We can't sensibly check the log because the premaster secret is
159 * transient, and OpenSSL doesn't keep hold of it once the master
160 * secret is generated.
162 rsa_key_exchange_count
++;
163 } else if (strcmp(token
, "CLIENT_RANDOM") == 0) {
165 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
166 * client random, then the hex-encoded master secret.
168 client_random_size
= SSL_get_client_random(ssl
,
169 actual_client_random
,
171 if (client_random_size
!= SSL3_RANDOM_SIZE
) {
172 printf("Unexpected short client random.\n");
176 token
= strtok(NULL
, " \n");
178 printf("Unexpected short master secret log.\n");
181 if (strlen(token
) != 64) {
182 printf("Bad value for client random: %s\n", token
);
185 if (compare_hex_encoded_buffer(token
, 64, actual_client_random
,
186 client_random_size
)) {
187 printf("Bad value for client random: %s\n", token
);
191 token
= strtok(NULL
, " \n");
193 printf("Unexpectedly short master secret log.\n");
197 master_key_size
= SSL_SESSION_get_master_key(session
,
200 if (!master_key_size
) {
201 printf("Error getting master key to compare.\n");
204 if (compare_hex_encoded_buffer(token
, strlen(token
),
207 printf("Bad value for master key: %s\n", token
);
211 master_secret_count
++;
212 } else if ((strcmp(token
, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0) ||
213 (strcmp(token
, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0) ||
214 (strcmp(token
, "CLIENT_TRAFFIC_SECRET_0") == 0) ||
215 (strcmp(token
, "SERVER_TRAFFIC_SECRET_0") == 0)) {
217 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
218 * client random, and then the hex-encoded secret. In this case,
219 * we treat all of these secrets identically and then just
220 * distinguish between them when counting what we saw.
222 if (strcmp(token
, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
223 client_handshake_secret_count
++;
224 else if (strcmp(token
, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
225 server_handshake_secret_count
++;
226 else if (strcmp(token
, "CLIENT_TRAFFIC_SECRET_0") == 0)
227 client_application_secret_count
++;
228 else if (strcmp(token
, "SERVER_TRAFFIC_SECRET_0") == 0)
229 server_application_secret_count
++;
231 client_random_size
= SSL_get_client_random(ssl
,
232 actual_client_random
,
234 if (client_random_size
!= SSL3_RANDOM_SIZE
) {
235 printf("Unexpected short client random.\n");
239 token
= strtok(NULL
, " \n");
241 printf("Unexpected short client handshake secret log.\n");
244 if (strlen(token
) != 64) {
245 printf("Bad value for client random: %s\n", token
);
248 if (compare_hex_encoded_buffer(token
, 64, actual_client_random
,
249 client_random_size
)) {
250 printf("Bad value for client random: %s\n", token
);
254 token
= strtok(NULL
, " \n");
256 printf("Unexpectedly short master secret log.\n");
261 * TODO(TLS1.3): test that application traffic secrets are what
264 printf("Unexpected token in buffer: %s\n", token
);
268 token
= strtok(NULL
, " \n");
271 /* Return whether we got what we expected. */
272 return ((rsa_key_exchange_count
== expected
->rsa_key_exchange_count
) &&
273 (master_secret_count
== expected
->master_secret_count
) &&
274 (client_handshake_secret_count
== expected
->client_handshake_secret_count
) &&
275 (server_handshake_secret_count
== expected
->server_handshake_secret_count
) &&
276 (client_application_secret_count
== expected
->client_application_secret_count
) &&
277 (server_application_secret_count
== expected
->server_application_secret_count
));
280 static int test_keylog(void) {
281 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
282 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
285 struct sslapitest_log_counts expected
= {0};
287 /* Clean up logging space */
288 memset(client_log_buffer
, 0, LOG_BUFFER_SIZE
+ 1);
289 memset(server_log_buffer
, 0, LOG_BUFFER_SIZE
+ 1);
290 client_log_buffer_index
= 0;
291 server_log_buffer_index
= 0;
292 error_writing_log
= 0;
294 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx
,
295 &cctx
, cert
, privkey
)) {
296 printf("Unable to create SSL_CTX pair\n");
300 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
301 SSL_CTX_set_options(cctx
, SSL_OP_NO_TLSv1_3
);
302 SSL_CTX_set_options(sctx
, SSL_OP_NO_TLSv1_3
);
304 /* We also want to ensure that we use RSA-based key exchange. */
305 rc
= SSL_CTX_set_cipher_list(cctx
, "RSA");
307 printf("Unable to restrict to RSA key exchange.\n");
311 if (SSL_CTX_get_keylog_callback(cctx
)) {
312 printf("Unexpected initial value for client "
313 "SSL_CTX_get_keylog_callback()\n");
316 if (SSL_CTX_get_keylog_callback(sctx
)) {
317 printf("Unexpected initial value for server "
318 "SSL_CTX_get_keylog_callback()\n");
322 SSL_CTX_set_keylog_callback(cctx
, client_keylog_callback
);
323 SSL_CTX_set_keylog_callback(sctx
, server_keylog_callback
);
325 if (SSL_CTX_get_keylog_callback(cctx
) != client_keylog_callback
) {
326 printf("Unexpected set value for client "
327 "SSL_CTX_get_keylog_callback()\n");
330 if (SSL_CTX_get_keylog_callback(sctx
) != server_keylog_callback
) {
331 printf("Unexpected set value for server "
332 "SSL_CTX_get_keylog_callback()\n");
335 /* Now do a handshake and check that the logs have been written to. */
336 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
337 printf("Unable to create SSL objects\n");
341 if (!create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
342 printf("Unable to create SSL connection\n");
346 if (error_writing_log
) {
347 printf("Error encountered while logging\n");
351 if ((client_log_buffer_index
== 0) || (server_log_buffer_index
== 0)) {
352 printf("No logs written\n");
357 * Now we want to test that our output data was vaguely sensible. We
358 * do that by using strtok and confirming that we have more or less the
359 * data we expect. For both client and server, we expect to see one master
360 * secret. The client should also see a RSA key exchange.
362 expected
.rsa_key_exchange_count
= 1;
363 expected
.master_secret_count
= 1;
364 if (!test_keylog_output(client_log_buffer
, clientssl
,
365 SSL_get_session(clientssl
), &expected
)) {
366 printf("Error encountered in client log buffer\n");
370 expected
.rsa_key_exchange_count
= 0;
371 if (!test_keylog_output(server_log_buffer
, serverssl
,
372 SSL_get_session(serverssl
), &expected
)) {
373 printf("Error encountered in server log buffer\n");
388 #ifndef OPENSSL_NO_TLS1_3
389 static int test_keylog_no_master_key(void) {
390 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
391 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
393 struct sslapitest_log_counts expected
= {0};
395 /* Clean up logging space */
396 memset(client_log_buffer
, 0, LOG_BUFFER_SIZE
+ 1);
397 memset(server_log_buffer
, 0, LOG_BUFFER_SIZE
+ 1);
398 client_log_buffer_index
= 0;
399 server_log_buffer_index
= 0;
400 error_writing_log
= 0;
402 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx
,
403 &cctx
, cert
, privkey
)) {
404 printf("Unable to create SSL_CTX pair\n");
408 if (SSL_CTX_get_keylog_callback(cctx
)) {
409 printf("Unexpected initial value for client "
410 "SSL_CTX_get_keylog_callback()\n");
413 if (SSL_CTX_get_keylog_callback(sctx
)) {
414 printf("Unexpected initial value for server "
415 "SSL_CTX_get_keylog_callback()\n");
419 SSL_CTX_set_keylog_callback(cctx
, client_keylog_callback
);
420 SSL_CTX_set_keylog_callback(sctx
, server_keylog_callback
);
422 if (SSL_CTX_get_keylog_callback(cctx
) != client_keylog_callback
) {
423 printf("Unexpected set value for client "
424 "SSL_CTX_get_keylog_callback()\n");
427 if (SSL_CTX_get_keylog_callback(sctx
) != server_keylog_callback
) {
428 printf("Unexpected set value for server "
429 "SSL_CTX_get_keylog_callback()\n");
432 /* Now do a handshake and check that the logs have been written to. */
433 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
434 printf("Unable to create SSL objects\n");
438 if (!create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
439 printf("Unable to create SSL connection\n");
443 if (error_writing_log
) {
444 printf("Error encountered while logging\n");
449 * Now we want to test that our output data was vaguely sensible. For this
450 * test, we expect no CLIENT_RANDOM entry becuase it doesn't make sense for
451 * TLSv1.3, but we do expect both client and server to emit keys.
453 expected
.client_handshake_secret_count
= 1;
454 expected
.server_handshake_secret_count
= 1;
455 expected
.client_application_secret_count
= 1;
456 expected
.server_application_secret_count
= 1;
457 if (!test_keylog_output(client_log_buffer
, clientssl
,
458 SSL_get_session(clientssl
), &expected
)) {
459 printf("Error encountered in client log buffer\n");
462 if (!test_keylog_output(server_log_buffer
, serverssl
,
463 SSL_get_session(serverssl
), &expected
)) {
464 printf("Error encountered in server log buffer\n");
480 static int execute_test_large_message(const SSL_METHOD
*smeth
,
481 const SSL_METHOD
*cmeth
, int read_ahead
)
483 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
484 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
487 BIO
*certbio
= BIO_new_file(cert
, "r");
488 X509
*chaincert
= NULL
;
491 if (certbio
== NULL
) {
492 printf("Can't load the certficate file\n");
495 chaincert
= PEM_read_bio_X509(certbio
, NULL
, NULL
, NULL
);
498 if (chaincert
== NULL
) {
499 printf("Unable to load certificate for chain\n");
503 if (!create_ssl_ctx_pair(smeth
, cmeth
, &sctx
,
504 &cctx
, cert
, privkey
)) {
505 printf("Unable to create SSL_CTX pair\n");
511 * Test that read_ahead works correctly when dealing with large
514 SSL_CTX_set_read_ahead(cctx
, 1);
518 * We assume the supplied certificate is big enough so that if we add
519 * NUM_EXTRA_CERTS it will make the overall message large enough. The
520 * default buffer size is requested to be 16k, but due to the way BUF_MEM
521 * works, it ends up allocing a little over 21k (16 * 4/3). So, in this test
522 * we need to have a message larger than that.
524 certlen
= i2d_X509(chaincert
, NULL
);
525 OPENSSL_assert((certlen
* NUM_EXTRA_CERTS
)
526 > ((SSL3_RT_MAX_PLAIN_LENGTH
* 4) / 3));
527 for (i
= 0; i
< NUM_EXTRA_CERTS
; i
++) {
528 if (!X509_up_ref(chaincert
)) {
529 printf("Unable to up ref cert\n");
532 if (!SSL_CTX_add_extra_chain_cert(sctx
, chaincert
)) {
533 printf("Unable to add extra chain cert %d\n", i
);
534 X509_free(chaincert
);
539 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
540 printf("Unable to create SSL objects\n");
544 if (!create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
545 printf("Unable to create SSL connection\n");
550 * Calling SSL_clear() first is not required but this tests that SSL_clear()
551 * doesn't leak (when using enable-crypto-mdebug).
553 if (!SSL_clear(serverssl
)) {
554 printf("Unexpected failure from SSL_clear()\n");
560 X509_free(chaincert
);
569 static int test_large_message_tls(void)
571 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
575 static int test_large_message_tls_read_ahead(void)
577 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
581 #ifndef OPENSSL_NO_DTLS
582 static int test_large_message_dtls(void)
585 * read_ahead is not relevant to DTLS because DTLS always acts as if
588 return execute_test_large_message(DTLS_server_method(),
589 DTLS_client_method(), 0);
593 #ifndef OPENSSL_NO_OCSP
594 static int ocsp_server_cb(SSL
*s
, void *arg
)
596 int *argi
= (int *)arg
;
597 unsigned char *orespdercopy
= NULL
;
598 STACK_OF(OCSP_RESPID
) *ids
= NULL
;
599 OCSP_RESPID
*id
= NULL
;
602 /* In this test we are expecting exactly 1 OCSP_RESPID */
603 SSL_get_tlsext_status_ids(s
, &ids
);
604 if (ids
== NULL
|| sk_OCSP_RESPID_num(ids
) != 1)
605 return SSL_TLSEXT_ERR_ALERT_FATAL
;
607 id
= sk_OCSP_RESPID_value(ids
, 0);
608 if (id
== NULL
|| !OCSP_RESPID_match(id
, ocspcert
))
609 return SSL_TLSEXT_ERR_ALERT_FATAL
;
610 } else if (*argi
!= 1) {
611 return SSL_TLSEXT_ERR_ALERT_FATAL
;
615 orespdercopy
= OPENSSL_memdup(orespder
, sizeof(orespder
));
616 if (orespdercopy
== NULL
)
617 return SSL_TLSEXT_ERR_ALERT_FATAL
;
619 SSL_set_tlsext_status_ocsp_resp(s
, orespdercopy
, sizeof(orespder
));
621 ocsp_server_called
= 1;
623 return SSL_TLSEXT_ERR_OK
;
626 static int ocsp_client_cb(SSL
*s
, void *arg
)
628 int *argi
= (int *)arg
;
629 const unsigned char *respderin
;
632 if (*argi
!= 1 && *argi
!= 2)
635 len
= SSL_get_tlsext_status_ocsp_resp(s
, &respderin
);
637 if (memcmp(orespder
, respderin
, len
) != 0)
640 ocsp_client_called
= 1;
645 static int test_tlsext_status_type(void)
647 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
648 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
650 STACK_OF(OCSP_RESPID
) *ids
= NULL
;
651 OCSP_RESPID
*id
= NULL
;
654 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx
,
655 &cctx
, cert
, privkey
)) {
656 printf("Unable to create SSL_CTX pair\n");
660 if (SSL_CTX_get_tlsext_status_type(cctx
) != -1) {
661 printf("Unexpected initial value for "
662 "SSL_CTX_get_tlsext_status_type()\n");
666 /* First just do various checks getting and setting tlsext_status_type */
668 clientssl
= SSL_new(cctx
);
669 if (SSL_get_tlsext_status_type(clientssl
) != -1) {
670 printf("Unexpected initial value for SSL_get_tlsext_status_type()\n");
674 if (!SSL_set_tlsext_status_type(clientssl
, TLSEXT_STATUSTYPE_ocsp
)) {
675 printf("Unexpected fail for SSL_set_tlsext_status_type()\n");
679 if (SSL_get_tlsext_status_type(clientssl
) != TLSEXT_STATUSTYPE_ocsp
) {
680 printf("Unexpected result for SSL_get_tlsext_status_type()\n");
687 if (!SSL_CTX_set_tlsext_status_type(cctx
, TLSEXT_STATUSTYPE_ocsp
)) {
688 printf("Unexpected fail for SSL_CTX_set_tlsext_status_type()\n");
692 if (SSL_CTX_get_tlsext_status_type(cctx
) != TLSEXT_STATUSTYPE_ocsp
) {
693 printf("Unexpected result for SSL_CTX_get_tlsext_status_type()\n");
697 clientssl
= SSL_new(cctx
);
699 if (SSL_get_tlsext_status_type(clientssl
) != TLSEXT_STATUSTYPE_ocsp
) {
700 printf("Unexpected result for SSL_get_tlsext_status_type() (test 2)\n");
708 * Now actually do a handshake and check OCSP information is exchanged and
709 * the callbacks get called
712 SSL_CTX_set_tlsext_status_cb(cctx
, ocsp_client_cb
);
713 SSL_CTX_set_tlsext_status_arg(cctx
, &cdummyarg
);
714 SSL_CTX_set_tlsext_status_cb(sctx
, ocsp_server_cb
);
715 SSL_CTX_set_tlsext_status_arg(sctx
, &cdummyarg
);
717 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
718 printf("Unable to create SSL objects\n");
722 if (!create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
723 printf("Unable to create SSL connection\n");
727 if (!ocsp_client_called
|| !ocsp_server_called
) {
728 printf("OCSP callbacks not called\n");
737 /* Try again but this time force the server side callback to fail */
738 ocsp_client_called
= 0;
739 ocsp_server_called
= 0;
742 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
743 printf("Unable to create SSL objects\n");
747 /* This should fail because the callback will fail */
748 if (create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
749 printf("Unexpected success creating the connection\n");
753 if (ocsp_client_called
|| ocsp_server_called
) {
754 printf("OCSP callbacks successfully called unexpectedly\n");
764 * This time we'll get the client to send an OCSP_RESPID that it will
767 ocsp_client_called
= 0;
768 ocsp_server_called
= 0;
771 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
772 printf("Unable to create SSL objects\n");
777 * We'll just use any old cert for this test - it doesn't have to be an OCSP
778 * specifc one. We'll use the server cert.
780 certbio
= BIO_new_file(cert
, "r");
781 if (certbio
== NULL
) {
782 printf("Can't load the certficate file\n");
785 id
= OCSP_RESPID_new();
786 ids
= sk_OCSP_RESPID_new_null();
787 ocspcert
= PEM_read_bio_X509(certbio
, NULL
, NULL
, NULL
);
788 if (id
== NULL
|| ids
== NULL
|| ocspcert
== NULL
789 || !OCSP_RESPID_set_by_key(id
, ocspcert
)
790 || !sk_OCSP_RESPID_push(ids
, id
)) {
791 printf("Unable to set OCSP_RESPIDs\n");
795 SSL_set_tlsext_status_ids(clientssl
, ids
);
796 /* Control has been transferred */
802 if (!create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
803 printf("Unable to create SSL connection\n");
807 if (!ocsp_client_called
|| !ocsp_server_called
) {
808 printf("OCSP callbacks not called\n");
819 sk_OCSP_RESPID_pop_free(ids
, OCSP_RESPID_free
);
820 OCSP_RESPID_free(id
);
829 typedef struct ssl_session_test_fixture
{
830 const char *test_case_name
;
833 } SSL_SESSION_TEST_FIXTURE
;
835 static int new_called
= 0, remove_called
= 0;
837 static SSL_SESSION_TEST_FIXTURE
838 ssl_session_set_up(const char *const test_case_name
)
840 SSL_SESSION_TEST_FIXTURE fixture
;
842 fixture
.test_case_name
= test_case_name
;
843 fixture
.use_ext_cache
= 1;
844 fixture
.use_int_cache
= 1;
846 new_called
= remove_called
= 0;
851 static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture
)
855 static int new_session_cb(SSL
*ssl
, SSL_SESSION
*sess
)
862 static void remove_session_cb(SSL_CTX
*ctx
, SSL_SESSION
*sess
)
867 static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix
)
869 SSL_CTX
*sctx
= NULL
, *cctx
= NULL
;
870 SSL
*serverssl1
= NULL
, *clientssl1
= NULL
;
871 SSL
*serverssl2
= NULL
, *clientssl2
= NULL
;
872 #ifndef OPENSSL_NO_TLS1_1
873 SSL
*serverssl3
= NULL
, *clientssl3
= NULL
;
875 SSL_SESSION
*sess1
= NULL
, *sess2
= NULL
;
878 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx
,
879 &cctx
, cert
, privkey
)) {
880 printf("Unable to create SSL_CTX pair\n");
884 #ifndef OPENSSL_NO_TLS1_2
885 /* Only allow TLS1.2 so we can force a connection failure later */
886 SSL_CTX_set_min_proto_version(cctx
, TLS1_2_VERSION
);
889 /* Set up session cache */
890 if (fix
.use_ext_cache
) {
891 SSL_CTX_sess_set_new_cb(cctx
, new_session_cb
);
892 SSL_CTX_sess_set_remove_cb(cctx
, remove_session_cb
);
894 if (fix
.use_int_cache
) {
895 /* Also covers instance where both are set */
896 SSL_CTX_set_session_cache_mode(cctx
, SSL_SESS_CACHE_CLIENT
);
898 SSL_CTX_set_session_cache_mode(cctx
,
899 SSL_SESS_CACHE_CLIENT
900 | SSL_SESS_CACHE_NO_INTERNAL_STORE
);
903 if (!create_ssl_objects(sctx
, cctx
, &serverssl1
, &clientssl1
, NULL
,
905 printf("Unable to create SSL objects\n");
909 if (!create_ssl_connection(serverssl1
, clientssl1
, SSL_ERROR_NONE
)) {
910 printf("Unable to create SSL connection\n");
913 sess1
= SSL_get1_session(clientssl1
);
915 printf("Unexpected NULL session\n");
919 if (fix
.use_int_cache
&& SSL_CTX_add_session(cctx
, sess1
)) {
920 /* Should have failed because it should already be in the cache */
921 printf("Unexpected success adding session to cache\n");
925 if (fix
.use_ext_cache
&& (new_called
!= 1 || remove_called
!= 0)) {
926 printf("Session not added to cache\n");
930 if (!create_ssl_objects(sctx
, cctx
, &serverssl2
, &clientssl2
, NULL
, NULL
)) {
931 printf("Unable to create second SSL objects\n");
935 if (!create_ssl_connection(serverssl2
, clientssl2
, SSL_ERROR_NONE
)) {
936 printf("Unable to create second SSL connection\n");
940 sess2
= SSL_get1_session(clientssl2
);
942 printf("Unexpected NULL session from clientssl2\n");
946 if (fix
.use_ext_cache
&& (new_called
!= 2 || remove_called
!= 0)) {
947 printf("Remove session callback unexpectedly called\n");
952 * This should clear sess2 from the cache because it is a "bad" session. See
953 * SSL_set_session() documentation.
955 if (!SSL_set_session(clientssl2
, sess1
)) {
956 printf("Unexpected failure setting session\n");
960 if (fix
.use_ext_cache
&& (new_called
!= 2 || remove_called
!= 1)) {
961 printf("Failed to call callback to remove session\n");
966 if (SSL_get_session(clientssl2
) != sess1
) {
967 printf("Unexpected session found\n");
971 if (fix
.use_int_cache
) {
972 if (!SSL_CTX_add_session(cctx
, sess2
)) {
974 * Should have succeeded because it should not already be in the cache
976 printf("Unexpected failure adding session to cache\n");
980 if (!SSL_CTX_remove_session(cctx
, sess2
)) {
981 printf("Unexpected failure removing session from cache\n");
985 /* This is for the purposes of internal cache testing...ignore the
986 * counter for external cache
988 if (fix
.use_ext_cache
)
992 /* This shouldn't be in the cache so should fail */
993 if (SSL_CTX_remove_session(cctx
, sess2
)) {
994 printf("Unexpected success removing session from cache\n");
998 if (fix
.use_ext_cache
&& (new_called
!= 2 || remove_called
!= 2)) {
999 printf("Failed to call callback to remove session #2\n");
1003 #if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
1004 /* Force a connection failure */
1005 SSL_CTX_set_max_proto_version(sctx
, TLS1_1_VERSION
);
1007 if (!create_ssl_objects(sctx
, cctx
, &serverssl3
, &clientssl3
, NULL
, NULL
)) {
1008 printf("Unable to create third SSL objects\n");
1012 if (!SSL_set_session(clientssl3
, sess1
)) {
1013 printf("Unable to set session for third connection\n");
1017 /* This should fail because of the mismatched protocol versions */
1018 if (create_ssl_connection(serverssl3
, clientssl3
, SSL_ERROR_NONE
)) {
1019 printf("Unable to create third SSL connection\n");
1024 /* We should have automatically removed the session from the cache */
1025 if (fix
.use_ext_cache
&& (new_called
!= 2 || remove_called
!= 3)) {
1026 printf("Failed to call callback to remove session #2\n");
1030 if (fix
.use_int_cache
&& !SSL_CTX_add_session(cctx
, sess2
)) {
1032 * Should have succeeded because it should not already be in the cache
1034 printf("Unexpected failure adding session to cache #2\n");
1042 SSL_free(serverssl1
);
1043 SSL_free(clientssl1
);
1044 SSL_free(serverssl2
);
1045 SSL_free(clientssl2
);
1046 #ifndef OPENSSL_NO_TLS1_1
1047 SSL_free(serverssl3
);
1048 SSL_free(clientssl3
);
1050 SSL_SESSION_free(sess1
);
1051 SSL_SESSION_free(sess2
);
1053 * Check if we need to remove any sessions up-refed for the external cache
1055 if (new_called
>= 1)
1056 SSL_SESSION_free(sess1
);
1057 if (new_called
>= 2)
1058 SSL_SESSION_free(sess2
);
1065 static int test_session_with_only_int_cache(void)
1067 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE
, ssl_session_set_up
);
1069 fixture
.use_ext_cache
= 0;
1071 EXECUTE_TEST(execute_test_session
, ssl_session_tear_down
);
1074 static int test_session_with_only_ext_cache(void)
1076 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE
, ssl_session_set_up
);
1078 fixture
.use_int_cache
= 0;
1080 EXECUTE_TEST(execute_test_session
, ssl_session_tear_down
);
1083 static int test_session_with_both_cache(void)
1085 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE
, ssl_session_set_up
);
1087 EXECUTE_TEST(execute_test_session
, ssl_session_tear_down
);
1094 #define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
1096 static void setupbio(BIO
**res
, BIO
*bio1
, BIO
*bio2
, int type
)
1111 static int test_ssl_set_bio(int idx
)
1113 SSL_CTX
*ctx
= SSL_CTX_new(TLS_method());
1116 BIO
*irbio
= NULL
, *iwbio
= NULL
, *nrbio
= NULL
, *nwbio
= NULL
;
1118 int initrbio
, initwbio
, newrbio
, newwbio
;
1122 printf("Failed to allocate SSL_CTX\n");
1128 printf("Failed to allocate SSL object\n");
1139 OPENSSL_assert(newwbio
<= 2);
1141 if (initrbio
== USE_BIO_1
|| initwbio
== USE_BIO_1
|| newrbio
== USE_BIO_1
1142 || newwbio
== USE_BIO_1
) {
1143 bio1
= BIO_new(BIO_s_mem());
1145 printf("Failed to allocate bio1\n");
1150 if (initrbio
== USE_BIO_2
|| initwbio
== USE_BIO_2
|| newrbio
== USE_BIO_2
1151 || newwbio
== USE_BIO_2
) {
1152 bio2
= BIO_new(BIO_s_mem());
1154 printf("Failed to allocate bio2\n");
1159 setupbio(&irbio
, bio1
, bio2
, initrbio
);
1160 setupbio(&iwbio
, bio1
, bio2
, initwbio
);
1163 * We want to maintain our own refs to these BIO, so do an up ref for each
1164 * BIO that will have ownersip transferred in the SSL_set_bio() call
1168 if (iwbio
!= NULL
&& iwbio
!= irbio
)
1171 SSL_set_bio(ssl
, irbio
, iwbio
);
1173 setupbio(&nrbio
, bio1
, bio2
, newrbio
);
1174 setupbio(&nwbio
, bio1
, bio2
, newwbio
);
1177 * We will (maybe) transfer ownership again so do more up refs.
1178 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1181 if (nrbio
!= NULL
&& nrbio
!= irbio
&& (nwbio
!= iwbio
|| nrbio
!= nwbio
))
1183 if (nwbio
!= NULL
&& nwbio
!= nrbio
&& (nwbio
!= iwbio
|| (nwbio
== iwbio
&& irbio
== iwbio
)))
1186 SSL_set_bio(ssl
, nrbio
, nwbio
);
1195 * This test is checking that the ref counting for SSL_set_bio is correct.
1196 * If we get here and we did too many frees then we will fail in the above
1197 * functions. If we haven't done enough then this will only be detected in
1198 * a crypto-mdebug build
1205 typedef struct ssl_bio_test_fixture
{
1206 const char *test_case_name
;
1208 enum { NO_BIO_CHANGE
, CHANGE_RBIO
, CHANGE_WBIO
} change_bio
;
1209 } SSL_BIO_TEST_FIXTURE
;
1211 static SSL_BIO_TEST_FIXTURE
ssl_bio_set_up(const char *const test_case_name
)
1213 SSL_BIO_TEST_FIXTURE fixture
;
1215 fixture
.test_case_name
= test_case_name
;
1216 fixture
.pop_ssl
= 0;
1217 fixture
.change_bio
= NO_BIO_CHANGE
;
1222 static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture
)
1226 static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix
)
1228 BIO
*sslbio
= NULL
, *membio1
= NULL
, *membio2
= NULL
;
1229 SSL_CTX
*ctx
= SSL_CTX_new(TLS_method());
1234 printf("Failed to allocate SSL_CTX\n");
1240 printf("Failed to allocate SSL object\n");
1244 sslbio
= BIO_new(BIO_f_ssl());
1245 membio1
= BIO_new(BIO_s_mem());
1247 if (sslbio
== NULL
|| membio1
== NULL
) {
1248 printf("Malloc failure creating BIOs\n");
1252 BIO_set_ssl(sslbio
, ssl
, BIO_CLOSE
);
1255 * If anything goes wrong here then we could leak memory, so this will
1256 * be caught in a crypto-mdebug build
1258 BIO_push(sslbio
, membio1
);
1260 /* Verify chaning the rbio/wbio directly does not cause leaks */
1261 if (fix
.change_bio
!= NO_BIO_CHANGE
) {
1262 membio2
= BIO_new(BIO_s_mem());
1263 if (membio2
== NULL
) {
1264 printf("Malloc failure creating membio2\n");
1267 if (fix
.change_bio
== CHANGE_RBIO
)
1268 SSL_set0_rbio(ssl
, membio2
);
1270 SSL_set0_wbio(ssl
, membio2
);
1289 static int test_ssl_bio_pop_next_bio(void)
1291 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE
, ssl_bio_set_up
);
1293 EXECUTE_TEST(execute_test_ssl_bio
, ssl_bio_tear_down
);
1296 static int test_ssl_bio_pop_ssl_bio(void)
1298 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE
, ssl_bio_set_up
);
1300 fixture
.pop_ssl
= 1;
1302 EXECUTE_TEST(execute_test_ssl_bio
, ssl_bio_tear_down
);
1305 static int test_ssl_bio_change_rbio(void)
1307 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE
, ssl_bio_set_up
);
1309 fixture
.change_bio
= CHANGE_RBIO
;
1311 EXECUTE_TEST(execute_test_ssl_bio
, ssl_bio_tear_down
);
1314 static int test_ssl_bio_change_wbio(void)
1316 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE
, ssl_bio_set_up
);
1318 fixture
.change_bio
= CHANGE_WBIO
;
1320 EXECUTE_TEST(execute_test_ssl_bio
, ssl_bio_tear_down
);
1324 /* The list of sig algs */
1326 /* The length of the list */
1328 /* A sigalgs list in string format */
1329 const char *liststr
;
1330 /* Whether setting the list should succeed */
1332 /* Whether creating a connection with the list should succeed */
1336 static const int validlist1
[] = {NID_sha256
, EVP_PKEY_RSA
};
1337 #ifndef OPENSSL_NO_EC
1338 static const int validlist2
[] = {NID_sha256
, EVP_PKEY_RSA
, NID_sha512
, EVP_PKEY_EC
};
1339 static const int validlist3
[] = {NID_sha512
, EVP_PKEY_EC
};
1341 static const int invalidlist1
[] = {NID_undef
, EVP_PKEY_RSA
};
1342 static const int invalidlist2
[] = {NID_sha256
, NID_undef
};
1343 static const int invalidlist3
[] = {NID_sha256
, EVP_PKEY_RSA
, NID_sha256
};
1344 static const int invalidlist4
[] = {NID_sha256
};
1345 static const sigalgs_list testsigalgs
[] = {
1346 {validlist1
, OSSL_NELEM(validlist1
), NULL
, 1, 1},
1347 #ifndef OPENSSL_NO_EC
1348 {validlist2
, OSSL_NELEM(validlist2
), NULL
, 1, 1},
1349 {validlist3
, OSSL_NELEM(validlist3
), NULL
, 1, 0},
1351 {NULL
, 0, "RSA+SHA256", 1, 1},
1352 #ifndef OPENSSL_NO_EC
1353 {NULL
, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
1354 {NULL
, 0, "ECDSA+SHA512", 1, 0},
1356 {invalidlist1
, OSSL_NELEM(invalidlist1
), NULL
, 0, 0},
1357 {invalidlist2
, OSSL_NELEM(invalidlist2
), NULL
, 0, 0},
1358 {invalidlist3
, OSSL_NELEM(invalidlist3
), NULL
, 0, 0},
1359 {invalidlist4
, OSSL_NELEM(invalidlist4
), NULL
, 0, 0},
1360 {NULL
, 0, "RSA", 0, 0},
1361 {NULL
, 0, "SHA256", 0, 0},
1362 {NULL
, 0, "RSA+SHA256:SHA256", 0, 0},
1363 {NULL
, 0, "Invalid", 0, 0}};
1365 static int test_set_sigalgs(int idx
)
1367 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
1368 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
1370 const sigalgs_list
*curr
;
1373 /* Should never happen */
1374 if ((size_t)idx
>= OSSL_NELEM(testsigalgs
) * 2)
1377 testctx
= ((size_t)idx
< OSSL_NELEM(testsigalgs
));
1378 curr
= testctx
? &testsigalgs
[idx
]
1379 : &testsigalgs
[idx
- OSSL_NELEM(testsigalgs
)];
1381 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx
,
1382 &cctx
, cert
, privkey
)) {
1383 printf("Unable to create SSL_CTX pair\n");
1388 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
1389 * for TLSv1.2 for now until we add a new API.
1391 SSL_CTX_set_max_proto_version(cctx
, TLS1_2_VERSION
);
1395 if (curr
->list
!= NULL
)
1396 ret
= SSL_CTX_set1_sigalgs(cctx
, curr
->list
, curr
->listlen
);
1398 ret
= SSL_CTX_set1_sigalgs_list(cctx
, curr
->liststr
);
1402 printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n",
1409 printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx
);
1414 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
1415 printf("Unable to create SSL objects\n");
1422 if (curr
->list
!= NULL
)
1423 ret
= SSL_set1_sigalgs(clientssl
, curr
->list
, curr
->listlen
);
1425 ret
= SSL_set1_sigalgs_list(clientssl
, curr
->liststr
);
1428 printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx
);
1434 printf("Unexpected success setting sigalgs in SSL (%d)\n", idx
);
1439 if (curr
->connsuccess
!= create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
1440 printf("Unexpected return value creating SSL connection (%d)\n", idx
);
1447 SSL_free(serverssl
);
1448 SSL_free(clientssl
);
1455 int test_main(int argc
, char *argv
[])
1460 printf("Invalid argument count\n");
1467 ADD_TEST(test_large_message_tls
);
1468 ADD_TEST(test_large_message_tls_read_ahead
);
1469 #ifndef OPENSSL_NO_DTLS
1470 ADD_TEST(test_large_message_dtls
);
1472 #ifndef OPENSSL_NO_OCSP
1473 ADD_TEST(test_tlsext_status_type
);
1475 ADD_TEST(test_session_with_only_int_cache
);
1476 ADD_TEST(test_session_with_only_ext_cache
);
1477 ADD_TEST(test_session_with_both_cache
);
1478 ADD_ALL_TESTS(test_ssl_set_bio
, TOTAL_SSL_SET_BIO_TESTS
);
1479 ADD_TEST(test_ssl_bio_pop_next_bio
);
1480 ADD_TEST(test_ssl_bio_pop_ssl_bio
);
1481 ADD_TEST(test_ssl_bio_change_rbio
);
1482 ADD_TEST(test_ssl_bio_change_wbio
);
1483 ADD_ALL_TESTS(test_set_sigalgs
, OSSL_NELEM(testsigalgs
) * 2);
1484 ADD_TEST(test_keylog
);
1485 #ifndef OPENSSL_NO_TLS1_3
1486 ADD_TEST(test_keylog_no_master_key
);
1489 testresult
= run_tests(argv
[0]);
1491 bio_s_mempacket_test_free();