ssl_test.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546
  1. /*
  2. * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <openssl/conf.h>
  12. #include <openssl/err.h>
  13. #include <openssl/ssl.h>
  14. #include <openssl/provider.h>
  15. #include "handshake_helper.h"
  16. #include "ssl_test_ctx.h"
  17. #include "testutil.h"
  18. static CONF *conf = NULL;
  19. static OSSL_PROVIDER *defctxnull = NULL, *thisprov = NULL;
  20. static OSSL_LIB_CTX *libctx = NULL;
  21. /* Currently the section names are of the form test-<number>, e.g. test-15. */
  22. #define MAX_TESTCASE_NAME_LENGTH 100
  23. static const char *print_alert(int alert)
  24. {
  25. return alert ? SSL_alert_desc_string_long(alert) : "no alert";
  26. }
  27. static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  28. {
  29. if (!TEST_int_eq(result->result, test_ctx->expected_result)) {
  30. TEST_info("ExpectedResult mismatch: expected %s, got %s.",
  31. ssl_test_result_name(test_ctx->expected_result),
  32. ssl_test_result_name(result->result));
  33. return 0;
  34. }
  35. return 1;
  36. }
  37. static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  38. {
  39. if (!TEST_int_eq(result->client_alert_sent,
  40. result->client_alert_received)) {
  41. TEST_info("Client sent alert %s but server received %s.",
  42. print_alert(result->client_alert_sent),
  43. print_alert(result->client_alert_received));
  44. /*
  45. * We can't bail here because the peer doesn't always get far enough
  46. * to process a received alert. Specifically, in protocol version
  47. * negotiation tests, we have the following scenario.
  48. * Client supports TLS v1.2 only; Server supports TLS v1.1.
  49. * Client proposes TLS v1.2; server responds with 1.1;
  50. * Client now sends a protocol alert, using TLS v1.2 in the header.
  51. * The server, however, rejects the alert because of version mismatch
  52. * in the record layer; therefore, the server appears to never
  53. * receive the alert.
  54. */
  55. /* return 0; */
  56. }
  57. if (!TEST_int_eq(result->server_alert_sent,
  58. result->server_alert_received)) {
  59. TEST_info("Server sent alert %s but client received %s.",
  60. print_alert(result->server_alert_sent),
  61. print_alert(result->server_alert_received));
  62. /* return 0; */
  63. }
  64. /* Tolerate an alert if one wasn't explicitly specified in the test. */
  65. if (test_ctx->expected_client_alert
  66. /*
  67. * The info callback alert value is computed as
  68. * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
  69. * where the low byte is the alert code and the high byte is other stuff.
  70. */
  71. && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
  72. TEST_error("ClientAlert mismatch: expected %s, got %s.",
  73. print_alert(test_ctx->expected_client_alert),
  74. print_alert(result->client_alert_sent));
  75. return 0;
  76. }
  77. if (test_ctx->expected_server_alert
  78. && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
  79. TEST_error("ServerAlert mismatch: expected %s, got %s.",
  80. print_alert(test_ctx->expected_server_alert),
  81. print_alert(result->server_alert_sent));
  82. return 0;
  83. }
  84. if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1))
  85. return 0;
  86. if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1))
  87. return 0;
  88. return 1;
  89. }
  90. static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  91. {
  92. if (!TEST_int_eq(result->client_protocol, result->server_protocol)) {
  93. TEST_info("Client has protocol %s but server has %s.",
  94. ssl_protocol_name(result->client_protocol),
  95. ssl_protocol_name(result->server_protocol));
  96. return 0;
  97. }
  98. if (test_ctx->expected_protocol) {
  99. if (!TEST_int_eq(result->client_protocol,
  100. test_ctx->expected_protocol)) {
  101. TEST_info("Protocol mismatch: expected %s, got %s.\n",
  102. ssl_protocol_name(test_ctx->expected_protocol),
  103. ssl_protocol_name(result->client_protocol));
  104. return 0;
  105. }
  106. }
  107. return 1;
  108. }
  109. static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  110. {
  111. if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) {
  112. TEST_info("Client ServerName mismatch, expected %s, got %s.",
  113. ssl_servername_name(test_ctx->expected_servername),
  114. ssl_servername_name(result->servername));
  115. return 0;
  116. }
  117. return 1;
  118. }
  119. static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  120. {
  121. if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
  122. return 1;
  123. if (!TEST_int_eq(result->session_ticket,
  124. test_ctx->session_ticket_expected)) {
  125. TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.",
  126. ssl_session_ticket_name(test_ctx->session_ticket_expected),
  127. ssl_session_ticket_name(result->session_ticket));
  128. return 0;
  129. }
  130. return 1;
  131. }
  132. static int check_session_id(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  133. {
  134. if (test_ctx->session_id_expected == SSL_TEST_SESSION_ID_IGNORE)
  135. return 1;
  136. if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) {
  137. TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.",
  138. ssl_session_id_name(test_ctx->session_id_expected),
  139. ssl_session_id_name(result->session_id));
  140. return 0;
  141. }
  142. return 1;
  143. }
  144. static int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  145. {
  146. if (!TEST_int_eq(result->compression, test_ctx->compression_expected))
  147. return 0;
  148. return 1;
  149. }
  150. #ifndef OPENSSL_NO_NEXTPROTONEG
  151. static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  152. {
  153. int ret = 1;
  154. if (!TEST_str_eq(result->client_npn_negotiated,
  155. result->server_npn_negotiated))
  156. ret = 0;
  157. if (!TEST_str_eq(test_ctx->expected_npn_protocol,
  158. result->client_npn_negotiated))
  159. ret = 0;
  160. return ret;
  161. }
  162. #endif
  163. static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  164. {
  165. int ret = 1;
  166. if (!TEST_str_eq(result->client_alpn_negotiated,
  167. result->server_alpn_negotiated))
  168. ret = 0;
  169. if (!TEST_str_eq(test_ctx->expected_alpn_protocol,
  170. result->client_alpn_negotiated))
  171. ret = 0;
  172. return ret;
  173. }
  174. static int check_session_ticket_app_data(HANDSHAKE_RESULT *result,
  175. SSL_TEST_CTX *test_ctx)
  176. {
  177. size_t result_len = 0;
  178. size_t expected_len = 0;
  179. /* consider empty and NULL strings to be the same */
  180. if (result->result_session_ticket_app_data != NULL)
  181. result_len = strlen(result->result_session_ticket_app_data);
  182. if (test_ctx->expected_session_ticket_app_data != NULL)
  183. expected_len = strlen(test_ctx->expected_session_ticket_app_data);
  184. if (result_len == 0 && expected_len == 0)
  185. return 1;
  186. if (!TEST_str_eq(result->result_session_ticket_app_data,
  187. test_ctx->expected_session_ticket_app_data))
  188. return 0;
  189. return 1;
  190. }
  191. static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  192. {
  193. if (!TEST_int_eq(result->client_resumed, result->server_resumed))
  194. return 0;
  195. if (!TEST_int_eq(result->client_resumed, test_ctx->resumption_expected))
  196. return 0;
  197. return 1;
  198. }
  199. static int check_nid(const char *name, int expected_nid, int nid)
  200. {
  201. if (expected_nid == 0 || expected_nid == nid)
  202. return 1;
  203. TEST_error("%s type mismatch, %s vs %s\n",
  204. name, OBJ_nid2ln(expected_nid),
  205. nid == NID_undef ? "absent" : OBJ_nid2ln(nid));
  206. return 0;
  207. }
  208. static void print_ca_names(STACK_OF(X509_NAME) *names)
  209. {
  210. int i;
  211. if (names == NULL || sk_X509_NAME_num(names) == 0) {
  212. TEST_note(" <empty>");
  213. return;
  214. }
  215. for (i = 0; i < sk_X509_NAME_num(names); i++) {
  216. X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4,
  217. XN_FLAG_ONELINE);
  218. BIO_puts(bio_err, "\n");
  219. }
  220. }
  221. static int check_ca_names(const char *name,
  222. STACK_OF(X509_NAME) *expected_names,
  223. STACK_OF(X509_NAME) *names)
  224. {
  225. int i;
  226. if (expected_names == NULL)
  227. return 1;
  228. if (names == NULL || sk_X509_NAME_num(names) == 0) {
  229. if (TEST_int_eq(sk_X509_NAME_num(expected_names), 0))
  230. return 1;
  231. goto err;
  232. }
  233. if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names))
  234. goto err;
  235. for (i = 0; i < sk_X509_NAME_num(names); i++) {
  236. if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i),
  237. sk_X509_NAME_value(expected_names, i)),
  238. 0)) {
  239. goto err;
  240. }
  241. }
  242. return 1;
  243. err:
  244. TEST_info("%s: list mismatch", name);
  245. TEST_note("Expected Names:");
  246. print_ca_names(expected_names);
  247. TEST_note("Received Names:");
  248. print_ca_names(names);
  249. return 0;
  250. }
  251. static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  252. {
  253. return check_nid("Tmp key", test_ctx->expected_tmp_key_type,
  254. result->tmp_key_type);
  255. }
  256. static int check_server_cert_type(HANDSHAKE_RESULT *result,
  257. SSL_TEST_CTX *test_ctx)
  258. {
  259. return check_nid("Server certificate", test_ctx->expected_server_cert_type,
  260. result->server_cert_type);
  261. }
  262. static int check_server_sign_hash(HANDSHAKE_RESULT *result,
  263. SSL_TEST_CTX *test_ctx)
  264. {
  265. return check_nid("Server signing hash", test_ctx->expected_server_sign_hash,
  266. result->server_sign_hash);
  267. }
  268. static int check_server_sign_type(HANDSHAKE_RESULT *result,
  269. SSL_TEST_CTX *test_ctx)
  270. {
  271. return check_nid("Server signing", test_ctx->expected_server_sign_type,
  272. result->server_sign_type);
  273. }
  274. static int check_server_ca_names(HANDSHAKE_RESULT *result,
  275. SSL_TEST_CTX *test_ctx)
  276. {
  277. return check_ca_names("Server CA names",
  278. test_ctx->expected_server_ca_names,
  279. result->server_ca_names);
  280. }
  281. static int check_client_cert_type(HANDSHAKE_RESULT *result,
  282. SSL_TEST_CTX *test_ctx)
  283. {
  284. return check_nid("Client certificate", test_ctx->expected_client_cert_type,
  285. result->client_cert_type);
  286. }
  287. static int check_client_sign_hash(HANDSHAKE_RESULT *result,
  288. SSL_TEST_CTX *test_ctx)
  289. {
  290. return check_nid("Client signing hash", test_ctx->expected_client_sign_hash,
  291. result->client_sign_hash);
  292. }
  293. static int check_client_sign_type(HANDSHAKE_RESULT *result,
  294. SSL_TEST_CTX *test_ctx)
  295. {
  296. return check_nid("Client signing", test_ctx->expected_client_sign_type,
  297. result->client_sign_type);
  298. }
  299. static int check_client_ca_names(HANDSHAKE_RESULT *result,
  300. SSL_TEST_CTX *test_ctx)
  301. {
  302. return check_ca_names("Client CA names",
  303. test_ctx->expected_client_ca_names,
  304. result->client_ca_names);
  305. }
  306. static int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  307. {
  308. if (test_ctx->expected_cipher == NULL)
  309. return 1;
  310. if (!TEST_ptr(result->cipher))
  311. return 0;
  312. if (!TEST_str_eq(test_ctx->expected_cipher,
  313. result->cipher))
  314. return 0;
  315. return 1;
  316. }
  317. /*
  318. * This could be further simplified by constructing an expected
  319. * HANDSHAKE_RESULT, and implementing comparison methods for
  320. * its fields.
  321. */
  322. static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  323. {
  324. int ret = 1;
  325. ret &= check_result(result, test_ctx);
  326. ret &= check_alerts(result, test_ctx);
  327. if (result->result == SSL_TEST_SUCCESS) {
  328. ret &= check_protocol(result, test_ctx);
  329. ret &= check_servername(result, test_ctx);
  330. ret &= check_session_ticket(result, test_ctx);
  331. ret &= check_compression(result, test_ctx);
  332. ret &= check_session_id(result, test_ctx);
  333. ret &= (result->session_ticket_do_not_call == 0);
  334. #ifndef OPENSSL_NO_NEXTPROTONEG
  335. ret &= check_npn(result, test_ctx);
  336. #endif
  337. ret &= check_cipher(result, test_ctx);
  338. ret &= check_alpn(result, test_ctx);
  339. ret &= check_session_ticket_app_data(result, test_ctx);
  340. ret &= check_resumption(result, test_ctx);
  341. ret &= check_tmp_key(result, test_ctx);
  342. ret &= check_server_cert_type(result, test_ctx);
  343. ret &= check_server_sign_hash(result, test_ctx);
  344. ret &= check_server_sign_type(result, test_ctx);
  345. ret &= check_server_ca_names(result, test_ctx);
  346. ret &= check_client_cert_type(result, test_ctx);
  347. ret &= check_client_sign_hash(result, test_ctx);
  348. ret &= check_client_sign_type(result, test_ctx);
  349. ret &= check_client_ca_names(result, test_ctx);
  350. }
  351. return ret;
  352. }
  353. static int test_handshake(int idx)
  354. {
  355. int ret = 0;
  356. SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
  357. *resume_server_ctx = NULL, *resume_client_ctx = NULL;
  358. SSL_TEST_CTX *test_ctx = NULL;
  359. HANDSHAKE_RESULT *result = NULL;
  360. char test_app[MAX_TESTCASE_NAME_LENGTH];
  361. BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx);
  362. test_ctx = SSL_TEST_CTX_create(conf, test_app, libctx);
  363. if (!TEST_ptr(test_ctx))
  364. goto err;
  365. #ifndef OPENSSL_NO_DTLS
  366. if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
  367. server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method());
  368. if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
  369. goto err;
  370. if (test_ctx->extra.server.servername_callback !=
  371. SSL_TEST_SERVERNAME_CB_NONE) {
  372. if (!TEST_ptr(server2_ctx =
  373. SSL_CTX_new_ex(libctx, NULL, DTLS_server_method())))
  374. goto err;
  375. }
  376. client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method());
  377. if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
  378. goto err;
  379. if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
  380. resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
  381. DTLS_server_method());
  382. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
  383. goto err;
  384. resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
  385. DTLS_client_method());
  386. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
  387. goto err;
  388. if (!TEST_ptr(resume_server_ctx)
  389. || !TEST_ptr(resume_client_ctx))
  390. goto err;
  391. }
  392. }
  393. #endif
  394. if (test_ctx->method == SSL_TEST_METHOD_TLS) {
  395. server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
  396. if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
  397. goto err;
  398. /* SNI on resumption isn't supported/tested yet. */
  399. if (test_ctx->extra.server.servername_callback !=
  400. SSL_TEST_SERVERNAME_CB_NONE) {
  401. if (!TEST_ptr(server2_ctx =
  402. SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
  403. goto err;
  404. if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, 0)))
  405. goto err;
  406. }
  407. client_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method());
  408. if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
  409. goto err;
  410. if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
  411. resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
  412. TLS_server_method());
  413. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
  414. goto err;
  415. resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
  416. TLS_client_method());
  417. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
  418. goto err;
  419. if (!TEST_ptr(resume_server_ctx)
  420. || !TEST_ptr(resume_client_ctx))
  421. goto err;
  422. }
  423. }
  424. #ifdef OPENSSL_NO_AUTOLOAD_CONFIG
  425. if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)))
  426. goto err;
  427. #endif
  428. if (!TEST_ptr(server_ctx)
  429. || !TEST_ptr(client_ctx)
  430. || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0))
  431. goto err;
  432. if (!SSL_CTX_config(server_ctx, "server")
  433. || !SSL_CTX_config(client_ctx, "client")) {
  434. goto err;
  435. }
  436. if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
  437. goto err;
  438. if (resume_server_ctx != NULL
  439. && !SSL_CTX_config(resume_server_ctx, "resume-server"))
  440. goto err;
  441. if (resume_client_ctx != NULL
  442. && !SSL_CTX_config(resume_client_ctx, "resume-client"))
  443. goto err;
  444. result = do_handshake(server_ctx, server2_ctx, client_ctx,
  445. resume_server_ctx, resume_client_ctx, test_ctx);
  446. if (result != NULL)
  447. ret = check_test(result, test_ctx);
  448. err:
  449. CONF_modules_unload(0);
  450. SSL_CTX_free(server_ctx);
  451. SSL_CTX_free(server2_ctx);
  452. SSL_CTX_free(client_ctx);
  453. SSL_CTX_free(resume_server_ctx);
  454. SSL_CTX_free(resume_client_ctx);
  455. SSL_TEST_CTX_free(test_ctx);
  456. HANDSHAKE_RESULT_free(result);
  457. return ret;
  458. }
  459. #define USAGE "conf_file module_name [module_conf_file]\n"
  460. OPT_TEST_DECLARE_USAGE(USAGE)
  461. int setup_tests(void)
  462. {
  463. long num_tests;
  464. if (!test_skip_common_options()) {
  465. TEST_error("Error parsing test options\n");
  466. return 0;
  467. }
  468. if (!TEST_ptr(conf = NCONF_new(NULL))
  469. /* argv[1] should point to the test conf file */
  470. || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)
  471. || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests",
  472. &num_tests), 0)) {
  473. TEST_error("usage: ssl_test %s", USAGE);
  474. return 0;
  475. }
  476. if (!test_get_libctx(&libctx, &defctxnull, &thisprov, 1, USAGE))
  477. return 0;
  478. ADD_ALL_TESTS(test_handshake, (int)num_tests);
  479. return 1;
  480. }
  481. void cleanup_tests(void)
  482. {
  483. NCONF_free(conf);
  484. OSSL_PROVIDER_unload(defctxnull);
  485. OSSL_PROVIDER_unload(thisprov);
  486. OSSL_LIB_CTX_free(libctx);
  487. }