ssl_test.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523
  1. /*
  2. * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <openssl/conf.h>
  12. #include <openssl/err.h>
  13. #include <openssl/ssl.h>
  14. #include "handshake_helper.h"
  15. #include "ssl_test_ctx.h"
  16. #include "testutil.h"
  17. static CONF *conf = NULL;
  18. /* Currently the section names are of the form test-<number>, e.g. test-15. */
  19. #define MAX_TESTCASE_NAME_LENGTH 100
  20. static const char *print_alert(int alert)
  21. {
  22. return alert ? SSL_alert_desc_string_long(alert) : "no alert";
  23. }
  24. static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  25. {
  26. if (!TEST_int_eq(result->result, test_ctx->expected_result)) {
  27. TEST_info("ExpectedResult mismatch: expected %s, got %s.",
  28. ssl_test_result_name(test_ctx->expected_result),
  29. ssl_test_result_name(result->result));
  30. return 0;
  31. }
  32. return 1;
  33. }
  34. static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  35. {
  36. if (!TEST_int_eq(result->client_alert_sent,
  37. result->client_alert_received)) {
  38. TEST_info("Client sent alert %s but server received %s.",
  39. print_alert(result->client_alert_sent),
  40. print_alert(result->client_alert_received));
  41. /*
  42. * We can't bail here because the peer doesn't always get far enough
  43. * to process a received alert. Specifically, in protocol version
  44. * negotiation tests, we have the following scenario.
  45. * Client supports TLS v1.2 only; Server supports TLS v1.1.
  46. * Client proposes TLS v1.2; server responds with 1.1;
  47. * Client now sends a protocol alert, using TLS v1.2 in the header.
  48. * The server, however, rejects the alert because of version mismatch
  49. * in the record layer; therefore, the server appears to never
  50. * receive the alert.
  51. */
  52. /* return 0; */
  53. }
  54. if (!TEST_int_eq(result->server_alert_sent,
  55. result->server_alert_received)) {
  56. TEST_info("Server sent alert %s but client received %s.",
  57. print_alert(result->server_alert_sent),
  58. print_alert(result->server_alert_received));
  59. /* return 0; */
  60. }
  61. /* Tolerate an alert if one wasn't explicitly specified in the test. */
  62. if (test_ctx->expected_client_alert
  63. /*
  64. * The info callback alert value is computed as
  65. * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
  66. * where the low byte is the alert code and the high byte is other stuff.
  67. */
  68. && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
  69. TEST_error("ClientAlert mismatch: expected %s, got %s.",
  70. print_alert(test_ctx->expected_client_alert),
  71. print_alert(result->client_alert_sent));
  72. return 0;
  73. }
  74. if (test_ctx->expected_server_alert
  75. && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
  76. TEST_error("ServerAlert mismatch: expected %s, got %s.",
  77. print_alert(test_ctx->expected_server_alert),
  78. print_alert(result->server_alert_sent));
  79. return 0;
  80. }
  81. if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1))
  82. return 0;
  83. if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1))
  84. return 0;
  85. return 1;
  86. }
  87. static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  88. {
  89. if (!TEST_int_eq(result->client_protocol, result->server_protocol)) {
  90. TEST_info("Client has protocol %s but server has %s.",
  91. ssl_protocol_name(result->client_protocol),
  92. ssl_protocol_name(result->server_protocol));
  93. return 0;
  94. }
  95. if (test_ctx->expected_protocol) {
  96. if (!TEST_int_eq(result->client_protocol,
  97. test_ctx->expected_protocol)) {
  98. TEST_info("Protocol mismatch: expected %s, got %s.\n",
  99. ssl_protocol_name(test_ctx->expected_protocol),
  100. ssl_protocol_name(result->client_protocol));
  101. return 0;
  102. }
  103. }
  104. return 1;
  105. }
  106. static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  107. {
  108. if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) {
  109. TEST_info("Client ServerName mismatch, expected %s, got %s.",
  110. ssl_servername_name(test_ctx->expected_servername),
  111. ssl_servername_name(result->servername));
  112. return 0;
  113. }
  114. return 1;
  115. }
  116. static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  117. {
  118. if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
  119. return 1;
  120. if (!TEST_int_eq(result->session_ticket,
  121. test_ctx->session_ticket_expected)) {
  122. TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.",
  123. ssl_session_ticket_name(test_ctx->session_ticket_expected),
  124. ssl_session_ticket_name(result->session_ticket));
  125. return 0;
  126. }
  127. return 1;
  128. }
  129. static int check_session_id(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  130. {
  131. if (test_ctx->session_id_expected == SSL_TEST_SESSION_ID_IGNORE)
  132. return 1;
  133. if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) {
  134. TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.",
  135. ssl_session_id_name(test_ctx->session_id_expected),
  136. ssl_session_id_name(result->session_id));
  137. return 0;
  138. }
  139. return 1;
  140. }
  141. static int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  142. {
  143. if (!TEST_int_eq(result->compression, test_ctx->compression_expected))
  144. return 0;
  145. return 1;
  146. }
  147. #ifndef OPENSSL_NO_NEXTPROTONEG
  148. static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  149. {
  150. int ret = 1;
  151. if (!TEST_str_eq(result->client_npn_negotiated,
  152. result->server_npn_negotiated))
  153. ret = 0;
  154. if (!TEST_str_eq(test_ctx->expected_npn_protocol,
  155. result->client_npn_negotiated))
  156. ret = 0;
  157. return ret;
  158. }
  159. #endif
  160. static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  161. {
  162. int ret = 1;
  163. if (!TEST_str_eq(result->client_alpn_negotiated,
  164. result->server_alpn_negotiated))
  165. ret = 0;
  166. if (!TEST_str_eq(test_ctx->expected_alpn_protocol,
  167. result->client_alpn_negotiated))
  168. ret = 0;
  169. return ret;
  170. }
  171. static int check_session_ticket_app_data(HANDSHAKE_RESULT *result,
  172. SSL_TEST_CTX *test_ctx)
  173. {
  174. size_t result_len = 0;
  175. size_t expected_len = 0;
  176. /* consider empty and NULL strings to be the same */
  177. if (result->result_session_ticket_app_data != NULL)
  178. result_len = strlen(result->result_session_ticket_app_data);
  179. if (test_ctx->expected_session_ticket_app_data != NULL)
  180. expected_len = strlen(test_ctx->expected_session_ticket_app_data);
  181. if (result_len == 0 && expected_len == 0)
  182. return 1;
  183. if (!TEST_str_eq(result->result_session_ticket_app_data,
  184. test_ctx->expected_session_ticket_app_data))
  185. return 0;
  186. return 1;
  187. }
  188. static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  189. {
  190. if (!TEST_int_eq(result->client_resumed, result->server_resumed))
  191. return 0;
  192. if (!TEST_int_eq(result->client_resumed, test_ctx->resumption_expected))
  193. return 0;
  194. return 1;
  195. }
  196. static int check_nid(const char *name, int expected_nid, int nid)
  197. {
  198. if (expected_nid == 0 || expected_nid == nid)
  199. return 1;
  200. TEST_error("%s type mismatch, %s vs %s\n",
  201. name, OBJ_nid2ln(expected_nid),
  202. nid == NID_undef ? "absent" : OBJ_nid2ln(nid));
  203. return 0;
  204. }
  205. static void print_ca_names(STACK_OF(X509_NAME) *names)
  206. {
  207. int i;
  208. if (names == NULL || sk_X509_NAME_num(names) == 0) {
  209. TEST_note(" <empty>");
  210. return;
  211. }
  212. for (i = 0; i < sk_X509_NAME_num(names); i++) {
  213. X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4,
  214. XN_FLAG_ONELINE);
  215. BIO_puts(bio_err, "\n");
  216. }
  217. }
  218. static int check_ca_names(const char *name,
  219. STACK_OF(X509_NAME) *expected_names,
  220. STACK_OF(X509_NAME) *names)
  221. {
  222. int i;
  223. if (expected_names == NULL)
  224. return 1;
  225. if (names == NULL || sk_X509_NAME_num(names) == 0) {
  226. if (TEST_int_eq(sk_X509_NAME_num(expected_names), 0))
  227. return 1;
  228. goto err;
  229. }
  230. if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names))
  231. goto err;
  232. for (i = 0; i < sk_X509_NAME_num(names); i++) {
  233. if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i),
  234. sk_X509_NAME_value(expected_names, i)),
  235. 0)) {
  236. goto err;
  237. }
  238. }
  239. return 1;
  240. err:
  241. TEST_info("%s: list mismatch", name);
  242. TEST_note("Expected Names:");
  243. print_ca_names(expected_names);
  244. TEST_note("Received Names:");
  245. print_ca_names(names);
  246. return 0;
  247. }
  248. static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  249. {
  250. return check_nid("Tmp key", test_ctx->expected_tmp_key_type,
  251. result->tmp_key_type);
  252. }
  253. static int check_server_cert_type(HANDSHAKE_RESULT *result,
  254. SSL_TEST_CTX *test_ctx)
  255. {
  256. return check_nid("Server certificate", test_ctx->expected_server_cert_type,
  257. result->server_cert_type);
  258. }
  259. static int check_server_sign_hash(HANDSHAKE_RESULT *result,
  260. SSL_TEST_CTX *test_ctx)
  261. {
  262. return check_nid("Server signing hash", test_ctx->expected_server_sign_hash,
  263. result->server_sign_hash);
  264. }
  265. static int check_server_sign_type(HANDSHAKE_RESULT *result,
  266. SSL_TEST_CTX *test_ctx)
  267. {
  268. return check_nid("Server signing", test_ctx->expected_server_sign_type,
  269. result->server_sign_type);
  270. }
  271. static int check_server_ca_names(HANDSHAKE_RESULT *result,
  272. SSL_TEST_CTX *test_ctx)
  273. {
  274. return check_ca_names("Server CA names",
  275. test_ctx->expected_server_ca_names,
  276. result->server_ca_names);
  277. }
  278. static int check_client_cert_type(HANDSHAKE_RESULT *result,
  279. SSL_TEST_CTX *test_ctx)
  280. {
  281. return check_nid("Client certificate", test_ctx->expected_client_cert_type,
  282. result->client_cert_type);
  283. }
  284. static int check_client_sign_hash(HANDSHAKE_RESULT *result,
  285. SSL_TEST_CTX *test_ctx)
  286. {
  287. return check_nid("Client signing hash", test_ctx->expected_client_sign_hash,
  288. result->client_sign_hash);
  289. }
  290. static int check_client_sign_type(HANDSHAKE_RESULT *result,
  291. SSL_TEST_CTX *test_ctx)
  292. {
  293. return check_nid("Client signing", test_ctx->expected_client_sign_type,
  294. result->client_sign_type);
  295. }
  296. static int check_client_ca_names(HANDSHAKE_RESULT *result,
  297. SSL_TEST_CTX *test_ctx)
  298. {
  299. return check_ca_names("Client CA names",
  300. test_ctx->expected_client_ca_names,
  301. result->client_ca_names);
  302. }
  303. static int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  304. {
  305. if (test_ctx->expected_cipher == NULL)
  306. return 1;
  307. if (!TEST_ptr(result->cipher))
  308. return 0;
  309. if (!TEST_str_eq(test_ctx->expected_cipher,
  310. result->cipher))
  311. return 0;
  312. return 1;
  313. }
  314. /*
  315. * This could be further simplified by constructing an expected
  316. * HANDSHAKE_RESULT, and implementing comparison methods for
  317. * its fields.
  318. */
  319. static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  320. {
  321. int ret = 1;
  322. ret &= check_result(result, test_ctx);
  323. ret &= check_alerts(result, test_ctx);
  324. if (result->result == SSL_TEST_SUCCESS) {
  325. ret &= check_protocol(result, test_ctx);
  326. ret &= check_servername(result, test_ctx);
  327. ret &= check_session_ticket(result, test_ctx);
  328. ret &= check_compression(result, test_ctx);
  329. ret &= check_session_id(result, test_ctx);
  330. ret &= (result->session_ticket_do_not_call == 0);
  331. #ifndef OPENSSL_NO_NEXTPROTONEG
  332. ret &= check_npn(result, test_ctx);
  333. #endif
  334. ret &= check_cipher(result, test_ctx);
  335. ret &= check_alpn(result, test_ctx);
  336. ret &= check_session_ticket_app_data(result, test_ctx);
  337. ret &= check_resumption(result, test_ctx);
  338. ret &= check_tmp_key(result, test_ctx);
  339. ret &= check_server_cert_type(result, test_ctx);
  340. ret &= check_server_sign_hash(result, test_ctx);
  341. ret &= check_server_sign_type(result, test_ctx);
  342. ret &= check_server_ca_names(result, test_ctx);
  343. ret &= check_client_cert_type(result, test_ctx);
  344. ret &= check_client_sign_hash(result, test_ctx);
  345. ret &= check_client_sign_type(result, test_ctx);
  346. ret &= check_client_ca_names(result, test_ctx);
  347. }
  348. return ret;
  349. }
  350. static int test_handshake(int idx)
  351. {
  352. int ret = 0;
  353. SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
  354. *resume_server_ctx = NULL, *resume_client_ctx = NULL;
  355. SSL_TEST_CTX *test_ctx = NULL;
  356. HANDSHAKE_RESULT *result = NULL;
  357. char test_app[MAX_TESTCASE_NAME_LENGTH];
  358. BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx);
  359. test_ctx = SSL_TEST_CTX_create(conf, test_app);
  360. if (!TEST_ptr(test_ctx))
  361. goto err;
  362. #ifndef OPENSSL_NO_DTLS
  363. if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
  364. server_ctx = SSL_CTX_new(DTLS_server_method());
  365. if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
  366. goto err;
  367. if (test_ctx->extra.server.servername_callback !=
  368. SSL_TEST_SERVERNAME_CB_NONE) {
  369. if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method())))
  370. goto err;
  371. }
  372. client_ctx = SSL_CTX_new(DTLS_client_method());
  373. if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
  374. goto err;
  375. if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
  376. resume_server_ctx = SSL_CTX_new(DTLS_server_method());
  377. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
  378. goto err;
  379. resume_client_ctx = SSL_CTX_new(DTLS_client_method());
  380. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
  381. goto err;
  382. if (!TEST_ptr(resume_server_ctx)
  383. || !TEST_ptr(resume_client_ctx))
  384. goto err;
  385. }
  386. }
  387. #endif
  388. if (test_ctx->method == SSL_TEST_METHOD_TLS) {
  389. server_ctx = SSL_CTX_new(TLS_server_method());
  390. if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
  391. goto err;
  392. /* SNI on resumption isn't supported/tested yet. */
  393. if (test_ctx->extra.server.servername_callback !=
  394. SSL_TEST_SERVERNAME_CB_NONE) {
  395. if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
  396. goto err;
  397. if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, 0)))
  398. goto err;
  399. }
  400. client_ctx = SSL_CTX_new(TLS_client_method());
  401. if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
  402. goto err;
  403. if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
  404. resume_server_ctx = SSL_CTX_new(TLS_server_method());
  405. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
  406. goto err;
  407. resume_client_ctx = SSL_CTX_new(TLS_client_method());
  408. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
  409. goto err;
  410. if (!TEST_ptr(resume_server_ctx)
  411. || !TEST_ptr(resume_client_ctx))
  412. goto err;
  413. }
  414. }
  415. #ifdef OPENSSL_NO_AUTOLOAD_CONFIG
  416. if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)))
  417. goto err;
  418. #endif
  419. if (!TEST_ptr(server_ctx)
  420. || !TEST_ptr(client_ctx)
  421. || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0))
  422. goto err;
  423. if (!SSL_CTX_config(server_ctx, "server")
  424. || !SSL_CTX_config(client_ctx, "client")) {
  425. goto err;
  426. }
  427. if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
  428. goto err;
  429. if (resume_server_ctx != NULL
  430. && !SSL_CTX_config(resume_server_ctx, "resume-server"))
  431. goto err;
  432. if (resume_client_ctx != NULL
  433. && !SSL_CTX_config(resume_client_ctx, "resume-client"))
  434. goto err;
  435. result = do_handshake(server_ctx, server2_ctx, client_ctx,
  436. resume_server_ctx, resume_client_ctx, test_ctx);
  437. if (result != NULL)
  438. ret = check_test(result, test_ctx);
  439. err:
  440. CONF_modules_unload(0);
  441. SSL_CTX_free(server_ctx);
  442. SSL_CTX_free(server2_ctx);
  443. SSL_CTX_free(client_ctx);
  444. SSL_CTX_free(resume_server_ctx);
  445. SSL_CTX_free(resume_client_ctx);
  446. SSL_TEST_CTX_free(test_ctx);
  447. HANDSHAKE_RESULT_free(result);
  448. return ret;
  449. }
  450. OPT_TEST_DECLARE_USAGE("conf_file\n")
  451. int setup_tests(void)
  452. {
  453. long num_tests;
  454. if (!TEST_ptr(conf = NCONF_new(NULL))
  455. /* argv[1] should point to the test conf file */
  456. || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)
  457. || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests",
  458. &num_tests), 0))
  459. return 0;
  460. ADD_ALL_TESTS(test_handshake, (int)num_tests);
  461. return 1;
  462. }
  463. void cleanup_tests(void)
  464. {
  465. NCONF_free(conf);
  466. }