2016-05-21 12:23:39 +00:00
|
|
|
#! /usr/bin/env perl
|
|
|
|
|
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the OpenSSL license (the "License"). You may not use
|
|
|
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
# in the file LICENSE in the source distribution or at
|
|
|
|
|
# https://www.openssl.org/source/license.html
|
2016-03-17 14:14:30 +00:00
|
|
|
|
|
|
|
|
## SSL testcase generator
|
|
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
|
|
use File::Basename;
|
|
|
|
|
use File::Spec::Functions;
|
|
|
|
|
|
|
|
|
|
use OpenSSL::Test qw/srctop_dir srctop_file/;
|
|
|
|
|
use OpenSSL::Test::Utils;
|
|
|
|
|
|
|
|
|
|
# This block needs to run before 'use lib srctop_dir' directives.
|
|
|
|
|
BEGIN {
|
|
|
|
|
OpenSSL::Test::setup("no_test_here");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
use lib srctop_dir("util"); # for with_fallback
|
|
|
|
|
use lib srctop_dir("test", "ssl-tests"); # for ssltests_base
|
|
|
|
|
|
|
|
|
|
use with_fallback qw(Text::Template);
|
|
|
|
|
|
|
|
|
|
use vars qw/@ISA/;
|
|
|
|
|
push (@ISA, qw/Text::Template/);
|
|
|
|
|
|
|
|
|
|
use ssltests_base;
|
|
|
|
|
|
|
|
|
|
sub print_templates {
|
|
|
|
|
my $source = srctop_file("test", "ssl_test.tmpl");
|
|
|
|
|
my $template = Text::Template->new(TYPE => 'FILE', SOURCE => $source);
|
|
|
|
|
|
|
|
|
|
print "# Generated with generate_ssl_tests.pl\n\n";
|
|
|
|
|
|
|
|
|
|
my $num = scalar @ssltests::tests;
|
|
|
|
|
|
|
|
|
|
# Add the implicit base configuration.
|
|
|
|
|
foreach my $test (@ssltests::tests) {
|
|
|
|
|
$test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) };
|
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.
However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:
1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.
To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.
Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
2016-05-12 22:16:52 +00:00
|
|
|
# use server values if server2 is not defined
|
|
|
|
|
if (defined $test->{"server2"}) {
|
|
|
|
|
$test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };
|
|
|
|
|
} else {
|
|
|
|
|
$test->{"server2"} = { (%ssltests::base_server, %{$test->{"server"}}) };
|
|
|
|
|
}
|
2016-03-17 14:14:30 +00:00
|
|
|
$test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# ssl_test expects to find a
|
|
|
|
|
#
|
|
|
|
|
# num_tests = n
|
|
|
|
|
#
|
|
|
|
|
# directive in the file. It'll then look for configuration directives
|
|
|
|
|
# for n tests, that each look like this:
|
|
|
|
|
#
|
|
|
|
|
# test-n = test-section
|
|
|
|
|
#
|
|
|
|
|
# [test-section]
|
|
|
|
|
# (SSL modules for client and server configuration go here.)
|
|
|
|
|
#
|
|
|
|
|
# [test-n]
|
|
|
|
|
# (Test configuration goes here.)
|
|
|
|
|
print "num_tests = $num\n\n";
|
|
|
|
|
|
|
|
|
|
# The conf module locations must come before everything else, because
|
|
|
|
|
# they look like
|
|
|
|
|
#
|
|
|
|
|
# test-n = test-section
|
|
|
|
|
#
|
|
|
|
|
# and you can't mix and match them with sections.
|
|
|
|
|
my $idx = 0;
|
|
|
|
|
|
|
|
|
|
foreach my $test (@ssltests::tests) {
|
|
|
|
|
my $testname = "${idx}-" . $test->{'name'};
|
|
|
|
|
print "test-$idx = $testname\n";
|
|
|
|
|
$idx++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$idx = 0;
|
|
|
|
|
|
|
|
|
|
foreach my $test (@ssltests::tests) {
|
|
|
|
|
my $testname = "${idx}-" . $test->{'name'};
|
|
|
|
|
my $text = $template->fill_in(
|
|
|
|
|
HASH => [{ idx => $idx, testname => $testname } , $test],
|
|
|
|
|
DELIMITERS => [ "{-", "-}" ]);
|
|
|
|
|
print "# ===========================================================\n\n";
|
|
|
|
|
print "$text\n";
|
|
|
|
|
$idx++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Shamelessly copied from Configure.
|
|
|
|
|
sub read_config {
|
|
|
|
|
my $fname = shift;
|
|
|
|
|
open(INPUT, "< $fname")
|
|
|
|
|
or die "Can't open input file '$fname'!\n";
|
|
|
|
|
local $/ = undef;
|
|
|
|
|
my $content = <INPUT>;
|
|
|
|
|
close(INPUT);
|
|
|
|
|
eval $content;
|
|
|
|
|
warn $@ if $@;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my $input_file = shift;
|
|
|
|
|
# Reads the tests into ssltests::tests.
|
|
|
|
|
read_config($input_file);
|
|
|
|
|
print_templates();
|
|
|
|
|
|
|
|
|
|
1;
|