diff options
Diffstat (limited to 'test/sslapitest.c')
-rw-r--r-- | test/sslapitest.c | 269 |
1 files changed, 230 insertions, 39 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 0b2d7b5e6d..31ba451117 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -713,14 +713,14 @@ static int full_client_hello_callback(SSL *s, int *al, void *arg) int *ctr = arg; const unsigned char *p; int *exts; - /* We only configure two ciphers, but the SCSV is added automatically. */ #ifdef OPENSSL_NO_EC - const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff}; + const unsigned char expected_ciphers[] = {0x00, 0x9d}; #else const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0, - 0x2c, 0x00, 0xff}; + 0x2c}; #endif const int expected_extensions[] = { + 65281, #ifndef OPENSSL_NO_EC 11, 10, #endif @@ -3375,6 +3375,16 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, static int artificial_ticket_time = 0; +static int sub_session_time(SSL_SESSION *sess) +{ + OSSL_TIME tick_time; + + tick_time = ossl_time_from_time_t(SSL_SESSION_get_time_ex(sess)); + tick_time = ossl_time_subtract(tick_time, ossl_seconds2time(10)); + + return SSL_SESSION_set_time_ex(sess, ossl_time_to_time_t(tick_time)) != 0; +} + static int ed_gen_cb(SSL *s, void *arg) { SSL_SESSION *sess = SSL_get0_session(s); @@ -3390,10 +3400,7 @@ static int ed_gen_cb(SSL *s, void *arg) return 1; artificial_ticket_time--; - if (SSL_SESSION_set_time_ex(sess, SSL_SESSION_get_time_ex(sess) - 10) == 0) - return 0; - - return 1; + return sub_session_time(sess); } /* @@ -3493,8 +3500,7 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, * gave it on the server side */ if (artificial - && !TEST_time_t_gt(SSL_SESSION_set_time_ex(*sess, - SSL_SESSION_get_time_ex(*sess) - 10), 0)) + && !TEST_true(sub_session_time(*sess))) return 0; if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, @@ -3505,6 +3511,25 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, return 1; } +static int check_early_data_timeout(OSSL_TIME timer) +{ + int res = 0; + + /* + * Early data is time sensitive. We have an approx 8 second allowance + * between writing the early data and reading it. If we exceed that time + * then this test will fail. This can sometimes (rarely) occur in normal CI + * operation. We can try and detect this and just ignore the result of this + * test if it has taken too long. We assume anything over 7 seconds is too + * long + */ + timer = ossl_time_subtract(ossl_time_now(), timer); + if (ossl_time_compare(timer, ossl_seconds2time(7)) >= 0) + res = TEST_skip("Test took too long, ignoring result"); + + return res; +} + static int test_early_data_read_write(int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; @@ -3514,6 +3539,7 @@ static int test_early_data_read_write(int idx) unsigned char buf[20], data[1024]; size_t readbytes, written, eoedlen, rawread, rawwritten; BIO *rbio; + OSSL_TIME timer; /* Artificially give the next 2 tickets some age for non PSK sessions */ if (idx != 2) @@ -3527,13 +3553,20 @@ static int test_early_data_read_write(int idx) artificial_ticket_time = 0; /* Write and read some early data */ + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) - || !TEST_size_t_eq(written, strlen(MSG1)) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, - sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) + || !TEST_size_t_eq(written, strlen(MSG1))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS)) { + testresult = check_early_data_timeout(timer); + goto end; + } + + if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) || !TEST_int_eq(SSL_get_early_data_status(serverssl), SSL_EARLY_DATA_ACCEPTED)) goto end; @@ -3750,6 +3783,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) SSL_SESSION *sess = NULL; size_t readbytes, written; unsigned char buf[20]; + OSSL_TIME timer; allow_ed_cb_called = 0; @@ -3804,6 +3838,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) goto end; /* Write and read some early data */ + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) || !TEST_size_t_eq(written, strlen(MSG1))) @@ -3824,8 +3859,11 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) /* In this case the callback decides to accept the early data */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) + SSL_READ_EARLY_DATA_SUCCESS)) { + testresult = check_early_data_timeout(timer); + goto end; + } + if (!TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) /* * Server will have sent its flight so client can now send * end of early data and complete its half of the handshake @@ -3877,7 +3915,13 @@ static const char *ciphersuites[] = { "TLS_AES_256_GCM_SHA384", "TLS_AES_128_CCM_SHA256", #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) - "TLS_CHACHA20_POLY1305_SHA256" + "TLS_CHACHA20_POLY1305_SHA256", +#else + NULL, +#endif +#if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) + "TLS_SHA256_SHA256", + "TLS_SHA384_SHA384" #endif }; @@ -3898,16 +3942,19 @@ static int early_data_skip_helper(int testtype, int cipher, int idx) unsigned char buf[20]; size_t readbytes, written; - if (is_fips && cipher == 4) + if (is_fips && cipher >= 4) return 1; + if (ciphersuites[cipher] == NULL) + return TEST_skip("Cipher not supported"); + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; - if (cipher == 0) { + if (cipher == 0 || cipher == 5 || cipher == 6) { SSL_CTX_set_security_level(sctx, 0); SSL_CTX_set_security_level(cctx, 0); } @@ -3918,8 +3965,9 @@ static int early_data_skip_helper(int testtype, int cipher, int idx) if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl, &sess, idx, - cipher == 2 ? SHA384_DIGEST_LENGTH - : SHA256_DIGEST_LENGTH))) + (cipher == 2 || cipher == 6) + ? SHA384_DIGEST_LENGTH + : SHA256_DIGEST_LENGTH))) goto end; if (testtype == 1 || testtype == 2) { @@ -4342,13 +4390,19 @@ static int test_early_data_psk(int idx) || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err)) goto end; } else { + OSSL_TIME timer = ossl_time_now(); + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written))) goto end; if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), readearlyres) - || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS + &readbytes), readearlyres)) { + testresult = check_early_data_timeout(timer); + goto end; + } + + if ((readearlyres == SSL_READ_EARLY_DATA_SUCCESS && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus) || !TEST_int_eq(SSL_connect(clientssl), connectres)) @@ -4370,12 +4424,14 @@ static int test_early_data_psk(int idx) } /* - * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites + * Test TLSv1.3 PSK can be used to send early_data with all 7 ciphersuites * idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256 * idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384 * idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256, * idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256 * idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256 + * idx == 5: Test with TLS1_3_RFC_SHA256_SHA256 + * idx == 6: Test with TLS1_3_RFC_SHA384_SHA384 */ static int test_early_data_psk_with_all_ciphers(int idx) { @@ -4386,6 +4442,7 @@ static int test_early_data_psk_with_all_ciphers(int idx) unsigned char buf[20]; size_t readbytes, written; const SSL_CIPHER *cipher; + OSSL_TIME timer; const char *cipher_str[] = { TLS1_3_RFC_AES_128_GCM_SHA256, TLS1_3_RFC_AES_256_GCM_SHA384, @@ -4395,7 +4452,14 @@ static int test_early_data_psk_with_all_ciphers(int idx) NULL, # endif TLS1_3_RFC_AES_128_CCM_SHA256, - TLS1_3_RFC_AES_128_CCM_8_SHA256 + TLS1_3_RFC_AES_128_CCM_8_SHA256, +# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) + TLS1_3_RFC_SHA256_SHA256, + TLS1_3_RFC_SHA384_SHA384 +#else + NULL, + NULL +#endif }; const unsigned char *cipher_bytes[] = { TLS13_AES_128_GCM_SHA256_BYTES, @@ -4406,13 +4470,23 @@ static int test_early_data_psk_with_all_ciphers(int idx) NULL, # endif TLS13_AES_128_CCM_SHA256_BYTES, - TLS13_AES_128_CCM_8_SHA256_BYTES + TLS13_AES_128_CCM_8_SHA256_BYTES, +# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) + TLS13_SHA256_SHA256_BYTES, + TLS13_SHA384_SHA384_BYTES +#else + NULL, + NULL +#endif }; if (cipher_str[idx] == NULL) return 1; - /* Skip ChaCha20Poly1305 as currently FIPS module does not support it */ - if (idx == 2 && is_fips == 1) + /* + * Skip ChaCha20Poly1305 and TLS_SHA{256,384}_SHA{256,384} ciphers + * as currently FIPS module does not support them. + */ + if ((idx == 2 || idx == 5 || idx == 6) && is_fips == 1) return 1; /* We always set this up with a final parameter of "2" for PSK */ @@ -4421,8 +4495,11 @@ static int test_early_data_psk_with_all_ciphers(int idx) SHA384_DIGEST_LENGTH))) goto end; - if (idx == 4) { - /* CCM8 ciphers are considered low security due to their short tag */ + if (idx == 4 || idx == 5 || idx == 6) { + /* + * CCM8 ciphers are considered low security due to their short tag. + * Integrity-only cipher do not provide any confidentiality. + */ SSL_set_security_level(clientssl, 0); SSL_set_security_level(serverssl, 0); } @@ -4443,14 +4520,19 @@ static int test_early_data_psk_with_all_ciphers(int idx) goto end; SSL_set_connect_state(clientssl); + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written))) goto end; if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + SSL_READ_EARLY_DATA_SUCCESS)) { + testresult = check_early_data_timeout(timer); + goto end; + } + + if (!TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) || !TEST_int_eq(SSL_get_early_data_status(serverssl), SSL_EARLY_DATA_ACCEPTED) || !TEST_int_eq(SSL_connect(clientssl), 1) @@ -4898,10 +4980,14 @@ static int test_key_exchange(int idx) break; # ifndef OPENSSL_NO_ECX case 4: + if (is_fips) + return TEST_skip("X25519 might not be supported by fips provider."); kexch_alg = NID_X25519; kexch_name0 = "x25519"; break; case 5: + if (is_fips) + return TEST_skip("X448 might not be supported by fips provider."); kexch_alg = NID_X448; kexch_name0 = "x448"; break; @@ -5120,6 +5206,9 @@ static int test_negotiated_group(int idx) else expectednid = kexch_alg; + if (is_fips && (kexch_alg == NID_X25519 || kexch_alg == NID_X448)) + return TEST_skip("X25519 and X448 might not be available in fips provider."); + if (!istls13) max_version = TLS1_2_VERSION; @@ -5268,7 +5357,12 @@ static int test_tls13_ciphersuite(int idx) # endif /* CCM8 ciphers are considered low security due to their short tag */ { TLS1_3_RFC_AES_128_CCM_8_SHA256 - ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 } + ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 }, +# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) + /* Integrity-only cipher do not provide any confidentiality */ + { TLS1_3_RFC_SHA256_SHA256, 0, 1 }, + { TLS1_3_RFC_SHA384_SHA384, 0, 1 } +# endif }; const char *t13_cipher = NULL; const char *t12_cipher = NULL; @@ -7766,6 +7860,7 @@ static int test_info_callback(int tst) SSL_SESSION *sess = NULL; size_t written, readbytes; unsigned char buf[80]; + OSSL_TIME timer; /* early_data tests */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, @@ -7780,13 +7875,20 @@ static int test_info_callback(int tst) sslapi_info_callback); /* Write and read some early data and then complete the connection */ + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) - || !TEST_size_t_eq(written, strlen(MSG1)) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, - sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) + || !TEST_size_t_eq(written, strlen(MSG1))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, + sizeof(buf), &readbytes), + SSL_READ_EARLY_DATA_SUCCESS)) { + testresult = check_early_data_timeout(timer); + goto end; + } + + if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) || !TEST_int_eq(SSL_get_early_data_status(serverssl), SSL_EARLY_DATA_ACCEPTED) || !TEST_true(create_ssl_connection(serverssl, clientssl, @@ -10063,6 +10165,94 @@ static int test_ssl_dup(void) return testresult; } +static int secret_cb(SSL *s, void *secretin, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg) +{ + int i; + unsigned char *secret = secretin; + + /* Just use a fixed master secret */ + for (i = 0; i < *secret_len; i++) + secret[i] = 0xff; + + /* We don't set a preferred cipher */ + + return 1; +} + +/* + * Test the session_secret_cb which is designed for use with EAP-FAST + */ +static int test_session_secret_cb(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *secret_sess = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + 0, + 0, + &sctx, &cctx, cert, privkey))) + goto end; + + /* Create an initial connection and save the session */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* session_secret_cb does not support TLSv1.3 */ + if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (!TEST_ptr(secret_sess = SSL_get1_session(clientssl))) + goto end; + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + + /* Resume the earlier session */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* + * No session ids for EAP-FAST - otherwise the state machine gets very + * confused. + */ + if (!TEST_true(SSL_SESSION_set1_id(secret_sess, NULL, 0))) + goto end; + + if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_session_secret_cb(serverssl, secret_cb, + NULL)) + || !TEST_true(SSL_set_session_secret_cb(clientssl, secret_cb, + NULL)) + || !TEST_true(SSL_set_session(clientssl, secret_sess))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(secret_sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + # ifndef OPENSSL_NO_DH static EVP_PKEY *tmp_dh_params = NULL; @@ -12006,7 +12196,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_early_data_skip_abort, OSSL_NELEM(ciphersuites) * 3); ADD_ALL_TESTS(test_early_data_not_sent, 3); ADD_ALL_TESTS(test_early_data_psk, 8); - ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5); + ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 7); ADD_ALL_TESTS(test_early_data_not_expected, 3); # ifndef OPENSSL_NO_TLS1_2 ADD_ALL_TESTS(test_early_data_tls1_2, 3); @@ -12086,6 +12276,7 @@ int setup_tests(void) #endif #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_ssl_dup); + ADD_TEST(test_session_secret_cb); # ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_set_tmp_dh, 11); ADD_ALL_TESTS(test_dh_auto, 7); |