2016-03-17 14:14:30 +00:00
|
|
|
/*
|
|
|
|
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
*
|
2016-05-17 18:20:24 +00:00
|
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
2016-03-17 14:14:30 +00:00
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef HEADER_SSL_TEST_CTX_H
|
|
|
|
#define HEADER_SSL_TEST_CTX_H
|
|
|
|
|
|
|
|
#include <openssl/conf.h>
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
|
|
|
|
typedef enum {
|
2016-04-07 17:07:50 +00:00
|
|
|
SSL_TEST_SUCCESS = 0, /* Default */
|
2016-03-17 14:14:30 +00:00
|
|
|
SSL_TEST_SERVER_FAIL,
|
|
|
|
SSL_TEST_CLIENT_FAIL,
|
2016-07-05 17:06:23 +00:00
|
|
|
SSL_TEST_INTERNAL_ERROR,
|
|
|
|
/* Couldn't test resumption/renegotiation: original handshake failed. */
|
|
|
|
SSL_TEST_FIRST_HANDSHAKE_FAILED
|
2016-03-17 14:14:30 +00:00
|
|
|
} ssl_test_result_t;
|
|
|
|
|
2016-04-07 17:07:50 +00:00
|
|
|
typedef enum {
|
|
|
|
SSL_TEST_VERIFY_NONE = 0, /* Default */
|
|
|
|
SSL_TEST_VERIFY_ACCEPT_ALL,
|
|
|
|
SSL_TEST_VERIFY_REJECT_ALL
|
|
|
|
} ssl_verify_callback_t;
|
|
|
|
|
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.
However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:
1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.
To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.
Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
2016-05-12 22:16:52 +00:00
|
|
|
typedef enum {
|
2016-06-09 22:39:22 +00:00
|
|
|
SSL_TEST_SERVERNAME_NONE = 0, /* Default */
|
|
|
|
SSL_TEST_SERVERNAME_SERVER1,
|
2016-06-20 15:20:25 +00:00
|
|
|
SSL_TEST_SERVERNAME_SERVER2,
|
|
|
|
SSL_TEST_SERVERNAME_INVALID
|
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.
However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:
1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.
To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.
Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
2016-05-12 22:16:52 +00:00
|
|
|
} ssl_servername_t;
|
|
|
|
|
2016-06-20 15:20:25 +00:00
|
|
|
typedef enum {
|
|
|
|
SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */
|
|
|
|
SSL_TEST_SERVERNAME_IGNORE_MISMATCH,
|
2017-01-31 22:06:30 +00:00
|
|
|
SSL_TEST_SERVERNAME_REJECT_MISMATCH,
|
|
|
|
SSL_TEST_SERVERNAME_EARLY_IGNORE_MISMATCH,
|
|
|
|
SSL_TEST_SERVERNAME_EARLY_REJECT_MISMATCH,
|
|
|
|
SSL_TEST_SERVERNAME_EARLY_NO_V12
|
2016-06-20 15:20:25 +00:00
|
|
|
} ssl_servername_callback_t;
|
|
|
|
|
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.
However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:
1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.
To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.
Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
2016-05-12 22:16:52 +00:00
|
|
|
typedef enum {
|
|
|
|
SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */
|
|
|
|
SSL_TEST_SESSION_TICKET_YES,
|
|
|
|
SSL_TEST_SESSION_TICKET_NO,
|
2016-06-16 18:49:37 +00:00
|
|
|
SSL_TEST_SESSION_TICKET_BROKEN /* Special test */
|
2016-06-09 22:39:22 +00:00
|
|
|
} ssl_session_ticket_t;
|
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.
However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:
1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.
To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.
Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
2016-05-12 22:16:52 +00:00
|
|
|
|
2017-03-01 12:11:51 +00:00
|
|
|
typedef enum {
|
|
|
|
SSL_TEST_COMPRESSION_NO = 0, /* Default */
|
|
|
|
SSL_TEST_COMPRESSION_YES
|
|
|
|
} ssl_compression_t;
|
|
|
|
|
2016-06-03 15:49:04 +00:00
|
|
|
typedef enum {
|
|
|
|
SSL_TEST_METHOD_TLS = 0, /* Default */
|
2016-06-16 18:49:37 +00:00
|
|
|
SSL_TEST_METHOD_DTLS
|
2016-06-03 15:49:04 +00:00
|
|
|
} ssl_test_method_t;
|
|
|
|
|
2016-07-05 17:06:23 +00:00
|
|
|
typedef enum {
|
|
|
|
SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */
|
|
|
|
SSL_TEST_HANDSHAKE_RESUME,
|
2016-09-27 10:50:43 +00:00
|
|
|
SSL_TEST_HANDSHAKE_RENEG_SERVER,
|
2017-02-15 09:25:52 +00:00
|
|
|
SSL_TEST_HANDSHAKE_RENEG_CLIENT,
|
|
|
|
SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER,
|
|
|
|
SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT
|
2016-07-05 17:06:23 +00:00
|
|
|
} ssl_handshake_mode_t;
|
|
|
|
|
2016-08-09 14:47:26 +00:00
|
|
|
typedef enum {
|
|
|
|
SSL_TEST_CT_VALIDATION_NONE = 0, /* Default */
|
|
|
|
SSL_TEST_CT_VALIDATION_PERMISSIVE,
|
|
|
|
SSL_TEST_CT_VALIDATION_STRICT
|
|
|
|
} ssl_ct_validation_t;
|
2016-08-30 13:20:18 +00:00
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
SSL_TEST_CERT_STATUS_NONE = 0, /* Default */
|
|
|
|
SSL_TEST_CERT_STATUS_GOOD_RESPONSE,
|
|
|
|
SSL_TEST_CERT_STATUS_BAD_RESPONSE
|
|
|
|
} ssl_cert_status_t;
|
2017-03-14 12:48:54 +00:00
|
|
|
|
2016-07-21 14:29:48 +00:00
|
|
|
/*
|
|
|
|
* Server/client settings that aren't supported by the SSL CONF library,
|
|
|
|
* such as callbacks.
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
/* One of a number of predefined custom callbacks. */
|
|
|
|
ssl_verify_callback_t verify_callback;
|
|
|
|
/* One of a number of predefined server names use by the client */
|
|
|
|
ssl_servername_t servername;
|
|
|
|
/* Supported NPN and ALPN protocols. A comma-separated list. */
|
|
|
|
char *npn_protocols;
|
|
|
|
char *alpn_protocols;
|
2016-08-09 14:47:26 +00:00
|
|
|
ssl_ct_validation_t ct_validation;
|
2017-02-03 11:21:07 +00:00
|
|
|
/* Ciphersuites to set on a renegotiation */
|
|
|
|
char *reneg_ciphers;
|
2017-03-14 12:48:54 +00:00
|
|
|
char *srp_user;
|
|
|
|
char *srp_password;
|
2016-07-21 14:29:48 +00:00
|
|
|
} SSL_TEST_CLIENT_CONF;
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
/* SNI callback (server-side). */
|
|
|
|
ssl_servername_callback_t servername_callback;
|
|
|
|
/* Supported NPN and ALPN protocols. A comma-separated list. */
|
|
|
|
char *npn_protocols;
|
|
|
|
char *alpn_protocols;
|
|
|
|
/* Whether to set a broken session ticket callback. */
|
|
|
|
int broken_session_ticket;
|
2016-08-30 13:20:18 +00:00
|
|
|
/* Should we send a CertStatus message? */
|
|
|
|
ssl_cert_status_t cert_status;
|
2017-03-14 12:48:54 +00:00
|
|
|
/* An SRP user known to the server. */
|
|
|
|
char *srp_user;
|
|
|
|
char *srp_password;
|
2016-07-21 14:29:48 +00:00
|
|
|
} SSL_TEST_SERVER_CONF;
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
SSL_TEST_CLIENT_CONF client;
|
|
|
|
SSL_TEST_SERVER_CONF server;
|
|
|
|
SSL_TEST_SERVER_CONF server2;
|
|
|
|
} SSL_TEST_EXTRA_CONF;
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
/*
|
|
|
|
* Global test configuration. Does not change between handshakes.
|
|
|
|
*/
|
|
|
|
/* Whether the server/client CTX should use DTLS or TLS. */
|
|
|
|
ssl_test_method_t method;
|
|
|
|
/* Whether to test a resumed/renegotiated handshake. */
|
|
|
|
ssl_handshake_mode_t handshake_mode;
|
2016-08-11 18:51:57 +00:00
|
|
|
/*
|
|
|
|
* How much application data to exchange (default is 256 bytes).
|
|
|
|
* Both peers will send |app_data_size| bytes interleaved.
|
|
|
|
*/
|
|
|
|
int app_data_size;
|
2016-08-16 13:11:08 +00:00
|
|
|
/* Maximum send fragment size. */
|
|
|
|
int max_fragment_size;
|
2017-02-15 09:25:52 +00:00
|
|
|
/* KeyUpdate type */
|
2017-02-16 17:04:40 +00:00
|
|
|
int key_update_type;
|
2016-07-21 14:29:48 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Extra server/client configurations. Per-handshake.
|
|
|
|
*/
|
|
|
|
/* First handshake. */
|
|
|
|
SSL_TEST_EXTRA_CONF extra;
|
|
|
|
/* Resumed handshake. */
|
|
|
|
SSL_TEST_EXTRA_CONF resume_extra;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Test expectations. These apply to the LAST handshake.
|
|
|
|
*/
|
2016-03-17 14:14:30 +00:00
|
|
|
/* Defaults to SUCCESS. */
|
|
|
|
ssl_test_result_t expected_result;
|
|
|
|
/* Alerts. 0 if no expectation. */
|
|
|
|
/* See ssl.h for alert codes. */
|
|
|
|
/* Alert sent by the client / received by the server. */
|
2016-07-21 14:29:48 +00:00
|
|
|
int expected_client_alert;
|
2016-03-17 14:14:30 +00:00
|
|
|
/* Alert sent by the server / received by the client. */
|
2016-07-21 14:29:48 +00:00
|
|
|
int expected_server_alert;
|
2016-03-17 14:14:30 +00:00
|
|
|
/* Negotiated protocol version. 0 if no expectation. */
|
|
|
|
/* See ssl.h for protocol versions. */
|
2016-07-21 14:29:48 +00:00
|
|
|
int expected_protocol;
|
2016-06-20 15:20:25 +00:00
|
|
|
/*
|
|
|
|
* The expected SNI context to use.
|
|
|
|
* We test server-side that the server switched to the expected context.
|
|
|
|
* Set by the callback upon success, so if the callback wasn't called or
|
|
|
|
* terminated with an alert, the servername will match with
|
|
|
|
* SSL_TEST_SERVERNAME_NONE.
|
|
|
|
* Note: in the event that the servername was accepted, the client should
|
|
|
|
* also receive an empty SNI extension back but we have no way of probing
|
|
|
|
* client-side via the API that this was the case.
|
|
|
|
*/
|
|
|
|
ssl_servername_t expected_servername;
|
2016-06-09 22:39:22 +00:00
|
|
|
ssl_session_ticket_t session_ticket_expected;
|
2017-03-02 13:41:10 +00:00
|
|
|
int compression_expected;
|
2016-07-21 14:29:48 +00:00
|
|
|
/* The expected NPN/ALPN protocol to negotiate. */
|
2016-07-04 18:16:14 +00:00
|
|
|
char *expected_npn_protocol;
|
|
|
|
char *expected_alpn_protocol;
|
2016-07-05 17:06:23 +00:00
|
|
|
/* Whether the second handshake is resumed or a full handshake (boolean). */
|
|
|
|
int resumption_expected;
|
2017-01-08 00:09:08 +00:00
|
|
|
/* Expected temporary key type */
|
|
|
|
int expected_tmp_key_type;
|
2017-01-08 19:30:41 +00:00
|
|
|
/* Expected server certificate key type */
|
|
|
|
int expected_server_cert_type;
|
2017-01-13 15:20:42 +00:00
|
|
|
/* Expected server signing hash */
|
|
|
|
int expected_server_sign_hash;
|
2017-01-27 15:06:16 +00:00
|
|
|
/* Expected server signature type */
|
|
|
|
int expected_server_sign_type;
|
2017-01-08 19:30:41 +00:00
|
|
|
/* Expected client certificate key type */
|
|
|
|
int expected_client_cert_type;
|
2017-01-13 15:20:42 +00:00
|
|
|
/* Expected client signing hash */
|
|
|
|
int expected_client_sign_hash;
|
2017-01-27 15:06:16 +00:00
|
|
|
/* Expected client signature type */
|
|
|
|
int expected_client_sign_type;
|
2016-03-17 14:14:30 +00:00
|
|
|
} SSL_TEST_CTX;
|
|
|
|
|
2016-04-07 17:07:50 +00:00
|
|
|
const char *ssl_test_result_name(ssl_test_result_t result);
|
2016-03-17 14:14:30 +00:00
|
|
|
const char *ssl_alert_name(int alert);
|
|
|
|
const char *ssl_protocol_name(int protocol);
|
2016-04-07 17:07:50 +00:00
|
|
|
const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback);
|
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.
However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:
1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.
To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.
Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
2016-05-12 22:16:52 +00:00
|
|
|
const char *ssl_servername_name(ssl_servername_t server);
|
2016-06-20 15:20:25 +00:00
|
|
|
const char *ssl_servername_callback_name(ssl_servername_callback_t
|
|
|
|
servername_callback);
|
2016-06-09 22:39:22 +00:00
|
|
|
const char *ssl_session_ticket_name(ssl_session_ticket_t server);
|
2016-06-03 15:49:04 +00:00
|
|
|
const char *ssl_test_method_name(ssl_test_method_t method);
|
2016-07-05 17:06:23 +00:00
|
|
|
const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode);
|
2016-08-09 14:47:26 +00:00
|
|
|
const char *ssl_ct_validation_name(ssl_ct_validation_t mode);
|
2016-08-30 13:20:18 +00:00
|
|
|
const char *ssl_certstatus_name(ssl_cert_status_t cert_status);
|
2016-03-17 14:14:30 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Load the test case context from |conf|.
|
2016-07-21 14:29:48 +00:00
|
|
|
* See test/README.ssltest.md for details on the conf file format.
|
2016-03-17 14:14:30 +00:00
|
|
|
*/
|
|
|
|
SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section);
|
|
|
|
|
|
|
|
SSL_TEST_CTX *SSL_TEST_CTX_new(void);
|
|
|
|
|
|
|
|
void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx);
|
|
|
|
|
|
|
|
#endif /* HEADER_SSL_TEST_CTX_H */
|