Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame test/servername_test.c

Blob History Raw

Packit	c4476c	`/*`
Packit	c4476c	`* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.`
Packit	c4476c	`* Copyright 2017 BaishanCloud. All rights reserved.`
Packit	c4476c	`*`
Packit	c4476c	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit	c4476c	`* this file except in compliance with the License. You can obtain a copy`
Packit	c4476c	`* in the file LICENSE in the source distribution or at`
Packit	c4476c	`* https://www.openssl.org/source/license.html`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`#include <string.h>`
Packit	c4476c
Packit	c4476c	`#include <openssl/opensslconf.h>`
Packit	c4476c	`#include <openssl/bio.h>`
Packit	c4476c	`#include <openssl/crypto.h>`
Packit	c4476c	`#include <openssl/evp.h>`
Packit	c4476c	`#include <openssl/ssl.h>`
Packit	c4476c	`#include <openssl/err.h>`
Packit	c4476c	`#include <time.h>`
Packit	c4476c
Packit	c4476c	`#include "../ssl/packet_local.h"`
Packit	c4476c
Packit	c4476c	`#include "testutil.h"`
Packit	c4476c	`#include "internal/nelem.h"`
Packit	c4476c	`#include "ssltestlib.h"`
Packit	c4476c
Packit	c4476c	`#define CLIENT_VERSION_LEN 2`
Packit	c4476c
Packit	c4476c	`static const char *host = "dummy-host";`
Packit	c4476c
Packit	c4476c	`static char *cert = NULL;`
Packit	c4476c	`static char *privkey = NULL;`
Packit	c4476c
Packit	c4476c	`static int get_sni_from_client_hello(BIO bio, char *sni)`
Packit	c4476c	`{`
Packit	c4476c	`long len;`
Packit	c4476c	`unsigned char *data;`
Packit	c4476c	`PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0}, pkt4 = {0}, pkt5 = {0};`
Packit	c4476c	`unsigned int servname_type = 0, type = 0;`
Packit	c4476c	`int ret = 0;`
Packit	c4476c
Packit	c4476c	`len = BIO_get_mem_data(bio, (char **)&data);`
Packit	c4476c	`if (!TEST_true(PACKET_buf_init(&pkt, data, len))`
Packit	c4476c	`/* Skip the record header */`
Packit	c4476c	`\|\| !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)`
Packit	c4476c	`/* Skip the handshake message header */`
Packit	c4476c	`\|\| !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))`
Packit	c4476c	`/* Skip client version and random */`
Packit	c4476c	`\|\| !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN`
Packit	c4476c	`+ SSL3_RANDOM_SIZE))`
Packit	c4476c	`/* Skip session id */`
Packit	c4476c	`\|\| !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))`
Packit	c4476c	`/* Skip ciphers */`
Packit	c4476c	`\|\| !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2))`
Packit	c4476c	`/* Skip compression */`
Packit	c4476c	`\|\| !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))`
Packit	c4476c	`/* Extensions len */`
Packit	c4476c	`\|\| !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2)))`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`/* Loop through all extensions for SNI */`
Packit	c4476c	`while (PACKET_remaining(&pkt2)) {`
Packit	c4476c	`if (!TEST_true(PACKET_get_net_2(&pkt2, &type))`
Packit	c4476c	`\|\| !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3)))`
Packit	c4476c	`goto end;`
Packit	c4476c	`if (type == TLSEXT_TYPE_server_name) {`
Packit	c4476c	`if (!TEST_true(PACKET_get_length_prefixed_2(&pkt3, &pkt4))`
Packit	c4476c	`\|\| !TEST_uint_ne(PACKET_remaining(&pkt4), 0)`
Packit	c4476c	`\|\| !TEST_true(PACKET_get_1(&pkt4, &servname_type))`
Packit	c4476c	`\|\| !TEST_uint_eq(servname_type, TLSEXT_NAMETYPE_host_name)`
Packit	c4476c	`\|\| !TEST_true(PACKET_get_length_prefixed_2(&pkt4, &pkt5))`
Packit	c4476c	`\|\| !TEST_uint_le(PACKET_remaining(&pkt5), TLSEXT_MAXLEN_host_name)`
Packit	c4476c	`\|\| !TEST_false(PACKET_contains_zero_byte(&pkt5))`
Packit	c4476c	`\|\| !TEST_true(PACKET_strndup(&pkt5, sni)))`
Packit	c4476c	`goto end;`
Packit	c4476c	`ret = 1;`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`end:`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int client_setup_sni_before_state(void)`
Packit	c4476c	`{`
Packit	c4476c	`SSL_CTX *ctx;`
Packit	c4476c	`SSL *con = NULL;`
Packit	c4476c	`BIO *rbio;`
Packit	c4476c	`BIO *wbio;`
Packit	c4476c	`char *hostname = NULL;`
Packit	c4476c	`int ret = 0;`
Packit	c4476c
Packit	c4476c	`/* use TLS_method to blur 'side' */`
Packit	c4476c	`ctx = SSL_CTX_new(TLS_method());`
Packit	c4476c	`if (!TEST_ptr(ctx))`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`con = SSL_new(ctx);`
Packit	c4476c	`if (!TEST_ptr(con))`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`/* set SNI before 'client side' is set */`
Packit	c4476c	`SSL_set_tlsext_host_name(con, host);`
Packit	c4476c
Packit	c4476c	`rbio = BIO_new(BIO_s_mem());`
Packit	c4476c	`wbio = BIO_new(BIO_s_mem());`
Packit	c4476c	`if (!TEST_ptr(rbio)\|\| !TEST_ptr(wbio)) {`
Packit	c4476c	`BIO_free(rbio);`
Packit	c4476c	`BIO_free(wbio);`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`SSL_set_bio(con, rbio, wbio);`
Packit	c4476c
Packit	c4476c	`if (!TEST_int_le(SSL_connect(con), 0))`
Packit	c4476c	`/* This shouldn't succeed because we don't have a server! */`
Packit	c4476c	`goto end;`
Packit	c4476c	`if (!TEST_true(get_sni_from_client_hello(wbio, &hostname)))`
Packit	c4476c	`/* no SNI in client hello */`
Packit	c4476c	`goto end;`
Packit	c4476c	`if (!TEST_str_eq(hostname, host))`
Packit	c4476c	`/* incorrect SNI value */`
Packit	c4476c	`goto end;`
Packit	c4476c	`ret = 1;`
Packit	c4476c	`end:`
Packit	c4476c	`OPENSSL_free(hostname);`
Packit	c4476c	`SSL_free(con);`
Packit	c4476c	`SSL_CTX_free(ctx);`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int client_setup_sni_after_state(void)`
Packit	c4476c	`{`
Packit	c4476c	`SSL_CTX *ctx;`
Packit	c4476c	`SSL *con = NULL;`
Packit	c4476c	`BIO *rbio;`
Packit	c4476c	`BIO *wbio;`
Packit	c4476c	`char *hostname = NULL;`
Packit	c4476c	`int ret = 0;`
Packit	c4476c
Packit	c4476c	`/* use TLS_method to blur 'side' */`
Packit	c4476c	`ctx = SSL_CTX_new(TLS_method());`
Packit	c4476c	`if (!TEST_ptr(ctx))`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`con = SSL_new(ctx);`
Packit	c4476c	`if (!TEST_ptr(con))`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`rbio = BIO_new(BIO_s_mem());`
Packit	c4476c	`wbio = BIO_new(BIO_s_mem());`
Packit	c4476c	`if (!TEST_ptr(rbio)\|\| !TEST_ptr(wbio)) {`
Packit	c4476c	`BIO_free(rbio);`
Packit	c4476c	`BIO_free(wbio);`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`SSL_set_bio(con, rbio, wbio);`
Packit	c4476c	`SSL_set_connect_state(con);`
Packit	c4476c
Packit	c4476c	`/* set SNI after 'client side' is set */`
Packit	c4476c	`SSL_set_tlsext_host_name(con, host);`
Packit	c4476c
Packit	c4476c	`if (!TEST_int_le(SSL_connect(con), 0))`
Packit	c4476c	`/* This shouldn't succeed because we don't have a server! */`
Packit	c4476c	`goto end;`
Packit	c4476c	`if (!TEST_true(get_sni_from_client_hello(wbio, &hostname)))`
Packit	c4476c	`/* no SNI in client hello */`
Packit	c4476c	`goto end;`
Packit	c4476c	`if (!TEST_str_eq(hostname, host))`
Packit	c4476c	`/* incorrect SNI value */`
Packit	c4476c	`goto end;`
Packit	c4476c	`ret = 1;`
Packit	c4476c	`end:`
Packit	c4476c	`OPENSSL_free(hostname);`
Packit	c4476c	`SSL_free(con);`
Packit	c4476c	`SSL_CTX_free(ctx);`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int server_setup_sni(void)`
Packit	c4476c	`{`
Packit	c4476c	`SSL_CTX cctx = NULL, sctx = NULL;`
Packit	c4476c	`SSL clientssl = NULL, serverssl = NULL;`
Packit	c4476c	`int testresult = 0;`
Packit	c4476c
Packit	c4476c	`if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),`
Packit	c4476c	`TLS_client_method(),`
Packit	c4476c	`TLS1_VERSION, TLS_MAX_VERSION,`
Packit	c4476c	`&sctx, &cctx, cert, privkey))`
Packit	c4476c	`\|\| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,`
Packit	c4476c	`NULL, NULL)))`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`/* set SNI at server side */`
Packit	c4476c	`SSL_set_tlsext_host_name(serverssl, host);`
Packit	c4476c
Packit	c4476c	`if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`if (!TEST_ptr_null(SSL_get_servername(serverssl,`
Packit	c4476c	`TLSEXT_NAMETYPE_host_name))) {`
Packit	c4476c	`/* SNI should have been cleared during handshake */`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`testresult = 1;`
Packit	c4476c	`end:`
Packit	c4476c	`SSL_free(serverssl);`
Packit	c4476c	`SSL_free(clientssl);`
Packit	c4476c	`SSL_CTX_free(sctx);`
Packit	c4476c	`SSL_CTX_free(cctx);`
Packit	c4476c
Packit	c4476c	`return testresult;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`typedef int (*sni_test_fn)(void);`
Packit	c4476c
Packit	c4476c	`static sni_test_fn sni_test_fns[3] = {`
Packit	c4476c	`client_setup_sni_before_state,`
Packit	c4476c	`client_setup_sni_after_state,`
Packit	c4476c	`server_setup_sni`
Packit	c4476c	`};`
Packit	c4476c
Packit	c4476c	`static int test_servername(int test)`
Packit	c4476c	`{`
Packit	c4476c	`/*`
Packit	c4476c	`* For each test set up an SSL_CTX and SSL and see`
Packit	c4476c	`* what SNI behaves.`
Packit	c4476c	`*/`
Packit	c4476c	`return sni_test_fns[test]();`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int setup_tests(void)`
Packit	c4476c	`{`
Packit	c4476c	`if (!TEST_ptr(cert = test_get_argument(0))`
Packit	c4476c	`\|\| !TEST_ptr(privkey = test_get_argument(1)))`
Packit	c4476c	`return 0;`
Packit	c4476c
Packit	c4476c	`ADD_ALL_TESTS(test_servername, OSSL_NELEM(sni_test_fns));`
Packit	c4476c	`return 1;`
Packit	c4476c	`}`

source-git / openssl

Source Code

Blame test/servername_test.c