Line data Source code
1 : /* Copyright (c) 2010-2021, The Tor Project, Inc. */
2 : /* See LICENSE for licensing information */
3 :
4 : #define TORTLS_PRIVATE
5 : #define TORTLS_OPENSSL_PRIVATE
6 : #define TOR_X509_PRIVATE
7 : #define LOG_PRIVATE
8 : #include "orconfig.h"
9 :
10 : #ifdef _WIN32
11 : #include <winsock2.h>
12 : #endif
13 : #include <math.h>
14 :
15 : #include "lib/cc/compat_compiler.h"
16 :
17 : /* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
18 : * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
19 : DISABLE_GCC_WARNING("-Wredundant-decls")
20 :
21 : #include <openssl/opensslv.h>
22 :
23 : #include <openssl/ssl.h>
24 : #include <openssl/ssl3.h>
25 : #include <openssl/err.h>
26 : #include <openssl/asn1t.h>
27 : #include <openssl/x509.h>
28 : #include <openssl/rsa.h>
29 : #include <openssl/evp.h>
30 : #include <openssl/bn.h>
31 :
32 : ENABLE_GCC_WARNING("-Wredundant-decls")
33 :
34 : #include "core/or/or.h"
35 : #include "lib/log/log.h"
36 : #include "app/config/config.h"
37 : #include "lib/crypt_ops/compat_openssl.h"
38 : #include "lib/tls/x509.h"
39 : #include "lib/tls/x509_internal.h"
40 : #include "lib/tls/tortls.h"
41 : #include "lib/tls/tortls_st.h"
42 : #include "lib/tls/tortls_internal.h"
43 : #include "app/config/or_state_st.h"
44 :
45 : #include "test/test.h"
46 : #include "test/log_test_helpers.h"
47 : #include "test/test_tortls.h"
48 :
49 : #ifndef HAVE_SSL_STATE
50 : #define OPENSSL_OPAQUE
51 : #endif
52 :
53 : #if defined(OPENSSL_OPAQUE) && !defined(LIBRESSL_VERSION_NUMBER)
54 : #define SSL_STATE_STR "before SSL initialization"
55 : #else
56 : #define SSL_STATE_STR "before/accept initialization"
57 : #endif
58 :
59 : #ifndef OPENSSL_OPAQUE
60 : static SSL_METHOD *
61 : give_me_a_test_method(void)
62 : {
63 : SSL_METHOD *method = tor_malloc_zero(sizeof(SSL_METHOD));
64 : memcpy(method, TLSv1_method(), sizeof(SSL_METHOD));
65 : return method;
66 : }
67 :
68 : static int
69 : fake_num_ciphers(void)
70 : {
71 : return 0;
72 : }
73 : #endif /* !defined(OPENSSL_OPAQUE) */
74 :
75 : static int
76 0 : mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
77 : {
78 0 : (void) tls;
79 0 : (void) cert; // XXXX look at this.
80 0 : return 1;
81 : }
82 :
83 : static void
84 1 : test_tortls_tor_tls_new(void *data)
85 : {
86 1 : (void) data;
87 1 : MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
88 1 : crypto_pk_t *key1 = NULL, *key2 = NULL;
89 1 : SSL_METHOD *method = NULL;
90 :
91 1 : key1 = pk_generate(2);
92 1 : key2 = pk_generate(3);
93 :
94 1 : tor_tls_t *tls = NULL;
95 1 : tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
96 : key1, key2, 86400), OP_EQ, 0);
97 1 : tls = tor_tls_new(-1, 0);
98 1 : tt_want(tls);
99 1 : tor_tls_free(tls); tls = NULL;
100 :
101 1 : SSL_CTX_free(client_tls_context->ctx);
102 1 : client_tls_context->ctx = NULL;
103 1 : tls = tor_tls_new(-1, 0);
104 1 : tt_ptr_op(tls, OP_EQ, NULL);
105 :
106 : #ifndef OPENSSL_OPAQUE
107 : method = give_me_a_test_method();
108 : SSL_CTX *ctx = SSL_CTX_new(method);
109 : method->num_ciphers = fake_num_ciphers;
110 : client_tls_context->ctx = ctx;
111 : tls = tor_tls_new(-1, 0);
112 : tt_ptr_op(tls, OP_EQ, NULL);
113 : #endif /* !defined(OPENSSL_OPAQUE) */
114 :
115 1 : done:
116 1 : UNMOCK(tor_tls_cert_matches_key);
117 1 : crypto_pk_free(key1);
118 1 : crypto_pk_free(key2);
119 1 : tor_tls_free(tls);
120 1 : tor_free(method);
121 1 : tor_tls_free_all();
122 1 : }
123 :
124 : static void
125 3 : library_init(void)
126 : {
127 : #ifdef OPENSSL_1_1_API
128 3 : OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
129 : #else
130 : SSL_library_init();
131 : SSL_load_error_strings();
132 : #endif /* defined(OPENSSL_1_1_API) */
133 3 : }
134 :
135 : static void
136 1 : test_tortls_get_state_description(void *ignored)
137 : {
138 1 : (void)ignored;
139 1 : tor_tls_t *tls;
140 1 : char *buf;
141 1 : SSL_CTX *ctx;
142 :
143 1 : library_init();
144 1 : ctx = SSL_CTX_new(SSLv23_method());
145 :
146 1 : buf = tor_malloc_zero(1000);
147 1 : tls = tor_malloc_zero(sizeof(tor_tls_t));
148 :
149 1 : tor_tls_get_state_description(NULL, buf, 20);
150 1 : tt_str_op(buf, OP_EQ, "(No SSL object)");
151 :
152 1 : SSL_free(tls->ssl);
153 1 : tls->ssl = NULL;
154 1 : tor_tls_get_state_description(tls, buf, 20);
155 1 : tt_str_op(buf, OP_EQ, "(No SSL object)");
156 :
157 1 : tls->ssl = SSL_new(ctx);
158 1 : tor_tls_get_state_description(tls, buf, 200);
159 1 : tt_str_op(buf, OP_EQ, SSL_STATE_STR " in HANDSHAKE");
160 :
161 1 : tls->state = TOR_TLS_ST_OPEN;
162 1 : tor_tls_get_state_description(tls, buf, 200);
163 1 : tt_str_op(buf, OP_EQ, SSL_STATE_STR " in OPEN");
164 :
165 1 : tls->state = TOR_TLS_ST_GOTCLOSE;
166 1 : tor_tls_get_state_description(tls, buf, 200);
167 1 : tt_str_op(buf, OP_EQ, SSL_STATE_STR " in GOTCLOSE");
168 :
169 1 : tls->state = TOR_TLS_ST_SENTCLOSE;
170 1 : tor_tls_get_state_description(tls, buf, 200);
171 1 : tt_str_op(buf, OP_EQ, SSL_STATE_STR " in SENTCLOSE");
172 :
173 1 : tls->state = TOR_TLS_ST_CLOSED;
174 1 : tor_tls_get_state_description(tls, buf, 200);
175 1 : tt_str_op(buf, OP_EQ, SSL_STATE_STR " in CLOSED");
176 :
177 1 : tls->state = TOR_TLS_ST_RENEGOTIATE;
178 1 : tor_tls_get_state_description(tls, buf, 200);
179 1 : tt_str_op(buf, OP_EQ, SSL_STATE_STR " in RENEGOTIATE");
180 :
181 1 : tls->state = TOR_TLS_ST_BUFFEREVENT;
182 1 : tor_tls_get_state_description(tls, buf, 200);
183 1 : tt_str_op(buf, OP_EQ, SSL_STATE_STR);
184 :
185 1 : tls->state = 7;
186 1 : tor_tls_get_state_description(tls, buf, 200);
187 1 : tt_str_op(buf, OP_EQ, SSL_STATE_STR " in unknown TLS state");
188 :
189 1 : done:
190 1 : SSL_CTX_free(ctx);
191 1 : SSL_free(tls->ssl);
192 1 : tor_free(buf);
193 1 : tor_free(tls);
194 1 : }
195 :
196 : static void
197 1 : test_tortls_get_by_ssl(void *ignored)
198 : {
199 1 : (void)ignored;
200 1 : tor_tls_t *tls;
201 1 : tor_tls_t *res;
202 1 : SSL_CTX *ctx;
203 1 : SSL *ssl;
204 :
205 1 : library_init();
206 1 : tor_tls_allocate_tor_tls_object_ex_data_index();
207 :
208 1 : ctx = SSL_CTX_new(SSLv23_method());
209 1 : tls = tor_malloc_zero(sizeof(tor_tls_t));
210 1 : tls->magic = TOR_TLS_MAGIC;
211 :
212 1 : ssl = SSL_new(ctx);
213 :
214 1 : res = tor_tls_get_by_ssl(ssl);
215 1 : tt_assert(!res);
216 :
217 1 : SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
218 :
219 1 : res = tor_tls_get_by_ssl(ssl);
220 1 : tt_assert(res == tls);
221 :
222 1 : done:
223 1 : SSL_free(ssl);
224 1 : SSL_CTX_free(ctx);
225 1 : tor_free(tls);
226 1 : }
227 :
228 : static void
229 1 : test_tortls_allocate_tor_tls_object_ex_data_index(void *ignored)
230 : {
231 1 : (void)ignored;
232 1 : int first;
233 :
234 1 : tor_tls_allocate_tor_tls_object_ex_data_index();
235 :
236 1 : first = tor_tls_object_ex_data_index;
237 1 : tor_tls_allocate_tor_tls_object_ex_data_index();
238 1 : tt_int_op(first, OP_EQ, tor_tls_object_ex_data_index);
239 :
240 1 : done:
241 1 : (void)0;
242 1 : }
243 :
244 : static void
245 1 : test_tortls_log_one_error(void *ignored)
246 : {
247 1 : (void)ignored;
248 1 : tor_tls_t *tls;
249 1 : SSL_CTX *ctx;
250 1 : SSL *ssl = NULL;
251 :
252 1 : library_init();
253 :
254 1 : ctx = SSL_CTX_new(SSLv23_method());
255 1 : tls = tor_malloc_zero(sizeof(tor_tls_t));
256 1 : setup_capture_of_logs(LOG_INFO);
257 :
258 1 : tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
259 1 : expect_log_msg("TLS error while something: "
260 1 : "(null) (in (null):(null):---)\n");
261 :
262 1 : mock_clean_saved_logs();
263 1 : tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
264 1 : expect_log_msg("TLS error: (null) "
265 1 : "(in (null):(null):---)\n");
266 :
267 1 : mock_clean_saved_logs();
268 1 : tls->address = tor_strdup("127.hello");
269 1 : tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
270 1 : expect_log_msg("TLS error with 127.hello: "
271 1 : "(null) (in (null):(null):---)\n");
272 1 : tor_free(tls->address);
273 :
274 1 : mock_clean_saved_logs();
275 1 : tls->address = tor_strdup("127.hello");
276 1 : tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
277 1 : expect_log_msg("TLS error while blarg with "
278 1 : "127.hello: (null) (in (null):(null):---)\n");
279 :
280 1 : mock_clean_saved_logs();
281 1 : tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
282 1 : expect_log_msg_containing("TLS error with 127.hello");
283 :
284 1 : mock_clean_saved_logs();
285 1 : tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
286 : LOG_WARN, 0, NULL);
287 1 : expect_log_severity(LOG_INFO);
288 :
289 1 : mock_clean_saved_logs();
290 1 : tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
291 : LOG_WARN, 0, NULL);
292 1 : expect_log_severity(LOG_INFO);
293 :
294 1 : mock_clean_saved_logs();
295 1 : tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
296 : LOG_WARN, 0, NULL);
297 1 : expect_log_severity(LOG_INFO);
298 :
299 : #ifndef OPENSSL_1_1_API
300 : mock_clean_saved_logs();
301 : tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
302 : LOG_WARN, 0, NULL);
303 : expect_log_severity(LOG_INFO);
304 : #endif /* !defined(OPENSSL_1_1_API) */
305 :
306 1 : mock_clean_saved_logs();
307 1 : tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
308 : LOG_WARN, 0, NULL);
309 1 : expect_log_severity(LOG_INFO);
310 :
311 1 : mock_clean_saved_logs();
312 1 : tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
313 : LOG_WARN, 0, NULL);
314 1 : expect_log_severity(LOG_INFO);
315 :
316 1 : tls->ssl = SSL_new(ctx);
317 :
318 1 : mock_clean_saved_logs();
319 1 : tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
320 1 : expect_log_msg("TLS error with 127.hello: (null)"
321 1 : " (in (null):(null):" SSL_STATE_STR ")\n");
322 :
323 1 : done:
324 1 : teardown_capture_of_logs();
325 1 : SSL_free(ssl);
326 1 : SSL_CTX_free(ctx);
327 1 : if (tls && tls->ssl)
328 1 : SSL_free(tls->ssl);
329 1 : if (tls)
330 1 : tor_free(tls->address);
331 1 : tor_free(tls);
332 1 : }
333 :
334 : #ifndef OPENSSL_OPAQUE
335 : static void
336 : test_tortls_get_error(void *ignored)
337 : {
338 : (void)ignored;
339 : tor_tls_t *tls;
340 : int ret;
341 : SSL_CTX *ctx;
342 :
343 : library_init();
344 :
345 : ctx = SSL_CTX_new(SSLv23_method());
346 : setup_capture_of_logs(LOG_INFO);
347 : tls = tor_malloc_zero(sizeof(tor_tls_t));
348 : tls->ssl = SSL_new(ctx);
349 : SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
350 :
351 : ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
352 : tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
353 : expect_log_msg("TLS error: unexpected close while"
354 : " something (before/accept initialization)\n");
355 :
356 : mock_clean_saved_logs();
357 : ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
358 : tt_int_op(ret, OP_EQ, 0);
359 : expect_no_log_entry();
360 :
361 : mock_clean_saved_logs();
362 : ret = tor_tls_get_error(tls, 0, 1, "something", LOG_WARN, 0);
363 : tt_int_op(ret, OP_EQ, -11);
364 : expect_no_log_entry();
365 :
366 : mock_clean_saved_logs();
367 : ERR_clear_error();
368 : ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
369 : ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
370 : tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
371 : expect_log_msg("TLS error while something: (null)"
372 : " (in bignum routines:(null):before/accept initialization)\n");
373 :
374 : mock_clean_saved_logs();
375 : ERR_clear_error();
376 : tls->ssl->rwstate = SSL_READING;
377 : SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
378 : ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
379 : tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
380 : expect_no_log_entry();
381 :
382 : mock_clean_saved_logs();
383 : ERR_clear_error();
384 : tls->ssl->rwstate = SSL_READING;
385 : SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
386 : ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
387 : tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
388 : expect_no_log_entry();
389 :
390 : mock_clean_saved_logs();
391 : ERR_clear_error();
392 : tls->ssl->rwstate = 0;
393 : tls->ssl->shutdown = SSL_RECEIVED_SHUTDOWN;
394 : tls->ssl->s3->warn_alert =SSL_AD_CLOSE_NOTIFY;
395 : ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
396 : tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
397 : expect_log_entry();
398 :
399 : mock_clean_saved_logs();
400 : ret = tor_tls_get_error(tls, 0, 2, "something", LOG_WARN, 0);
401 : tt_int_op(ret, OP_EQ, -10);
402 : expect_no_log_entry();
403 :
404 : mock_clean_saved_logs();
405 : ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
406 : ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
407 : tt_int_op(ret, OP_EQ, -9);
408 : expect_log_msg("TLS error while something: (null) (in system library:"
409 : "connect:before/accept initialization)\n");
410 :
411 : done:
412 : teardown_capture_of_logs();
413 : SSL_free(tls->ssl);
414 : tor_free(tls);
415 : SSL_CTX_free(ctx);
416 : }
417 : #endif /* !defined(OPENSSL_OPAQUE) */
418 :
419 : static void
420 1 : test_tortls_always_accept_verify_cb(void *ignored)
421 : {
422 1 : (void)ignored;
423 1 : int ret;
424 :
425 1 : ret = always_accept_verify_cb(0, NULL);
426 1 : tt_int_op(ret, OP_EQ, 1);
427 :
428 1 : done:
429 1 : (void)0;
430 1 : }
431 :
432 : #ifndef OPENSSL_OPAQUE
433 : static void
434 : test_tortls_x509_cert_free(void *ignored)
435 : {
436 : (void)ignored;
437 : tor_x509_cert_t *cert;
438 :
439 : cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
440 : tor_x509_cert_free(cert);
441 :
442 : cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
443 : cert->cert = X509_new();
444 : cert->encoded = tor_malloc_zero(1);
445 : tor_x509_cert_free(cert);
446 : }
447 : #endif /* !defined(OPENSSL_OPAQUE) */
448 :
449 : #ifndef OPENSSL_OPAQUE
450 : /*
451 : * Use only for the matching fake_x509_free() call
452 : */
453 : static X509 *
454 : fake_x509_malloc(void)
455 : {
456 : return tor_malloc_zero(sizeof(X509));
457 : }
458 :
459 : static void
460 : fake_x509_free(X509 *cert)
461 : {
462 : if (cert) {
463 : if (cert->cert_info) {
464 : if (cert->cert_info->key) {
465 : if (cert->cert_info->key->pkey) {
466 : tor_free(cert->cert_info->key->pkey);
467 : }
468 : tor_free(cert->cert_info->key);
469 : }
470 : tor_free(cert->cert_info);
471 : }
472 : tor_free(cert);
473 : }
474 : }
475 : #endif /* !defined(OPENSSL_OPAQUE) */
476 :
477 : #ifndef OPENSSL_OPAQUE
478 : static void
479 : test_tortls_cert_get_key(void *ignored)
480 : {
481 : (void)ignored;
482 : tor_x509_cert_t *cert = NULL;
483 : crypto_pk_t *res = NULL;
484 : cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
485 : X509 *key = NULL;
486 : key = fake_x509_malloc();
487 : key->references = 1;
488 :
489 : res = tor_tls_cert_get_key(cert);
490 : tt_assert(!res);
491 :
492 : cert->cert = key;
493 : key->cert_info = tor_malloc_zero(sizeof(X509_CINF));
494 : key->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
495 : key->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
496 : key->cert_info->key->pkey->references = 1;
497 : key->cert_info->key->pkey->type = 2;
498 : res = tor_tls_cert_get_key(cert);
499 : tt_assert(!res);
500 :
501 : done:
502 : fake_x509_free(key);
503 : tor_free(cert);
504 : crypto_pk_free(res);
505 : }
506 : #endif /* !defined(OPENSSL_OPAQUE) */
507 :
508 : static void
509 1 : test_tortls_get_my_client_auth_key(void *ignored)
510 : {
511 1 : (void)ignored;
512 1 : crypto_pk_t *ret;
513 1 : crypto_pk_t *expected;
514 1 : tor_tls_context_t *ctx;
515 1 : RSA *k = RSA_new();
516 :
517 1 : ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
518 1 : expected = crypto_new_pk_from_openssl_rsa_(k);
519 1 : ctx->auth_key = expected;
520 :
521 1 : client_tls_context = NULL;
522 1 : ret = tor_tls_get_my_client_auth_key();
523 1 : tt_assert(!ret);
524 :
525 1 : client_tls_context = ctx;
526 1 : ret = tor_tls_get_my_client_auth_key();
527 1 : tt_assert(ret == expected);
528 :
529 1 : done:
530 1 : crypto_pk_free(expected);
531 1 : tor_free(ctx);
532 1 : }
533 :
534 : #ifndef HAVE_SSL_GET_CLIENT_CIPHERS
535 : static SSL_CIPHER *
536 : get_cipher_by_name(const char *name)
537 : {
538 : int i;
539 : const SSL_METHOD *method = SSLv23_method();
540 : int num = method->num_ciphers();
541 :
542 : for (i = 0; i < num; ++i) {
543 : const SSL_CIPHER *cipher = method->get_cipher(i);
544 : const char *ciphername = SSL_CIPHER_get_name(cipher);
545 : if (!strcmp(ciphername, name)) {
546 : return (SSL_CIPHER *)cipher;
547 : }
548 : }
549 :
550 : return NULL;
551 : }
552 : #endif /* !defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
553 :
554 : #ifndef OPENSSL_OPAQUE
555 : static void
556 : test_tortls_get_ciphersuite_name(void *ignored)
557 : {
558 : (void)ignored;
559 : const char *ret;
560 : tor_tls_t *ctx;
561 : ctx = tor_malloc_zero(sizeof(tor_tls_t));
562 : ctx->ssl = tor_malloc_zero(sizeof(SSL));
563 :
564 : ret = tor_tls_get_ciphersuite_name(ctx);
565 : tt_str_op(ret, OP_EQ, "(NONE)");
566 :
567 : done:
568 : tor_free(ctx->ssl);
569 : tor_free(ctx);
570 : }
571 :
572 : static SSL_CIPHER *
573 : get_cipher_by_id(uint16_t id)
574 : {
575 : int i;
576 : const SSL_METHOD *method = SSLv23_method();
577 : int num = method->num_ciphers();
578 : for (i = 0; i < num; ++i) {
579 : const SSL_CIPHER *cipher = method->get_cipher(i);
580 : if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
581 : return (SSL_CIPHER *)cipher;
582 : }
583 : }
584 :
585 : return NULL;
586 : }
587 :
588 : static void
589 : test_tortls_classify_client_ciphers(void *ignored)
590 : {
591 : (void)ignored;
592 : int i;
593 : int ret;
594 : SSL_CTX *ctx;
595 : SSL *ssl;
596 : tor_tls_t *tls;
597 : STACK_OF(SSL_CIPHER) *ciphers;
598 : SSL_CIPHER *tmp_cipher;
599 :
600 : library_init();
601 :
602 : tor_tls_allocate_tor_tls_object_ex_data_index();
603 :
604 : tls = tor_malloc_zero(sizeof(tor_tls_t));
605 : tls->magic = TOR_TLS_MAGIC;
606 :
607 : ctx = SSL_CTX_new(TLSv1_method());
608 : ssl = SSL_new(ctx);
609 : tls->ssl = ssl;
610 :
611 : ciphers = sk_SSL_CIPHER_new_null();
612 :
613 : ret = tor_tls_classify_client_ciphers(ssl, NULL);
614 : tt_int_op(ret, OP_EQ, -1);
615 :
616 : SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
617 : tls->client_cipher_list_type = 42;
618 :
619 : ret = tor_tls_classify_client_ciphers(ssl, NULL);
620 : tt_int_op(ret, OP_EQ, 42);
621 :
622 : tls->client_cipher_list_type = 0;
623 : ret = tor_tls_classify_client_ciphers(ssl, ciphers);
624 : tt_int_op(ret, OP_EQ, 1);
625 : tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
626 :
627 : tls->client_cipher_list_type = 0;
628 : ret = tor_tls_classify_client_ciphers(ssl, SSL_get_ciphers(ssl));
629 : tt_int_op(ret, OP_EQ, 3);
630 : tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
631 :
632 : SSL_CIPHER *one = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_128_SHA),
633 : *two = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA),
634 : *three = get_cipher_by_name(SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA),
635 : *four = NULL;
636 : sk_SSL_CIPHER_push(ciphers, one);
637 : sk_SSL_CIPHER_push(ciphers, two);
638 : sk_SSL_CIPHER_push(ciphers, three);
639 : sk_SSL_CIPHER_push(ciphers, four);
640 :
641 : tls->client_cipher_list_type = 0;
642 : ret = tor_tls_classify_client_ciphers(ssl, ciphers);
643 : tt_int_op(ret, OP_EQ, 1);
644 : tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
645 :
646 : sk_SSL_CIPHER_zero(ciphers);
647 :
648 : one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
649 : tt_assert(one);
650 : one->id = 0x00ff;
651 : two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
652 : tt_assert(two);
653 : two->id = 0x0000;
654 : sk_SSL_CIPHER_push(ciphers, one);
655 : tls->client_cipher_list_type = 0;
656 : ret = tor_tls_classify_client_ciphers(ssl, ciphers);
657 : tt_int_op(ret, OP_EQ, 3);
658 : tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
659 :
660 : sk_SSL_CIPHER_push(ciphers, two);
661 : tls->client_cipher_list_type = 0;
662 : ret = tor_tls_classify_client_ciphers(ssl, ciphers);
663 : tt_int_op(ret, OP_EQ, 3);
664 : tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
665 :
666 : one->id = 0xC00A;
667 : tls->client_cipher_list_type = 0;
668 : ret = tor_tls_classify_client_ciphers(ssl, ciphers);
669 : tt_int_op(ret, OP_EQ, 3);
670 : tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
671 :
672 : sk_SSL_CIPHER_zero(ciphers);
673 : for (i=0; v2_cipher_list[i]; i++) {
674 : tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
675 : tt_assert(tmp_cipher);
676 : sk_SSL_CIPHER_push(ciphers, tmp_cipher);
677 : }
678 : tls->client_cipher_list_type = 0;
679 : ret = tor_tls_classify_client_ciphers(ssl, ciphers);
680 : tt_int_op(ret, OP_EQ, 2);
681 : tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
682 :
683 : done:
684 : sk_SSL_CIPHER_free(ciphers);
685 : SSL_free(tls->ssl);
686 : tor_free(tls);
687 : SSL_CTX_free(ctx);
688 : }
689 : #endif /* !defined(OPENSSL_OPAQUE) */
690 :
691 : static void
692 1 : test_tortls_client_is_using_v2_ciphers(void *ignored)
693 : {
694 1 : (void)ignored;
695 :
696 : #ifdef HAVE_SSL_GET_CLIENT_CIPHERS
697 1 : tt_skip();
698 1 : done:
699 1 : (void)1;
700 : #else
701 : int ret;
702 : SSL_CTX *ctx;
703 : SSL *ssl;
704 : SSL_SESSION *sess;
705 : STACK_OF(SSL_CIPHER) *ciphers;
706 :
707 : library_init();
708 :
709 : ctx = SSL_CTX_new(TLSv1_method());
710 : ssl = SSL_new(ctx);
711 : sess = SSL_SESSION_new();
712 :
713 : ret = tor_tls_client_is_using_v2_ciphers(ssl);
714 : tt_int_op(ret, OP_EQ, -1);
715 :
716 : ssl->session = sess;
717 : ret = tor_tls_client_is_using_v2_ciphers(ssl);
718 : tt_int_op(ret, OP_EQ, 0);
719 :
720 : ciphers = sk_SSL_CIPHER_new_null();
721 : SSL_CIPHER *one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
722 : tt_assert(one);
723 : one->id = 0x00ff;
724 : sk_SSL_CIPHER_push(ciphers, one);
725 : sess->ciphers = ciphers;
726 : ret = tor_tls_client_is_using_v2_ciphers(ssl);
727 : tt_int_op(ret, OP_EQ, 1);
728 : done:
729 : SSL_free(ssl);
730 : SSL_CTX_free(ctx);
731 : #endif /* defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
732 1 : }
733 :
734 : #ifndef OPENSSL_OPAQUE
735 : static int fixed_ssl_pending_result = 0;
736 :
737 : static int
738 : fixed_ssl_pending(const SSL *ignored)
739 : {
740 : (void)ignored;
741 : return fixed_ssl_pending_result;
742 : }
743 :
744 : static void
745 : test_tortls_get_pending_bytes(void *ignored)
746 : {
747 : (void)ignored;
748 : int ret;
749 : tor_tls_t *tls;
750 : SSL_METHOD *method;
751 :
752 : tls = tor_malloc_zero(sizeof(tor_tls_t));
753 : tls->ssl = tor_malloc_zero(sizeof(SSL));
754 : method = tor_malloc_zero(sizeof(SSL_METHOD));
755 : method->ssl_pending = fixed_ssl_pending;
756 : tls->ssl->method = method;
757 :
758 : fixed_ssl_pending_result = 42;
759 : ret = tor_tls_get_pending_bytes(tls);
760 : tt_int_op(ret, OP_EQ, 42);
761 :
762 : done:
763 : tor_free(method);
764 : tor_free(tls->ssl);
765 : tor_free(tls);
766 : }
767 : #endif /* !defined(OPENSSL_OPAQUE) */
768 :
769 : #ifndef OPENSSL_OPAQUE
770 : static void
771 : test_tortls_SSL_SESSION_get_master_key(void *ignored)
772 : {
773 : (void)ignored;
774 : size_t ret;
775 : tor_tls_t *tls;
776 : uint8_t *out;
777 : out = tor_malloc_zero(1);
778 : tls = tor_malloc_zero(sizeof(tor_tls_t));
779 : tls->ssl = tor_malloc_zero(sizeof(SSL));
780 : tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
781 : tls->ssl->session->master_key_length = 1;
782 :
783 : #ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
784 : tls->ssl->session->master_key[0] = 43;
785 : ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 0);
786 : tt_int_op(ret, OP_EQ, 1);
787 : tt_int_op(out[0], OP_EQ, 0);
788 :
789 : ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 1);
790 : tt_int_op(ret, OP_EQ, 1);
791 : tt_int_op(out[0], OP_EQ, 43);
792 :
793 : done:
794 : #endif /* !defined(HAVE_SSL_SESSION_GET_MASTER_KEY) */
795 : tor_free(tls->ssl->session);
796 : tor_free(tls->ssl);
797 : tor_free(tls);
798 : tor_free(out);
799 : }
800 : #endif /* !defined(OPENSSL_OPAQUE) */
801 :
802 : #ifndef OPENSSL_OPAQUE
803 : static void
804 : test_tortls_get_tlssecrets(void *ignored)
805 : {
806 : (void)ignored;
807 : int ret;
808 : uint8_t *secret_out = tor_malloc_zero(DIGEST256_LEN);
809 : tor_tls_t *tls;
810 : tls = tor_malloc_zero(sizeof(tor_tls_t));
811 : tls->ssl = tor_malloc_zero(sizeof(SSL));
812 : tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
813 : tls->ssl->session->master_key_length = 1;
814 : tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
815 :
816 : ret = tor_tls_get_tlssecrets(tls, secret_out);
817 : tt_int_op(ret, OP_EQ, 0);
818 :
819 : done:
820 : tor_free(secret_out);
821 : tor_free(tls->ssl->s3);
822 : tor_free(tls->ssl->session);
823 : tor_free(tls->ssl);
824 : tor_free(tls);
825 : }
826 : #endif /* !defined(OPENSSL_OPAQUE) */
827 :
828 : #ifndef OPENSSL_OPAQUE
829 : static void
830 : test_tortls_get_buffer_sizes(void *ignored)
831 : {
832 : (void)ignored;
833 : int ret;
834 : tor_tls_t *tls;
835 : size_t rbuf_c=-1, rbuf_b=-1, wbuf_c=-1, wbuf_b=-1;
836 :
837 : tls = tor_malloc_zero(sizeof(tor_tls_t));
838 : tls->ssl = tor_malloc_zero(sizeof(SSL));
839 : tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
840 :
841 : tls->ssl->s3->rbuf.buf = NULL;
842 : tls->ssl->s3->rbuf.len = 1;
843 : tls->ssl->s3->rbuf.offset = 0;
844 : tls->ssl->s3->rbuf.left = 42;
845 :
846 : tls->ssl->s3->wbuf.buf = NULL;
847 : tls->ssl->s3->wbuf.len = 2;
848 : tls->ssl->s3->wbuf.offset = 0;
849 : tls->ssl->s3->wbuf.left = 43;
850 :
851 : ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
852 : #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
853 : tt_int_op(ret, OP_EQ, -1);
854 : #else
855 : tt_int_op(ret, OP_EQ, 0);
856 : tt_int_op(rbuf_c, OP_EQ, 0);
857 : tt_int_op(wbuf_c, OP_EQ, 0);
858 : tt_int_op(rbuf_b, OP_EQ, 42);
859 : tt_int_op(wbuf_b, OP_EQ, 43);
860 :
861 : tls->ssl->s3->rbuf.buf = tor_malloc_zero(1);
862 : tls->ssl->s3->wbuf.buf = tor_malloc_zero(1);
863 : ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
864 : tt_int_op(ret, OP_EQ, 0);
865 : tt_int_op(rbuf_c, OP_EQ, 1);
866 : tt_int_op(wbuf_c, OP_EQ, 2);
867 :
868 : #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) */
869 :
870 : done:
871 : tor_free(tls->ssl->s3->rbuf.buf);
872 : tor_free(tls->ssl->s3->wbuf.buf);
873 : tor_free(tls->ssl->s3);
874 : tor_free(tls->ssl);
875 : tor_free(tls);
876 : }
877 : #endif /* !defined(OPENSSL_OPAQUE) */
878 :
879 : #ifndef OPENSSL_OPAQUE
880 : typedef struct cert_pkey_st_local
881 : {
882 : X509 *x509;
883 : EVP_PKEY *privatekey;
884 : const EVP_MD *digest;
885 : } CERT_PKEY_local;
886 :
887 : typedef struct sess_cert_st_local
888 : {
889 : STACK_OF(X509) *cert_chain;
890 : int peer_cert_type;
891 : CERT_PKEY_local *peer_key;
892 : CERT_PKEY_local peer_pkeys[8];
893 : int references;
894 : } SESS_CERT_local;
895 :
896 : static void
897 : test_tortls_try_to_extract_certs_from_tls(void *ignored)
898 : {
899 : (void)ignored;
900 : tor_tls_t *tls;
901 : X509 *cert = NULL, *id_cert = NULL, *c1 = NULL, *c2 = NULL;
902 : SESS_CERT_local *sess = NULL;
903 :
904 : c1 = read_cert_from(validCertString);
905 : c2 = read_cert_from(caCertString);
906 :
907 : tls = tor_malloc_zero(sizeof(tor_tls_t));
908 : tls->ssl = tor_malloc_zero(sizeof(SSL));
909 : tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
910 : sess = tor_malloc_zero(sizeof(SESS_CERT_local));
911 : tls->ssl->session->sess_cert = (void *)sess;
912 :
913 : try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
914 : tt_assert(!cert);
915 : tt_assert(!id_cert);
916 :
917 : tls->ssl->session->peer = c1;
918 : try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
919 : tt_assert(cert == c1);
920 : tt_assert(!id_cert);
921 : X509_free(cert); /* decrease refcnt */
922 :
923 : sess->cert_chain = sk_X509_new_null();
924 : try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
925 : tt_assert(cert == c1);
926 : tt_assert(!id_cert);
927 : X509_free(cert); /* decrease refcnt */
928 :
929 : sk_X509_push(sess->cert_chain, c1);
930 : sk_X509_push(sess->cert_chain, c2);
931 :
932 : try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
933 : tt_assert(cert == c1);
934 : tt_assert(id_cert);
935 : X509_free(cert); /* decrease refcnt */
936 : X509_free(id_cert); /* decrease refcnt */
937 :
938 : done:
939 : sk_X509_free(sess->cert_chain);
940 : tor_free(sess);
941 : tor_free(tls->ssl->session);
942 : tor_free(tls->ssl);
943 : tor_free(tls);
944 : X509_free(c1);
945 : X509_free(c2);
946 : }
947 : #endif /* !defined(OPENSSL_OPAQUE) */
948 :
949 : #ifndef OPENSSL_OPAQUE
950 : static void
951 : test_tortls_get_peer_cert(void *ignored)
952 : {
953 : (void)ignored;
954 : tor_x509_cert_t *ret;
955 : tor_tls_t *tls;
956 : X509 *cert = NULL;
957 :
958 : cert = read_cert_from(validCertString);
959 :
960 : tls = tor_malloc_zero(sizeof(tor_tls_t));
961 : tls->ssl = tor_malloc_zero(sizeof(SSL));
962 : tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
963 :
964 : ret = tor_tls_get_peer_cert(tls);
965 : tt_assert(!ret);
966 :
967 : tls->ssl->session->peer = cert;
968 : ret = tor_tls_get_peer_cert(tls);
969 : tt_assert(ret);
970 : tt_assert(ret->cert == cert);
971 :
972 : done:
973 : tor_x509_cert_free(ret);
974 : tor_free(tls->ssl->session);
975 : tor_free(tls->ssl);
976 : tor_free(tls);
977 : X509_free(cert);
978 : }
979 : #endif /* !defined(OPENSSL_OPAQUE) */
980 :
981 : #ifndef OPENSSL_OPAQUE
982 : static void
983 : test_tortls_peer_has_cert(void *ignored)
984 : {
985 : (void)ignored;
986 : int ret;
987 : tor_tls_t *tls;
988 : X509 *cert = NULL;
989 :
990 : cert = read_cert_from(validCertString);
991 :
992 : tls = tor_malloc_zero(sizeof(tor_tls_t));
993 : tls->ssl = tor_malloc_zero(sizeof(SSL));
994 : tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
995 :
996 : ret = tor_tls_peer_has_cert(tls);
997 : tt_assert(!ret);
998 :
999 : tls->ssl->session->peer = cert;
1000 : ret = tor_tls_peer_has_cert(tls);
1001 : tt_assert(ret);
1002 :
1003 : done:
1004 : tor_free(tls->ssl->session);
1005 : tor_free(tls->ssl);
1006 : tor_free(tls);
1007 : X509_free(cert);
1008 : }
1009 : #endif /* !defined(OPENSSL_OPAQUE) */
1010 :
1011 : static void
1012 1 : test_tortls_get_write_overhead_ratio(void *ignored)
1013 : {
1014 1 : (void)ignored;
1015 1 : double ret;
1016 :
1017 1 : total_bytes_written_over_tls = 0;
1018 1 : ret = tls_get_write_overhead_ratio();
1019 1 : tt_double_op(fabs(ret - 1.0), OP_LT, 1E-12);
1020 :
1021 1 : total_bytes_written_by_tls = 10;
1022 1 : total_bytes_written_over_tls = 1;
1023 1 : ret = tls_get_write_overhead_ratio();
1024 1 : tt_double_op(fabs(ret - 10.0), OP_LT, 1E-12);
1025 :
1026 1 : total_bytes_written_by_tls = 10;
1027 1 : total_bytes_written_over_tls = 2;
1028 1 : ret = tls_get_write_overhead_ratio();
1029 1 : tt_double_op(fabs(ret - 5.0), OP_LT, 1E-12);
1030 :
1031 1 : done:
1032 1 : (void)0;
1033 1 : }
1034 :
1035 : static void
1036 1 : test_tortls_is_server(void *ignored)
1037 : {
1038 1 : (void)ignored;
1039 1 : tor_tls_t *tls;
1040 1 : int ret;
1041 :
1042 1 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1043 1 : tls->isServer = 1;
1044 1 : ret = tor_tls_is_server(tls);
1045 1 : tt_int_op(ret, OP_EQ, 1);
1046 :
1047 1 : done:
1048 1 : tor_free(tls);
1049 1 : }
1050 :
1051 : #ifndef OPENSSL_OPAQUE
1052 : static void
1053 : test_tortls_session_secret_cb(void *ignored)
1054 : {
1055 : (void)ignored;
1056 : tor_tls_t *tls;
1057 : SSL_CTX *ctx;
1058 : STACK_OF(SSL_CIPHER) *ciphers = NULL;
1059 : SSL_CIPHER *one;
1060 :
1061 : library_init();
1062 :
1063 : tor_tls_allocate_tor_tls_object_ex_data_index();
1064 :
1065 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1066 :
1067 : tls->magic = TOR_TLS_MAGIC;
1068 :
1069 : ctx = SSL_CTX_new(TLSv1_method());
1070 : tls->ssl = SSL_new(ctx);
1071 : SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
1072 :
1073 : SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
1074 :
1075 : tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
1076 : tt_assert(!tls->ssl->tls_session_secret_cb);
1077 :
1078 : one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
1079 : one->id = 0x00ff;
1080 : ciphers = sk_SSL_CIPHER_new_null();
1081 : sk_SSL_CIPHER_push(ciphers, one);
1082 :
1083 : tls->client_cipher_list_type = 0;
1084 : tor_tls_session_secret_cb(tls->ssl, NULL, NULL, ciphers, NULL, NULL);
1085 : tt_assert(!tls->ssl->tls_session_secret_cb);
1086 :
1087 : done:
1088 : sk_SSL_CIPHER_free(ciphers);
1089 : SSL_free(tls->ssl);
1090 : SSL_CTX_free(ctx);
1091 : tor_free(tls);
1092 : }
1093 : #endif /* !defined(OPENSSL_OPAQUE) */
1094 :
1095 : #ifndef OPENSSL_OPAQUE
1096 : /* TODO: It seems block_renegotiation and unblock_renegotiation and
1097 : * using different blags. This might not be correct */
1098 : static void
1099 : test_tortls_block_renegotiation(void *ignored)
1100 : {
1101 : (void)ignored;
1102 : tor_tls_t *tls;
1103 :
1104 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1105 : tls->ssl = tor_malloc_zero(sizeof(SSL));
1106 : tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
1107 : #ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
1108 : #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
1109 : #endif
1110 :
1111 : tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
1112 :
1113 : tor_tls_block_renegotiation(tls);
1114 :
1115 : #ifndef OPENSSL_1_1_API
1116 : tt_assert(!(tls->ssl->s3->flags &
1117 : SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
1118 : #endif
1119 :
1120 : done:
1121 : tor_free(tls->ssl->s3);
1122 : tor_free(tls->ssl);
1123 : tor_free(tls);
1124 : }
1125 :
1126 : static void
1127 : test_tortls_unblock_renegotiation(void *ignored)
1128 : {
1129 : (void)ignored;
1130 : tor_tls_t *tls;
1131 :
1132 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1133 : tls->ssl = tor_malloc_zero(sizeof(SSL));
1134 : tor_tls_unblock_renegotiation(tls);
1135 :
1136 : tt_uint_op(SSL_get_options(tls->ssl) &
1137 : SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ,
1138 : SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
1139 :
1140 : done:
1141 : tor_free(tls->ssl);
1142 : tor_free(tls);
1143 : }
1144 : #endif /* !defined(OPENSSL_OPAQUE) */
1145 :
1146 : #ifndef OPENSSL_OPAQUE
1147 : static void
1148 : test_tortls_assert_renegotiation_unblocked(void *ignored)
1149 : {
1150 : (void)ignored;
1151 : tor_tls_t *tls;
1152 :
1153 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1154 : tls->ssl = tor_malloc_zero(sizeof(SSL));
1155 : tor_tls_unblock_renegotiation(tls);
1156 : tor_tls_assert_renegotiation_unblocked(tls);
1157 : /* No assertion here - this test will fail if tor_assert is turned on
1158 : * and things are bad. */
1159 :
1160 : tor_free(tls->ssl);
1161 : tor_free(tls);
1162 : }
1163 : #endif /* !defined(OPENSSL_OPAQUE) */
1164 :
1165 : static void
1166 1 : test_tortls_set_logged_address(void *ignored)
1167 : {
1168 1 : (void)ignored;
1169 1 : tor_tls_t *tls;
1170 :
1171 1 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1172 :
1173 1 : tor_tls_set_logged_address(tls, "foo bar");
1174 :
1175 1 : tt_str_op(tls->address, OP_EQ, "foo bar");
1176 :
1177 1 : tor_tls_set_logged_address(tls, "foo bar 2");
1178 1 : tt_str_op(tls->address, OP_EQ, "foo bar 2");
1179 :
1180 1 : done:
1181 1 : tor_free(tls->address);
1182 1 : tor_free(tls);
1183 1 : }
1184 :
1185 : #ifndef OPENSSL_OPAQUE
1186 : static void
1187 : example_cb(tor_tls_t *t, void *arg)
1188 : {
1189 : (void)t;
1190 : (void)arg;
1191 : }
1192 :
1193 : static void
1194 : test_tortls_set_renegotiate_callback(void *ignored)
1195 : {
1196 : (void)ignored;
1197 : tor_tls_t *tls;
1198 : const char *arg = "hello";
1199 :
1200 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1201 : tls->ssl = tor_malloc_zero(sizeof(SSL));
1202 :
1203 : tor_tls_set_renegotiate_callback(tls, example_cb, (void*)arg);
1204 : tt_assert(tls->negotiated_callback == example_cb);
1205 : tt_assert(tls->callback_arg == arg);
1206 : tt_assert(!tls->got_renegotiate);
1207 :
1208 : /* Assumes V2_HANDSHAKE_SERVER */
1209 : tt_assert(tls->ssl->info_callback == tor_tls_server_info_callback);
1210 :
1211 : tor_tls_set_renegotiate_callback(tls, NULL, (void*)arg);
1212 : tt_assert(tls->ssl->info_callback == tor_tls_debug_state_callback);
1213 :
1214 : done:
1215 : tor_free(tls->ssl);
1216 : tor_free(tls);
1217 : }
1218 : #endif /* !defined(OPENSSL_OPAQUE) */
1219 :
1220 : #ifndef OPENSSL_OPAQUE
1221 : static SSL_CIPHER *fixed_cipher1 = NULL;
1222 : static SSL_CIPHER *fixed_cipher2 = NULL;
1223 : static const SSL_CIPHER *
1224 : fake_get_cipher(unsigned ncipher)
1225 : {
1226 :
1227 : switch (ncipher) {
1228 : case 1:
1229 : return fixed_cipher1;
1230 : case 2:
1231 : return fixed_cipher2;
1232 : default:
1233 : return NULL;
1234 : }
1235 : }
1236 : #endif /* !defined(OPENSSL_OPAQUE) */
1237 :
1238 : #ifndef OPENSSL_OPAQUE
1239 : static void
1240 : test_tortls_find_cipher_by_id(void *ignored)
1241 : {
1242 : (void)ignored;
1243 : int ret;
1244 : SSL *ssl;
1245 : SSL_CTX *ctx;
1246 : const SSL_METHOD *m = TLSv1_method();
1247 : SSL_METHOD *empty_method = tor_malloc_zero(sizeof(SSL_METHOD));
1248 :
1249 : fixed_cipher1 = tor_malloc_zero(sizeof(SSL_CIPHER));
1250 : fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
1251 : fixed_cipher2->id = 0xC00A;
1252 :
1253 : library_init();
1254 :
1255 : ctx = SSL_CTX_new(m);
1256 : ssl = SSL_new(ctx);
1257 :
1258 : ret = find_cipher_by_id(ssl, NULL, 0xC00A);
1259 : tt_int_op(ret, OP_EQ, 1);
1260 :
1261 : ret = find_cipher_by_id(ssl, m, 0xC00A);
1262 : tt_int_op(ret, OP_EQ, 1);
1263 :
1264 : ret = find_cipher_by_id(ssl, m, 0xFFFF);
1265 : tt_int_op(ret, OP_EQ, 0);
1266 :
1267 : ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1268 : tt_int_op(ret, OP_EQ, 1);
1269 :
1270 : ret = find_cipher_by_id(ssl, empty_method, 0xFFFF);
1271 : #ifdef HAVE_SSL_CIPHER_FIND
1272 : tt_int_op(ret, OP_EQ, 0);
1273 : #else
1274 : tt_int_op(ret, OP_EQ, 1);
1275 : #endif
1276 :
1277 : empty_method->get_cipher = fake_get_cipher;
1278 : ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1279 : tt_int_op(ret, OP_EQ, 1);
1280 :
1281 : empty_method->get_cipher = m->get_cipher;
1282 : empty_method->num_ciphers = m->num_ciphers;
1283 : ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1284 : tt_int_op(ret, OP_EQ, 1);
1285 :
1286 : empty_method->get_cipher = fake_get_cipher;
1287 : empty_method->num_ciphers = m->num_ciphers;
1288 : ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1289 : tt_int_op(ret, OP_EQ, 1);
1290 :
1291 : empty_method->num_ciphers = fake_num_ciphers;
1292 : ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1293 : #ifdef HAVE_SSL_CIPHER_FIND
1294 : tt_int_op(ret, OP_EQ, 1);
1295 : #else
1296 : tt_int_op(ret, OP_EQ, 0);
1297 : #endif
1298 :
1299 : done:
1300 : tor_free(empty_method);
1301 : SSL_free(ssl);
1302 : SSL_CTX_free(ctx);
1303 : tor_free(fixed_cipher1);
1304 : }
1305 : #endif /* !defined(OPENSSL_OPAQUE) */
1306 :
1307 : #ifndef OPENSSL_OPAQUE
1308 : static void
1309 : test_tortls_debug_state_callback(void *ignored)
1310 : {
1311 : (void)ignored;
1312 : SSL *ssl;
1313 : char *buf = tor_malloc_zero(1000);
1314 : int n;
1315 :
1316 : setup_capture_of_logs(LOG_DEBUG);
1317 :
1318 : ssl = tor_malloc_zero(sizeof(SSL));
1319 :
1320 : tor_tls_debug_state_callback(ssl, 32, 45);
1321 :
1322 : n = tor_snprintf(buf, 1000, "SSL %p is now in state unknown"
1323 : " state [type=32,val=45].\n", ssl);
1324 : /* tor's snprintf returns -1 on error */
1325 : tt_int_op(n, OP_NE, -1);
1326 : expect_log_msg(buf);
1327 :
1328 : done:
1329 : teardown_capture_of_logs();
1330 : tor_free(buf);
1331 : tor_free(ssl);
1332 : }
1333 : #endif /* !defined(OPENSSL_OPAQUE) */
1334 :
1335 : #ifndef OPENSSL_OPAQUE
1336 : static void
1337 : test_tortls_server_info_callback(void *ignored)
1338 : {
1339 : (void)ignored;
1340 : tor_tls_t *tls;
1341 : SSL_CTX *ctx;
1342 : SSL *ssl;
1343 :
1344 : library_init();
1345 :
1346 : ctx = SSL_CTX_new(TLSv1_method());
1347 : ssl = SSL_new(ctx);
1348 :
1349 : tor_tls_allocate_tor_tls_object_ex_data_index();
1350 :
1351 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1352 : tls->magic = TOR_TLS_MAGIC;
1353 : tls->ssl = ssl;
1354 :
1355 : setup_full_capture_of_logs(LOG_WARN);
1356 : SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_A);
1357 : mock_clean_saved_logs();
1358 : tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1359 : expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
1360 :
1361 : SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
1362 : mock_clean_saved_logs();
1363 : tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1364 : expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
1365 :
1366 : SSL_set_state(ssl, 99);
1367 : mock_clean_saved_logs();
1368 : tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1369 : expect_no_log_entry();
1370 : teardown_capture_of_logs();
1371 :
1372 : SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
1373 : SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
1374 : tls->negotiated_callback = 0;
1375 : //tls->server_handshake_count = 120;
1376 : tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1377 : //tt_int_op(tls->server_handshake_count, OP_EQ, 121);
1378 :
1379 : //tls->server_handshake_count = 127;
1380 : tls->negotiated_callback = (void *)1;
1381 : tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1382 : //tt_int_op(tls->server_handshake_count, OP_EQ, 127);
1383 : tt_int_op(tls->got_renegotiate, OP_EQ, 1);
1384 :
1385 : tls->ssl->session = SSL_SESSION_new();
1386 : tls->wasV2Handshake = 0;
1387 : tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1388 : tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
1389 :
1390 : done:
1391 : teardown_capture_of_logs();
1392 : SSL_free(ssl);
1393 : SSL_CTX_free(ctx);
1394 : tor_free(tls);
1395 : }
1396 : #endif /* !defined(OPENSSL_OPAQUE) */
1397 :
1398 : #ifndef OPENSSL_OPAQUE
1399 : static int fixed_ssl_read_result_index;
1400 : static int fixed_ssl_read_result[5];
1401 :
1402 : static int
1403 : fixed_ssl_read(SSL *s, void *buf, int len)
1404 : {
1405 : (void)s;
1406 : (void)buf;
1407 : (void)len;
1408 : return fixed_ssl_read_result[fixed_ssl_read_result_index++];
1409 : }
1410 :
1411 : static int
1412 : dummy_handshake_func(SSL *s)
1413 : {
1414 : (void)s;
1415 : return 1;
1416 : }
1417 :
1418 : static int negotiated_callback_called;
1419 :
1420 : static void
1421 : negotiated_callback_setter(tor_tls_t *t, void *arg)
1422 : {
1423 : (void)t;
1424 : (void)arg;
1425 : negotiated_callback_called++;
1426 : }
1427 :
1428 : static void
1429 : test_tortls_read(void *ignored)
1430 : {
1431 : (void)ignored;
1432 : int ret;
1433 : tor_tls_t *tls;
1434 : char buf[100];
1435 : SSL_METHOD *method = give_me_a_test_method();
1436 : setup_capture_of_logs(LOG_WARN);
1437 :
1438 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1439 : tls->ssl = tor_malloc_zero(sizeof(SSL));
1440 : tls->state = TOR_TLS_ST_OPEN;
1441 :
1442 : ret = tor_tls_read(tls, buf, 10);
1443 : tt_int_op(ret, OP_EQ, -9);
1444 :
1445 : /* These tests assume that V2_HANDSHAKE_SERVER is set */
1446 : tls->ssl->handshake_func = dummy_handshake_func;
1447 : tls->ssl->method = method;
1448 : method->ssl_read = fixed_ssl_read;
1449 : fixed_ssl_read_result_index = 0;
1450 : fixed_ssl_read_result[0] = 42;
1451 : tls->state = TOR_TLS_ST_OPEN;
1452 : ERR_clear_error();
1453 : ret = tor_tls_read(tls, buf, 10);
1454 : tt_int_op(ret, OP_EQ, 42);
1455 :
1456 : tls->state = TOR_TLS_ST_OPEN;
1457 : tls->got_renegotiate = 1;
1458 : fixed_ssl_read_result_index = 0;
1459 : ERR_clear_error();
1460 : ret = tor_tls_read(tls, buf, 10);
1461 : tt_int_op(tls->got_renegotiate, OP_EQ, 0);
1462 :
1463 : tls->state = TOR_TLS_ST_OPEN;
1464 : tls->got_renegotiate = 1;
1465 : negotiated_callback_called = 0;
1466 : tls->negotiated_callback = negotiated_callback_setter;
1467 : fixed_ssl_read_result_index = 0;
1468 : ERR_clear_error();
1469 : ret = tor_tls_read(tls, buf, 10);
1470 : tt_int_op(negotiated_callback_called, OP_EQ, 1);
1471 :
1472 : #ifndef LIBRESSL_VERSION_NUMBER
1473 : fixed_ssl_read_result_index = 0;
1474 : fixed_ssl_read_result[0] = 0;
1475 : tls->ssl->version = SSL2_VERSION;
1476 : ERR_clear_error();
1477 : ret = tor_tls_read(tls, buf, 10);
1478 : tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
1479 : tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
1480 : #endif /* !defined(LIBRESSL_VERSION_NUMBER) */
1481 : // TODO: fill up
1482 :
1483 : done:
1484 : teardown_capture_of_logs();
1485 : tor_free(tls->ssl);
1486 : tor_free(tls);
1487 : tor_free(method);
1488 : }
1489 :
1490 : static int fixed_ssl_write_result;
1491 :
1492 : static int
1493 : fixed_ssl_write(SSL *s, const void *buf, int len)
1494 : {
1495 : (void)s;
1496 : (void)buf;
1497 : (void)len;
1498 : return fixed_ssl_write_result;
1499 : }
1500 :
1501 : static void
1502 : test_tortls_write(void *ignored)
1503 : {
1504 : (void)ignored;
1505 : int ret;
1506 : tor_tls_t *tls;
1507 : SSL_METHOD *method = give_me_a_test_method();
1508 : char buf[100];
1509 : setup_capture_of_logs(LOG_WARN);
1510 :
1511 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1512 : tls->ssl = tor_malloc_zero(sizeof(SSL));
1513 : tls->state = TOR_TLS_ST_OPEN;
1514 :
1515 : ret = tor_tls_write(tls, buf, 0);
1516 : tt_int_op(ret, OP_EQ, 0);
1517 :
1518 : ret = tor_tls_write(tls, buf, 10);
1519 : tt_int_op(ret, OP_EQ, -9);
1520 :
1521 : tls->ssl->method = method;
1522 : tls->wantwrite_n = 1;
1523 : ret = tor_tls_write(tls, buf, 10);
1524 : tt_int_op(tls->wantwrite_n, OP_EQ, 0);
1525 :
1526 : method->ssl_write = fixed_ssl_write;
1527 : tls->ssl->handshake_func = dummy_handshake_func;
1528 : fixed_ssl_write_result = 1;
1529 : ERR_clear_error();
1530 : ret = tor_tls_write(tls, buf, 10);
1531 : tt_int_op(ret, OP_EQ, 1);
1532 :
1533 : fixed_ssl_write_result = -1;
1534 : ERR_clear_error();
1535 : tls->ssl->rwstate = SSL_READING;
1536 : SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
1537 : SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
1538 : ret = tor_tls_write(tls, buf, 10);
1539 : tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
1540 :
1541 : ERR_clear_error();
1542 : tls->ssl->rwstate = SSL_READING;
1543 : SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
1544 : SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
1545 : ret = tor_tls_write(tls, buf, 10);
1546 : tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
1547 :
1548 : done:
1549 : teardown_capture_of_logs();
1550 : BIO_free(tls->ssl->rbio);
1551 : tor_free(tls->ssl);
1552 : tor_free(tls);
1553 : tor_free(method);
1554 : }
1555 : #endif /* !defined(OPENSSL_OPAQUE) */
1556 :
1557 : #ifndef OPENSSL_OPAQUE
1558 : static int fixed_ssl_accept_result;
1559 : static int fixed_ssl_connect_result;
1560 :
1561 : static int
1562 : setting_error_ssl_accept(SSL *ssl)
1563 : {
1564 : (void)ssl;
1565 : ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
1566 : ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
1567 : return fixed_ssl_accept_result;
1568 : }
1569 :
1570 : static int
1571 : setting_error_ssl_connect(SSL *ssl)
1572 : {
1573 : (void)ssl;
1574 : ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
1575 : ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
1576 : return fixed_ssl_connect_result;
1577 : }
1578 :
1579 : static int
1580 : fixed_ssl_accept(SSL *ssl)
1581 : {
1582 : (void) ssl;
1583 : return fixed_ssl_accept_result;
1584 : }
1585 :
1586 : static void
1587 : test_tortls_handshake(void *ignored)
1588 : {
1589 : (void)ignored;
1590 : int ret;
1591 : tor_tls_t *tls;
1592 : SSL_CTX *ctx;
1593 : SSL_METHOD *method = give_me_a_test_method();
1594 : setup_capture_of_logs(LOG_INFO);
1595 :
1596 : SSL_library_init();
1597 : SSL_load_error_strings();
1598 :
1599 : ctx = SSL_CTX_new(TLSv1_method());
1600 :
1601 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1602 : tls->ssl = SSL_new(ctx);
1603 : tls->state = TOR_TLS_ST_HANDSHAKE;
1604 :
1605 : ret = tor_tls_handshake(tls);
1606 : tt_int_op(ret, OP_EQ, -9);
1607 :
1608 : tls->isServer = 1;
1609 : tls->state = TOR_TLS_ST_HANDSHAKE;
1610 : ret = tor_tls_handshake(tls);
1611 : tt_int_op(ret, OP_EQ, -9);
1612 :
1613 : tls->ssl->method = method;
1614 : method->ssl_accept = fixed_ssl_accept;
1615 : fixed_ssl_accept_result = 2;
1616 : ERR_clear_error();
1617 : tls->state = TOR_TLS_ST_HANDSHAKE;
1618 : ret = tor_tls_handshake(tls);
1619 : tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_OPEN);
1620 :
1621 : method->ssl_accept = setting_error_ssl_accept;
1622 : fixed_ssl_accept_result = 1;
1623 : ERR_clear_error();
1624 : mock_clean_saved_logs();
1625 : tls->state = TOR_TLS_ST_HANDSHAKE;
1626 : ret = tor_tls_handshake(tls);
1627 : tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
1628 : expect_log_entry();
1629 : /* This fails on jessie. Investigate why! */
1630 : #if 0
1631 : expect_log_msg("TLS error while handshaking: (null) (in bignum routines:"
1632 : "(null):SSLv3 write client hello B)\n");
1633 : expect_log_msg("TLS error while handshaking: (null) (in system library:"
1634 : "connect:SSLv3 write client hello B)\n");
1635 : #endif /* 0 */
1636 : expect_log_severity(LOG_INFO);
1637 :
1638 : tls->isServer = 0;
1639 : method->ssl_connect = setting_error_ssl_connect;
1640 : fixed_ssl_connect_result = 1;
1641 : ERR_clear_error();
1642 : mock_clean_saved_logs();
1643 : tls->state = TOR_TLS_ST_HANDSHAKE;
1644 : ret = tor_tls_handshake(tls);
1645 : tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
1646 : expect_log_entry();
1647 : #if 0
1648 : /* See above */
1649 : expect_log_msg("TLS error while handshaking: "
1650 : "(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
1651 : expect_log_msg("TLS error while handshaking: "
1652 : "(null) (in system library:connect:SSLv3 write client hello B)\n");
1653 : #endif /* 0 */
1654 : expect_log_severity(LOG_WARN);
1655 :
1656 : done:
1657 : teardown_capture_of_logs();
1658 : SSL_free(tls->ssl);
1659 : SSL_CTX_free(ctx);
1660 : tor_free(tls);
1661 : tor_free(method);
1662 : }
1663 : #endif /* !defined(OPENSSL_OPAQUE) */
1664 :
1665 : #ifndef OPENSSL_OPAQUE
1666 : static void
1667 : test_tortls_finish_handshake(void *ignored)
1668 : {
1669 : (void)ignored;
1670 : int ret;
1671 : tor_tls_t *tls;
1672 : SSL_CTX *ctx;
1673 : SSL_METHOD *method = give_me_a_test_method();
1674 : SSL_library_init();
1675 : SSL_load_error_strings();
1676 :
1677 : X509 *c1 = read_cert_from(validCertString);
1678 : SESS_CERT_local *sess = NULL;
1679 :
1680 : ctx = SSL_CTX_new(method);
1681 :
1682 : tls = tor_malloc_zero(sizeof(tor_tls_t));
1683 : tls->ssl = SSL_new(ctx);
1684 : tls->state = TOR_TLS_ST_OPEN;
1685 :
1686 : ret = tor_tls_finish_handshake(tls);
1687 : tt_int_op(ret, OP_EQ, 0);
1688 :
1689 : tls->isServer = 1;
1690 : tls->wasV2Handshake = 0;
1691 : setup_full_capture_of_logs(LOG_WARN);
1692 : ret = tor_tls_finish_handshake(tls);
1693 : tt_int_op(ret, OP_EQ, 0);
1694 : tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
1695 : expect_single_log_msg_containing("For some reason, wasV2Handshake didn't "
1696 : "get set.");
1697 : teardown_capture_of_logs();
1698 :
1699 : tls->wasV2Handshake = 1;
1700 : ret = tor_tls_finish_handshake(tls);
1701 : tt_int_op(ret, OP_EQ, 0);
1702 : tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
1703 :
1704 : tls->wasV2Handshake = 1;
1705 : tls->ssl->session = SSL_SESSION_new();
1706 : ret = tor_tls_finish_handshake(tls);
1707 : tt_int_op(ret, OP_EQ, 0);
1708 : tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
1709 :
1710 : tls->isServer = 0;
1711 :
1712 : sess = tor_malloc_zero(sizeof(SESS_CERT_local));
1713 : tls->ssl->session->sess_cert = (void *)sess;
1714 : sess->cert_chain = sk_X509_new_null();
1715 : sk_X509_push(sess->cert_chain, c1);
1716 : tls->ssl->session->peer = c1;
1717 : tls->wasV2Handshake = 0;
1718 : ret = tor_tls_finish_handshake(tls);
1719 : tt_int_op(ret, OP_EQ, 0);
1720 : tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
1721 :
1722 : method->num_ciphers = fake_num_ciphers;
1723 : ret = tor_tls_finish_handshake(tls);
1724 : tt_int_op(ret, OP_EQ, -9);
1725 :
1726 : done:
1727 : if (sess)
1728 : sk_X509_free(sess->cert_chain);
1729 : if (tls->ssl && tls->ssl->session) {
1730 : tor_free(tls->ssl->session->sess_cert);
1731 : }
1732 : SSL_free(tls->ssl);
1733 : tor_free(tls);
1734 : SSL_CTX_free(ctx);
1735 : tor_free(method);
1736 : teardown_capture_of_logs();
1737 : }
1738 : #endif /* !defined(OPENSSL_OPAQUE) */
1739 :
1740 : static int fixed_crypto_pk_new_result_index;
1741 : static crypto_pk_t *fixed_crypto_pk_new_result[5];
1742 :
1743 : static crypto_pk_t *
1744 1 : fixed_crypto_pk_new(void)
1745 : {
1746 1 : return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++];
1747 : }
1748 :
1749 : #ifndef OPENSSL_OPAQUE
1750 : static int fixed_crypto_pk_generate_key_with_bits_result_index;
1751 : static int fixed_crypto_pk_generate_key_with_bits_result[5];
1752 : static int fixed_tor_tls_create_certificate_result_index;
1753 : static X509 *fixed_tor_tls_create_certificate_result[5];
1754 : static int fixed_tor_x509_cert_new_result_index;
1755 : static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5];
1756 :
1757 : static int
1758 : fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
1759 : {
1760 : (void)env;
1761 : (void)bits;
1762 : return fixed_crypto_pk_generate_key_with_bits_result[
1763 : fixed_crypto_pk_generate_key_with_bits_result_index++];
1764 : }
1765 :
1766 : static X509 *
1767 : fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
1768 : crypto_pk_t *rsa_sign,
1769 : const char *cname,
1770 : const char *cname_sign,
1771 : unsigned int cert_lifetime)
1772 : {
1773 : (void)rsa;
1774 : (void)rsa_sign;
1775 : (void)cname;
1776 : (void)cname_sign;
1777 : (void)cert_lifetime;
1778 : X509 *result = fixed_tor_tls_create_certificate_result[
1779 : fixed_tor_tls_create_certificate_result_index++];
1780 : if (result)
1781 : return X509_dup(result);
1782 : else
1783 : return NULL;
1784 : }
1785 :
1786 : static void
1787 : fixed_tor_tls_create_certificate_results_free(void)
1788 : {
1789 : unsigned i;
1790 : for (i = 0; i < ARRAY_LENGTH(fixed_tor_tls_create_certificate_result); ++i) {
1791 : X509 *cert = fixed_tor_tls_create_certificate_result[i];
1792 : if (cert)
1793 : X509_free(cert);
1794 : fixed_tor_tls_create_certificate_result[i] = NULL;
1795 : }
1796 : }
1797 :
1798 : static void
1799 : fixed_tor_x509_cert_new_results_free(void)
1800 : {
1801 : unsigned i;
1802 : for (i = 0; i < ARRAY_LENGTH(fixed_tor_x509_cert_new_result); ++i) {
1803 : tor_x509_cert_free(fixed_tor_x509_cert_new_result[i]);
1804 : }
1805 : }
1806 :
1807 : static tor_x509_cert_t *
1808 : fixed_tor_x509_cert_new(tor_x509_cert_impl_t *x509_cert)
1809 : {
1810 : (void) x509_cert;
1811 : tor_x509_cert_t **certp =
1812 : &fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++];
1813 : tor_x509_cert_t *cert = *certp;
1814 : *certp = NULL;
1815 : return cert;
1816 : }
1817 :
1818 : static void
1819 : test_tortls_context_new(void *ignored)
1820 : {
1821 : (void)ignored;
1822 : tor_tls_context_t *ret;
1823 : crypto_pk_t *pk1, *pk2, *pk3, *pk4, *pk5, *pk6, *pk7, *pk8, *pk9, *pk10,
1824 : *pk11, *pk12, *pk13, *pk14, *pk15, *pk16, *pk17, *pk18;
1825 :
1826 : pk1 = crypto_pk_new();
1827 : pk2 = crypto_pk_new();
1828 : pk3 = crypto_pk_new();
1829 : pk4 = crypto_pk_new();
1830 : pk5 = crypto_pk_new();
1831 : pk6 = crypto_pk_new();
1832 : pk7 = crypto_pk_new();
1833 : pk8 = crypto_pk_new();
1834 : pk9 = crypto_pk_new();
1835 : pk10 = crypto_pk_new();
1836 : pk11 = crypto_pk_new();
1837 : pk12 = crypto_pk_new();
1838 : pk13 = crypto_pk_new();
1839 : pk14 = crypto_pk_new();
1840 : pk15 = crypto_pk_new();
1841 : pk16 = crypto_pk_new();
1842 : pk17 = crypto_pk_new();
1843 : pk18 = crypto_pk_new();
1844 :
1845 : fixed_crypto_pk_new_result_index = 0;
1846 : fixed_crypto_pk_new_result[0] = NULL;
1847 : MOCK(crypto_pk_new, fixed_crypto_pk_new);
1848 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1849 : tt_assert(!ret);
1850 :
1851 : /* note: we already override this in testing_common.c, so we
1852 : * run this unit test in a subprocess. */
1853 : MOCK(crypto_pk_generate_key_with_bits,
1854 : fixed_crypto_pk_generate_key_with_bits);
1855 : fixed_crypto_pk_new_result_index = 0;
1856 : fixed_crypto_pk_new_result[0] = pk1;
1857 : fixed_crypto_pk_new_result[1] = NULL;
1858 : fixed_crypto_pk_generate_key_with_bits_result[0] = -1;
1859 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1860 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1861 : tt_assert(!ret);
1862 :
1863 : fixed_crypto_pk_new_result_index = 0;
1864 : fixed_crypto_pk_new_result[0] = pk2;
1865 : fixed_crypto_pk_new_result[1] = NULL;
1866 : fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
1867 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1868 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1869 : tt_assert(!ret);
1870 :
1871 : fixed_crypto_pk_new_result_index = 0;
1872 : fixed_crypto_pk_new_result[0] = pk3;
1873 : fixed_crypto_pk_new_result[1] = pk4;
1874 : fixed_crypto_pk_new_result[2] = NULL;
1875 : fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
1876 : fixed_crypto_pk_generate_key_with_bits_result[1] = -1;
1877 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1878 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1879 : tt_assert(!ret);
1880 :
1881 : MOCK(tor_tls_create_certificate, fixed_tor_tls_create_certificate);
1882 :
1883 : fixed_crypto_pk_new_result_index = 0;
1884 : fixed_crypto_pk_new_result[0] = pk5;
1885 : fixed_crypto_pk_new_result[1] = pk6;
1886 : fixed_crypto_pk_new_result[2] = NULL;
1887 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1888 : fixed_crypto_pk_generate_key_with_bits_result[1] = 0;
1889 : fixed_tor_tls_create_certificate_result_index = 0;
1890 : fixed_tor_tls_create_certificate_result[0] = NULL;
1891 : fixed_tor_tls_create_certificate_result[1] = X509_new();
1892 : fixed_tor_tls_create_certificate_result[2] = X509_new();
1893 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1894 : tt_assert(!ret);
1895 : fixed_tor_tls_create_certificate_results_free();
1896 :
1897 : fixed_crypto_pk_new_result_index = 0;
1898 : fixed_crypto_pk_new_result[0] = pk7;
1899 : fixed_crypto_pk_new_result[1] = pk8;
1900 : fixed_crypto_pk_new_result[2] = NULL;
1901 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1902 : fixed_tor_tls_create_certificate_result_index = 0;
1903 : fixed_tor_tls_create_certificate_result[0] = X509_new();
1904 : fixed_tor_tls_create_certificate_result[1] = NULL;
1905 : fixed_tor_tls_create_certificate_result[2] = X509_new();
1906 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1907 : tt_assert(!ret);
1908 : fixed_tor_tls_create_certificate_results_free();
1909 :
1910 : fixed_crypto_pk_new_result_index = 0;
1911 : fixed_crypto_pk_new_result[0] = pk9;
1912 : fixed_crypto_pk_new_result[1] = pk10;
1913 : fixed_crypto_pk_new_result[2] = NULL;
1914 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1915 : fixed_tor_tls_create_certificate_result_index = 0;
1916 : fixed_tor_tls_create_certificate_result[0] = X509_new();
1917 : fixed_tor_tls_create_certificate_result[1] = X509_new();
1918 : fixed_tor_tls_create_certificate_result[2] = NULL;
1919 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1920 : tt_assert(!ret);
1921 : fixed_tor_tls_create_certificate_results_free();
1922 :
1923 : MOCK(tor_x509_cert_new, fixed_tor_x509_cert_new);
1924 : fixed_crypto_pk_new_result_index = 0;
1925 : fixed_crypto_pk_new_result[0] = pk11;
1926 : fixed_crypto_pk_new_result[1] = pk12;
1927 : fixed_crypto_pk_new_result[2] = NULL;
1928 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1929 : fixed_tor_tls_create_certificate_result_index = 0;
1930 : fixed_tor_tls_create_certificate_result[0] = X509_new();
1931 : fixed_tor_tls_create_certificate_result[1] = X509_new();
1932 : fixed_tor_tls_create_certificate_result[2] = X509_new();
1933 : fixed_tor_x509_cert_new_result_index = 0;
1934 : fixed_tor_x509_cert_new_result[0] = NULL;
1935 : fixed_tor_x509_cert_new_result[1] = NULL;
1936 : fixed_tor_x509_cert_new_result[2] = NULL;
1937 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1938 : tt_assert(!ret);
1939 : fixed_tor_tls_create_certificate_results_free();
1940 :
1941 : fixed_crypto_pk_new_result_index = 0;
1942 : fixed_crypto_pk_new_result[0] = pk13;
1943 : fixed_crypto_pk_new_result[1] = pk14;
1944 : fixed_crypto_pk_new_result[2] = NULL;
1945 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1946 : fixed_tor_tls_create_certificate_result_index = 0;
1947 : fixed_tor_tls_create_certificate_result[0] = X509_new();
1948 : fixed_tor_tls_create_certificate_result[1] = X509_new();
1949 : fixed_tor_tls_create_certificate_result[2] = X509_new();
1950 : fixed_tor_x509_cert_new_result_index = 0;
1951 : fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
1952 : fixed_tor_x509_cert_new_result[1] = NULL;
1953 : fixed_tor_x509_cert_new_result[2] = NULL;
1954 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1955 : tt_assert(!ret);
1956 : fixed_tor_tls_create_certificate_results_free();
1957 : fixed_tor_x509_cert_new_results_free();
1958 :
1959 : fixed_crypto_pk_new_result_index = 0;
1960 : fixed_crypto_pk_new_result[0] = pk15;
1961 : fixed_crypto_pk_new_result[1] = pk16;
1962 : fixed_crypto_pk_new_result[2] = NULL;
1963 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1964 : fixed_tor_tls_create_certificate_result_index = 0;
1965 : fixed_tor_tls_create_certificate_result[0] = X509_new();
1966 : fixed_tor_tls_create_certificate_result[1] = X509_new();
1967 : fixed_tor_tls_create_certificate_result[2] = X509_new();
1968 : fixed_tor_x509_cert_new_result_index = 0;
1969 : fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
1970 : fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
1971 : fixed_tor_x509_cert_new_result[2] = NULL;
1972 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1973 : tt_assert(!ret);
1974 : fixed_tor_tls_create_certificate_results_free();
1975 : fixed_tor_x509_cert_new_results_free();
1976 :
1977 : fixed_crypto_pk_new_result_index = 0;
1978 : fixed_crypto_pk_new_result[0] = pk17;
1979 : fixed_crypto_pk_new_result[1] = pk18;
1980 : fixed_crypto_pk_new_result[2] = NULL;
1981 : fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1982 : fixed_tor_tls_create_certificate_result_index = 0;
1983 : fixed_tor_tls_create_certificate_result[0] = X509_new();
1984 : fixed_tor_tls_create_certificate_result[1] = X509_new();
1985 : fixed_tor_tls_create_certificate_result[2] = X509_new();
1986 : fixed_tor_x509_cert_new_result_index = 0;
1987 : fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
1988 : fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
1989 : fixed_tor_x509_cert_new_result[2] = tor_malloc_zero(sizeof(tor_x509_cert_t));
1990 : ret = tor_tls_context_new(NULL, 0, 0, 0);
1991 : tt_assert(!ret);
1992 :
1993 : done:
1994 : fixed_tor_tls_create_certificate_results_free();
1995 : fixed_tor_x509_cert_new_results_free();
1996 : UNMOCK(tor_x509_cert_new);
1997 : UNMOCK(tor_tls_create_certificate);
1998 : UNMOCK(crypto_pk_generate_key_with_bits);
1999 : UNMOCK(crypto_pk_new);
2000 : }
2001 : #endif /* !defined(OPENSSL_OPAQUE) */
2002 :
2003 : static int fixed_crypto_pk_get_evp_pkey_result_index = 0;
2004 : static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5];
2005 :
2006 : static EVP_PKEY *
2007 5 : fixed_crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private)
2008 : {
2009 5 : (void) env;
2010 5 : (void) private;
2011 5 : return fixed_crypto_pk_get_evp_pkey_result[
2012 5 : fixed_crypto_pk_get_evp_pkey_result_index++];
2013 : }
2014 :
2015 : static void
2016 1 : test_tortls_create_certificate(void *ignored)
2017 : {
2018 1 : (void)ignored;
2019 1 : X509 *ret;
2020 1 : crypto_pk_t *pk1, *pk2;
2021 :
2022 1 : pk1 = crypto_pk_new();
2023 1 : pk2 = crypto_pk_new();
2024 :
2025 1 : MOCK(crypto_pk_get_openssl_evp_pkey_, fixed_crypto_pk_get_evp_pkey_);
2026 1 : fixed_crypto_pk_get_evp_pkey_result_index = 0;
2027 1 : fixed_crypto_pk_get_evp_pkey_result[0] = NULL;
2028 1 : ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2029 1 : tt_assert(!ret);
2030 :
2031 1 : fixed_crypto_pk_get_evp_pkey_result_index = 0;
2032 1 : fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
2033 1 : fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
2034 1 : ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2035 1 : tt_assert(!ret);
2036 :
2037 1 : fixed_crypto_pk_get_evp_pkey_result_index = 0;
2038 1 : fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
2039 1 : fixed_crypto_pk_get_evp_pkey_result[1] = EVP_PKEY_new();
2040 1 : ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2041 1 : tt_assert(!ret);
2042 :
2043 1 : done:
2044 1 : UNMOCK(crypto_pk_get_openssl_evp_pkey_);
2045 1 : crypto_pk_free(pk1);
2046 1 : crypto_pk_free(pk2);
2047 1 : }
2048 :
2049 : static void
2050 1 : test_tortls_cert_new(void *ignored)
2051 : {
2052 1 : (void)ignored;
2053 1 : tor_x509_cert_t *ret;
2054 1 : X509 *cert = read_cert_from(validCertString);
2055 :
2056 1 : ret = tor_x509_cert_new(NULL);
2057 1 : tt_assert(!ret);
2058 :
2059 1 : ret = tor_x509_cert_new(cert);
2060 1 : tt_assert(ret);
2061 1 : tor_x509_cert_free(ret);
2062 1 : ret = NULL;
2063 :
2064 : #if 0
2065 : cert = read_cert_from(validCertString);
2066 : /* XXX this doesn't do what you think: it alters a copy of the pubkey. */
2067 : X509_get_pubkey(cert)->type = EVP_PKEY_DSA;
2068 : ret = tor_x509_cert_new(cert);
2069 : tt_assert(ret);
2070 : #endif /* 0 */
2071 :
2072 : #ifndef OPENSSL_OPAQUE
2073 : cert = read_cert_from(validCertString);
2074 : X509_CINF_free(cert->cert_info);
2075 : cert->cert_info = NULL;
2076 : ret = tor_x509_cert_new(cert);
2077 : tt_assert(ret);
2078 : #endif /* !defined(OPENSSL_OPAQUE) */
2079 :
2080 1 : done:
2081 1 : tor_x509_cert_free(ret);
2082 1 : }
2083 :
2084 : static void
2085 1 : test_tortls_cert_is_valid(void *ignored)
2086 : {
2087 1 : (void)ignored;
2088 1 : int ret;
2089 1 : tor_x509_cert_t *cert = NULL, *scert = NULL;
2090 :
2091 1 : scert = tor_malloc_zero(sizeof(tor_x509_cert_t));
2092 1 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2093 1 : tt_int_op(ret, OP_EQ, 0);
2094 :
2095 1 : cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
2096 1 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2097 1 : tt_int_op(ret, OP_EQ, 0);
2098 1 : tor_free(scert);
2099 1 : tor_free(cert);
2100 :
2101 1 : cert = tor_x509_cert_new(read_cert_from(validCertString));
2102 1 : scert = tor_x509_cert_new(read_cert_from(caCertString));
2103 1 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2104 1 : tt_int_op(ret, OP_EQ, 1);
2105 :
2106 : #ifndef OPENSSL_OPAQUE
2107 : tor_x509_cert_free(cert);
2108 : tor_x509_cert_free(scert);
2109 : cert = tor_x509_cert_new(read_cert_from(validCertString));
2110 : scert = tor_x509_cert_new(read_cert_from(caCertString));
2111 : ASN1_TIME_free(cert->cert->cert_info->validity->notAfter);
2112 : cert->cert->cert_info->validity->notAfter =
2113 : ASN1_TIME_set(NULL, time(NULL)-1000000);
2114 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2115 : tt_int_op(ret, OP_EQ, 0);
2116 :
2117 : tor_x509_cert_free(cert);
2118 : tor_x509_cert_free(scert);
2119 : cert = tor_x509_cert_new(read_cert_from(validCertString));
2120 : scert = tor_x509_cert_new(read_cert_from(caCertString));
2121 : X509_PUBKEY_free(cert->cert->cert_info->key);
2122 : cert->cert->cert_info->key = NULL;
2123 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
2124 : tt_int_op(ret, OP_EQ, 0);
2125 : #endif /* !defined(OPENSSL_OPAQUE) */
2126 :
2127 : #if 0
2128 : tor_x509_cert_free(cert);
2129 : tor_x509_cert_free(scert);
2130 : cert = tor_x509_cert_new(read_cert_from(validCertString));
2131 : scert = tor_x509_cert_new(read_cert_from(caCertString));
2132 : /* This doesn't actually change the key in the cert. XXXXXX */
2133 : BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n);
2134 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
2135 : tt_int_op(ret, OP_EQ, 0);
2136 :
2137 : tor_x509_cert_free(cert);
2138 : tor_x509_cert_free(scert);
2139 : cert = tor_x509_cert_new(read_cert_from(validCertString));
2140 : scert = tor_x509_cert_new(read_cert_from(caCertString));
2141 : /* This doesn't actually change the key in the cert. XXXXXX */
2142 : X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2143 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
2144 : tt_int_op(ret, OP_EQ, 0);
2145 :
2146 : tor_x509_cert_free(cert);
2147 : tor_x509_cert_free(scert);
2148 : cert = tor_x509_cert_new(read_cert_from(validCertString));
2149 : scert = tor_x509_cert_new(read_cert_from(caCertString));
2150 : /* This doesn't actually change the key in the cert. XXXXXX */
2151 : X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2152 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2153 : tt_int_op(ret, OP_EQ, 1);
2154 :
2155 : tor_x509_cert_free(cert);
2156 : tor_x509_cert_free(scert);
2157 : cert = tor_x509_cert_new(read_cert_from(validCertString));
2158 : scert = tor_x509_cert_new(read_cert_from(caCertString));
2159 : /* This doesn't actually change the key in the cert. XXXXXX */
2160 : X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2161 : X509_get_pubkey(cert->cert)->ameth = NULL;
2162 : ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2163 : tt_int_op(ret, OP_EQ, 0);
2164 : #endif /* 0 */
2165 :
2166 1 : done:
2167 1 : tor_x509_cert_free(cert);
2168 1 : tor_x509_cert_free(scert);
2169 1 : }
2170 :
2171 : static void
2172 1 : test_tortls_context_init_one(void *ignored)
2173 : {
2174 1 : (void)ignored;
2175 1 : int ret;
2176 1 : tor_tls_context_t *old = NULL;
2177 :
2178 1 : MOCK(crypto_pk_new, fixed_crypto_pk_new);
2179 :
2180 1 : fixed_crypto_pk_new_result_index = 0;
2181 1 : fixed_crypto_pk_new_result[0] = NULL;
2182 1 : ret = tor_tls_context_init_one(&old, NULL, 0, 0, 0);
2183 1 : tt_int_op(ret, OP_EQ, -1);
2184 :
2185 1 : done:
2186 1 : UNMOCK(crypto_pk_new);
2187 1 : }
2188 :
2189 : #define LOCAL_TEST_CASE(name, flags) \
2190 : { #name, test_tortls_##name, (flags|TT_FORK), NULL, NULL }
2191 :
2192 : #ifdef OPENSSL_OPAQUE
2193 : #define INTRUSIVE_TEST_CASE(name, flags) \
2194 : { #name, NULL, TT_SKIP, NULL, NULL }
2195 : #else
2196 : #define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags)
2197 : #endif /* defined(OPENSSL_OPAQUE) */
2198 :
2199 : struct testcase_t tortls_openssl_tests[] = {
2200 : LOCAL_TEST_CASE(tor_tls_new, TT_FORK),
2201 : LOCAL_TEST_CASE(get_state_description, TT_FORK),
2202 : LOCAL_TEST_CASE(get_by_ssl, TT_FORK),
2203 : LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK),
2204 : LOCAL_TEST_CASE(log_one_error, TT_FORK),
2205 : INTRUSIVE_TEST_CASE(get_error, TT_FORK),
2206 : LOCAL_TEST_CASE(always_accept_verify_cb, 0),
2207 : INTRUSIVE_TEST_CASE(x509_cert_free, 0),
2208 : INTRUSIVE_TEST_CASE(cert_get_key, 0),
2209 : LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK),
2210 : INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0),
2211 : INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
2212 : LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
2213 : INTRUSIVE_TEST_CASE(get_pending_bytes, 0),
2214 : INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0),
2215 : INTRUSIVE_TEST_CASE(get_tlssecrets, 0),
2216 : INTRUSIVE_TEST_CASE(get_buffer_sizes, 0),
2217 : INTRUSIVE_TEST_CASE(try_to_extract_certs_from_tls, 0),
2218 : INTRUSIVE_TEST_CASE(get_peer_cert, 0),
2219 : INTRUSIVE_TEST_CASE(peer_has_cert, 0),
2220 : INTRUSIVE_TEST_CASE(finish_handshake, 0),
2221 : INTRUSIVE_TEST_CASE(handshake, 0),
2222 : INTRUSIVE_TEST_CASE(write, 0),
2223 : INTRUSIVE_TEST_CASE(read, 0),
2224 : INTRUSIVE_TEST_CASE(server_info_callback, 0),
2225 : LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
2226 : LOCAL_TEST_CASE(is_server, 0),
2227 : INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
2228 : INTRUSIVE_TEST_CASE(block_renegotiation, 0),
2229 : INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
2230 : INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),
2231 : LOCAL_TEST_CASE(set_logged_address, 0),
2232 : INTRUSIVE_TEST_CASE(find_cipher_by_id, 0),
2233 : INTRUSIVE_TEST_CASE(session_secret_cb, 0),
2234 : INTRUSIVE_TEST_CASE(debug_state_callback, 0),
2235 : INTRUSIVE_TEST_CASE(context_new, TT_FORK /* redundant */),
2236 : LOCAL_TEST_CASE(create_certificate, 0),
2237 : LOCAL_TEST_CASE(cert_new, 0),
2238 : LOCAL_TEST_CASE(cert_is_valid, 0),
2239 : LOCAL_TEST_CASE(context_init_one, 0),
2240 : END_OF_TESTCASES
2241 : };
|
