X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fsslapitest.c;h=4b510eb3f7fed50f4a49d1a80125a211a68d28a6;hp=bc1f006a9570d0e67e2775f8147b87c7a3f4e626;hb=2d9007587c5072a513c84f22db7be55767b4c63d;hpb=7cb8fb07e8b71dc1fdcb0de10af7fed4347f6ea4 diff --git a/test/sslapitest.c b/test/sslapitest.c index bc1f006a95..4b510eb3f7 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -45,6 +45,7 @@ static int find_session_cb_cnt = 0; static SSL_SESSION *create_a_psk(SSL *ssl); #endif +static char *certsdir = NULL; static char *cert = NULL; static char *privkey = NULL; static char *srpvfile = NULL; @@ -3742,50 +3743,92 @@ static int test_ciphersuite_change(void) /* * Test TLSv1.3 Key exchange - * Test 0 = Test ECDHE Key exchange - * Test 1 = Test ECDHE with TLSv1.2 client and TLSv1.2 server - * Test 2 = Test FFDHE Key exchange - * Test 3 = Test FFDHE with TLSv1.2 client and TLSv1.2 server + * Test 0 = Test all ECDHE Key exchange with TLSv1.3 client and server + * Test 1 = Test NID_X9_62_prime256v1 with TLSv1.3 client and server + * Test 2 = Test NID_secp384r1 with TLSv1.3 client and server + * Test 3 = Test NID_secp521r1 with TLSv1.3 client and server + * Test 4 = Test NID_X25519 with TLSv1.3 client and server + * Test 5 = Test NID_X448 with TLSv1.3 client and server + * Test 6 = Test all FFDHE Key exchange with TLSv1.3 client and server + * Test 7 = Test NID_ffdhe2048 with TLSv1.3 client and server + * Test 8 = Test NID_ffdhe3072 with TLSv1.3 client and server + * Test 9 = Test NID_ffdhe4096 with TLSv1.3 client and server + * Test 10 = Test NID_ffdhe6144 with TLSv1.3 client and server + * Test 11 = Test NID_ffdhe8192 with TLSv1.3 client and server + * Test 12 = Test all ECDHE with TLSv1.2 client and server + * Test 13 = Test all FFDHE with TLSv1.2 client and server */ -static int test_tls13_key_exchange(int idx) +static int test_key_exchange(int idx) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl = NULL, *clientssl = NULL; int testresult = 0; -#ifndef OPENSSL_NO_EC - int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, - NID_X25519, NID_X448}; -#endif -#ifndef OPENSSL_NO_DH +# ifndef OPENSSL_NO_EC + int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1, + NID_secp521r1, NID_X25519, NID_X448}; +# endif +# ifndef OPENSSL_NO_DH int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, NID_ffdhe6144, NID_ffdhe8192}; -#endif - int *kexch_groups = NULL; - int kexch_groups_size = 0; +# endif + int kexch_alg; + int *kexch_groups = &kexch_alg; + int kexch_groups_size = 1; int max_version = TLS1_3_VERSION; - int want_err = SSL_ERROR_NONE; - int expected_err_func = 0; - int expected_err_reason = 0; switch (idx) { -#ifndef OPENSSL_NO_DH - case 3: +# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_TLS1_2 + case 12: max_version = TLS1_2_VERSION; +# endif /* Fall through */ - case 2: - kexch_groups = ffdhe_kexch_groups; - kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups); + case 0: + kexch_groups = ecdhe_kexch_groups; + kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups); break; -#endif -#ifndef OPENSSL_NO_EC case 1: + kexch_alg = NID_X9_62_prime256v1; + break; + case 2: + kexch_alg = NID_secp384r1; + break; + case 3: + kexch_alg = NID_secp521r1; + break; + case 4: + kexch_alg = NID_X25519; + break; + case 5: + kexch_alg = NID_X448; + break; +# endif +# ifndef OPENSSL_NO_DH +# ifndef OPENSSL_NO_TLS1_2 + case 13: max_version = TLS1_2_VERSION; +# endif /* Fall through */ - case 0: - kexch_groups = ecdhe_kexch_groups; - kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups); + case 6: + kexch_groups = ffdhe_kexch_groups; + kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups); break; -#endif + case 7: + kexch_alg = NID_ffdhe2048; + break; + case 8: + kexch_alg = NID_ffdhe3072; + break; + case 9: + kexch_alg = NID_ffdhe4096; + break; + case 10: + kexch_alg = NID_ffdhe6144; + break; + case 11: + kexch_alg = NID_ffdhe8192; + break; +# endif default: /* We're skipping this test */ return 1; @@ -3796,23 +3839,28 @@ static int test_tls13_key_exchange(int idx) &sctx, &cctx, cert, privkey))) goto end; - if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, TLS1_3_RFC_AES_128_GCM_SHA256))) + if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, + TLS1_3_RFC_AES_128_GCM_SHA256))) goto end; - if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, TLS1_3_RFC_AES_128_GCM_SHA256))) + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, + TLS1_3_RFC_AES_128_GCM_SHA256))) goto end; - if (!TEST_true(SSL_CTX_set_cipher_list(sctx, TLS1_TXT_RSA_WITH_AES_128_SHA))) + if (!TEST_true(SSL_CTX_set_cipher_list(sctx, + TLS1_TXT_RSA_WITH_AES_128_SHA))) goto end; /* * Must include an EC ciphersuite so that we send supported groups in * TLSv1.2 */ +# ifndef OPENSSL_NO_TLS1_2 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM ":" TLS1_TXT_RSA_WITH_AES_128_SHA))) goto end; +# endif if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) @@ -3822,30 +3870,159 @@ static int test_tls13_key_exchange(int idx) || !TEST_true(SSL_set1_groups(clientssl, kexch_groups, kexch_groups_size))) goto end; - if (!TEST_true(create_ssl_connection(serverssl, clientssl, want_err))) { - /* Fail only if no error is expected in handshake */ - if (expected_err_func == 0) - goto end; - } - - /* Fail if expected error is not happening for failure testcases */ - if (expected_err_func) { - unsigned long err_code = ERR_get_error(); - ERR_print_errors_fp(stdout); - if (TEST_int_eq(ERR_GET_FUNC(err_code), expected_err_func) - && TEST_int_eq(ERR_GET_REASON(err_code), expected_err_reason)) - testresult = 1; + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; - } /* - * If Handshake succeeds the negotiated kexch alg should the first one in - * configured, except in the case of FFDHE groups which are TLSv1.3 only - * so we expect no shared group to exist. + * If Handshake succeeds the negotiated kexch alg should be the first one in + * configured, except in the case of FFDHE groups (idx 13), which are + * TLSv1.3 only so we expect no shared group to exist. */ if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0), - idx == 3 ? 0 : kexch_groups[0])) + idx == 13 ? 0 : kexch_groups[0])) goto end; + if (max_version == TLS1_3_VERSION) { + if (!TEST_int_eq(SSL_get_negotiated_group(serverssl), kexch_groups[0])) + goto end; + if (!TEST_int_eq(SSL_get_negotiated_group(clientssl), kexch_groups[0])) + goto end; + } + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +/* + * Test TLSv1.3 Cipher Suite + * Test 0 = Set TLS1.3 cipher on context + * Test 1 = Set TLS1.3 cipher on SSL + * Test 2 = Set TLS1.3 and TLS1.2 cipher on context + * Test 3 = Set TLS1.3 and TLS1.2 cipher on SSL + */ +static int test_tls13_ciphersuite(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + static const char *t13_ciphers[] = { + TLS1_3_RFC_AES_128_GCM_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384, + TLS1_3_RFC_AES_128_CCM_SHA256, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384 ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, +# endif + TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256 + }; + const char *t13_cipher = NULL; + const char *t12_cipher = NULL; + const char *negotiated_scipher; + const char *negotiated_ccipher; + int set_at_ctx = 0; + int set_at_ssl = 0; + int testresult = 0; + int max_ver; + size_t i; + + switch (idx) { + case 0: + set_at_ctx = 1; + break; + case 1: + set_at_ssl = 1; + break; + case 2: + set_at_ctx = 1; + t12_cipher = TLS1_TXT_RSA_WITH_AES_128_SHA256; + break; + case 3: + set_at_ssl = 1; + t12_cipher = TLS1_TXT_RSA_WITH_AES_128_SHA256; + break; + } + + for (max_ver = TLS1_2_VERSION; max_ver <= TLS1_3_VERSION; max_ver++) { +# ifdef OPENSSL_NO_TLS1_2 + if (max_ver == TLS1_2_VERSION) + continue; +# endif + for (i = 0; i < OSSL_NELEM(t13_ciphers); i++) { + t13_cipher = t13_ciphers[i]; + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, max_ver, + &sctx, &cctx, cert, privkey))) + goto end; + + if (set_at_ctx) { + if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, t13_cipher)) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, t13_cipher))) + goto end; + if (t12_cipher != NULL) { + if (!TEST_true(SSL_CTX_set_cipher_list(sctx, t12_cipher)) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + t12_cipher))) + goto end; + } + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (set_at_ssl) { + if (!TEST_true(SSL_set_ciphersuites(serverssl, t13_cipher)) + || !TEST_true(SSL_set_ciphersuites(clientssl, t13_cipher))) + goto end; + if (t12_cipher != NULL) { + if (!TEST_true(SSL_set_cipher_list(serverssl, t12_cipher)) + || !TEST_true(SSL_set_cipher_list(clientssl, + t12_cipher))) + goto end; + } + } + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + negotiated_scipher = SSL_CIPHER_get_name(SSL_get_current_cipher( + serverssl)); + negotiated_ccipher = SSL_CIPHER_get_name(SSL_get_current_cipher( + clientssl)); + if (!TEST_str_eq(negotiated_scipher, negotiated_ccipher)) + goto end; + + /* + * TEST_strn_eq is used below because t13_cipher can contain + * multiple ciphersuites + */ + if (max_ver == TLS1_3_VERSION + && !TEST_strn_eq(t13_cipher, negotiated_scipher, + strlen(negotiated_scipher))) + goto end; + +# ifndef OPENSSL_NO_TLS1_2 + /* Below validation is not done when t12_cipher is NULL */ + if (max_ver == TLS1_2_VERSION && t12_cipher != NULL + && !TEST_str_eq(t12_cipher, negotiated_scipher)) + goto end; +# endif + + SSL_free(serverssl); + serverssl = NULL; + SSL_free(clientssl); + clientssl = NULL; + SSL_CTX_free(sctx); + sctx = NULL; + SSL_CTX_free(cctx); + cctx = NULL; + } + } testresult = 1; end: @@ -6241,7 +6418,10 @@ static int cert_cb(SSL *s, void *arg) SSL_CTX *ctx = (SSL_CTX *)arg; BIO *in = NULL; EVP_PKEY *pkey = NULL; - X509 *x509 = NULL; + X509 *x509 = NULL, *rootx = NULL; + STACK_OF(X509) *chain = NULL; + char *rootfile = NULL, *ecdsacert = NULL, *ecdsakey = NULL; + int ret = 0; if (cert_cb_cnt == 0) { /* Suspend the handshake */ @@ -6264,38 +6444,58 @@ static int cert_cb(SSL *s, void *arg) return 1; } else if (cert_cb_cnt == 3) { int rv; + + rootfile = test_mk_file_path(certsdir, "rootcert.pem"); + ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem"); + ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem"); + if (!TEST_ptr(rootfile) || !TEST_ptr(ecdsacert) || !TEST_ptr(ecdsakey)) + goto out; + chain = sk_X509_new_null(); + if (!TEST_ptr(chain)) + goto out; if (!TEST_ptr(in = BIO_new(BIO_s_file())) - || !TEST_int_ge(BIO_read_filename(in, cert), 0) + || !TEST_int_ge(BIO_read_filename(in, rootfile), 0) + || !TEST_ptr(rootx = PEM_read_bio_X509(in, NULL, NULL, NULL)) + || !TEST_true(sk_X509_push(chain, rootx))) + goto out; + rootx = NULL; + BIO_free(in); + if (!TEST_ptr(in = BIO_new(BIO_s_file())) + || !TEST_int_ge(BIO_read_filename(in, ecdsacert), 0) || !TEST_ptr(x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) goto out; BIO_free(in); if (!TEST_ptr(in = BIO_new(BIO_s_file())) - || !TEST_int_ge(BIO_read_filename(in, privkey), 0) + || !TEST_int_ge(BIO_read_filename(in, ecdsakey), 0) || !TEST_ptr(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) goto out; - rv = SSL_check_chain(s, x509, pkey, NULL); + rv = SSL_check_chain(s, x509, pkey, chain); /* * If the cert doesn't show as valid here (e.g., because we don't * have any shared sigalgs), then we will not set it, and there will * be no certificate at all on the SSL or SSL_CTX. This, in turn, * will cause tls_choose_sigalgs() to fail the connection. */ - if ((rv & CERT_PKEY_VALID)) { + if ((rv & (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) + == (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) { if (!SSL_use_cert_and_key(s, x509, pkey, NULL, 1)) goto out; } - BIO_free(in); - EVP_PKEY_free(pkey); - X509_free(x509); - return 1; + + ret = 1; } /* Abort the handshake */ out: + OPENSSL_free(ecdsacert); + OPENSSL_free(ecdsakey); + OPENSSL_free(rootfile); BIO_free(in); EVP_PKEY_free(pkey); X509_free(x509); - return 0; + X509_free(rootx); + sk_X509_pop_free(chain, X509_free); + return ret; } /* @@ -6303,6 +6503,10 @@ static int cert_cb(SSL *s, void *arg) * Test 0: Callback fails * Test 1: Success - no SSL_set_SSL_CTX() in the callback * Test 2: Success - SSL_set_SSL_CTX() in the callback + * Test 3: Success - Call SSL_check_chain from the callback + * Test 4: Failure - SSL_check_chain fails from callback due to bad cert in the + * chain + * Test 5: Failure - SSL_check_chain fails from callback due to bad ee cert */ static int test_cert_cb_int(int prot, int tst) { @@ -6310,6 +6514,12 @@ static int test_cert_cb_int(int prot, int tst) SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0, ret; +#ifdef OPENSSL_NO_EC + /* We use an EC cert in these tests, so we skip in a no-ec build */ + if (tst >= 3) + return 1; +#endif + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), TLS1_VERSION, @@ -6319,10 +6529,11 @@ static int test_cert_cb_int(int prot, int tst) if (tst == 0) cert_cb_cnt = -1; - else if (tst == 3) + else if (tst >= 3) cert_cb_cnt = 3; else cert_cb_cnt = 0; + if (tst == 2) snictx = SSL_CTX_new(TLS_server_method()); SSL_CTX_set_cert_cb(sctx, cert_cb, snictx); @@ -6331,8 +6542,26 @@ static int test_cert_cb_int(int prot, int tst) NULL, NULL))) goto end; + if (tst == 4) { + /* + * We cause SSL_check_chain() to fail by specifying sig_algs that + * the chain doesn't meet (the root uses an RSA cert) + */ + if (!TEST_true(SSL_set1_sigalgs_list(clientssl, + "ecdsa_secp256r1_sha256"))) + goto end; + } else if (tst == 5) { + /* + * We cause SSL_check_chain() to fail by specifying sig_algs that + * the ee cert doesn't meet (the ee uses an ECDSA cert) + */ + if (!TEST_true(SSL_set1_sigalgs_list(clientssl, + "rsa_pss_rsae_sha256:rsa_pkcs1_sha256"))) + goto end; + } + ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); - if (!TEST_true(tst == 0 ? !ret : ret) + if (!TEST_true(tst == 0 || tst == 4 || tst == 5 ? !ret : ret) || (tst > 0 && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) { goto end; @@ -6598,10 +6827,9 @@ OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n") int setup_tests(void) { - if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1)) - || !TEST_ptr(srpvfile = test_get_argument(2)) - || !TEST_ptr(tmpfilename = test_get_argument(3))) + if (!TEST_ptr(certsdir = test_get_argument(0)) + || !TEST_ptr(srpvfile = test_get_argument(1)) + || !TEST_ptr(tmpfilename = test_get_argument(2))) return 0; if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) { @@ -6620,6 +6848,16 @@ int setup_tests(void) #endif } + cert = test_mk_file_path(certsdir, "servercert.pem"); + if (cert == NULL) + return 0; + + privkey = test_mk_file_path(certsdir, "serverkey.pem"); + if (privkey == NULL) { + OPENSSL_free(cert); + return 0; + } + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \ && !defined(OPENSSL_NO_SOCK) ADD_TEST(test_ktls_no_txrx_client_no_txrx_server); @@ -6693,12 +6931,19 @@ int setup_tests(void) #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_set_ciphersuite, 10); ADD_TEST(test_ciphersuite_change); -#ifdef OPENSSL_NO_PSK + ADD_ALL_TESTS(test_tls13_ciphersuite, 4); +# ifdef OPENSSL_NO_PSK ADD_ALL_TESTS(test_tls13_psk, 1); -#else +# else ADD_ALL_TESTS(test_tls13_psk, 4); -#endif /* OPENSSL_NO_PSK */ - ADD_ALL_TESTS(test_tls13_key_exchange, 4); +# endif /* OPENSSL_NO_PSK */ +# ifndef OPENSSL_NO_TLS1_2 + /* Test with both TLSv1.3 and 1.2 versions */ + ADD_ALL_TESTS(test_key_exchange, 14); +# else + /* Test with only TLSv1.3 versions */ + ADD_ALL_TESTS(test_key_exchange, 12); +# endif ADD_ALL_TESTS(test_custom_exts, 5); ADD_TEST(test_stateless); ADD_TEST(test_pha_key_update); @@ -6722,7 +6967,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); ADD_ALL_TESTS(test_ticket_callbacks, 12); ADD_ALL_TESTS(test_shutdown, 7); - ADD_ALL_TESTS(test_cert_cb, 4); + ADD_ALL_TESTS(test_cert_cb, 6); ADD_ALL_TESTS(test_client_cert_cb, 2); ADD_ALL_TESTS(test_ca_names, 3); return 1; @@ -6730,6 +6975,8 @@ int setup_tests(void) void cleanup_tests(void) { + OPENSSL_free(cert); + OPENSSL_free(privkey); bio_s_mempacket_test_free(); bio_s_always_retry_free(); }