search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bump copyright date to 2019
[tor.git] / src / test / test_tortls_openssl.c
blob73041a871cca227568e3ddb3ee28daff8e89f632
1 /* Copyright (c) 2010-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3
4 #define TORTLS_PRIVATE
5 #define TORTLS_OPENSSL_PRIVATE
6 #define TOR_X509_PRIVATE
7 #define LOG_PRIVATE
8 #include "orconfig.h"
9
10 #ifdef _WIN32
11 #include <winsock2.h>
12 #endif
13 #include <math.h>
14
15 #include "lib/cc/compat_compiler.h"
16
17 /* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
18 * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
19 DISABLE_GCC_WARNING(redundant-decls)
20
21 #include <openssl/opensslv.h>
22
23 #include <openssl/ssl.h>
24 #include <openssl/ssl3.h>
25 #include <openssl/err.h>
26 #include <openssl/asn1t.h>
27 #include <openssl/x509.h>
28 #include <openssl/rsa.h>
29 #include <openssl/evp.h>
30 #include <openssl/bn.h>
31
32 ENABLE_GCC_WARNING(redundant-decls)
33
34 #include "core/or/or.h"
35 #include "lib/log/log.h"
36 #include "app/config/config.h"
37 #include "lib/crypt_ops/compat_openssl.h"
38 #include "lib/tls/x509.h"
39 #include "lib/tls/x509_internal.h"
40 #include "lib/tls/tortls.h"
41 #include "lib/tls/tortls_st.h"
42 #include "lib/tls/tortls_internal.h"
43 #include "app/config/or_state_st.h"
44
45 #include "test/test.h"
46 #include "test/log_test_helpers.h"
47 #include "test/test_tortls.h"
48
49 #define NS_MODULE tortls
50
51 #ifndef HAVE_SSL_STATE
52 #define OPENSSL_OPAQUE
53 #endif
54
55 #if defined(OPENSSL_OPAQUE) && !defined(LIBRESSL_VERSION_NUMBER)
56 #define SSL_STATE_STR "before SSL initialization"
57 #else
58 #define SSL_STATE_STR "before/accept initialization"
59 #endif
60
61 #ifndef OPENSSL_OPAQUE
62 static SSL_METHOD *
63 give_me_a_test_method(void)
64 {
65 SSL_METHOD *method = tor_malloc_zero(sizeof(SSL_METHOD));
66 memcpy(method, TLSv1_method(), sizeof(SSL_METHOD));
67 return method;
68 }
69
70 static int
71 fake_num_ciphers(void)
72 {
73 return 0;
74 }
75 #endif /* !defined(OPENSSL_OPAQUE) */
76
77 static int
78 mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
79 {
80 (void) tls;
81 (void) cert; // XXXX look at this.
82 return 1;
83 }
84
85 static void
86 test_tortls_tor_tls_new(void *data)
87 {
88 (void) data;
89 MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
90 crypto_pk_t *key1 = NULL, *key2 = NULL;
91 SSL_METHOD *method = NULL;
92
93 key1 = pk_generate(2);
94 key2 = pk_generate(3);
95
96 tor_tls_t *tls = NULL;
97 tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
98 key1, key2, 86400), OP_EQ, 0);
99 tls = tor_tls_new(-1, 0);
100 tt_want(tls);
101 tor_tls_free(tls); tls = NULL;
102
103 SSL_CTX_free(client_tls_context->ctx);
104 client_tls_context->ctx = NULL;
105 tls = tor_tls_new(-1, 0);
106 tt_ptr_op(tls, OP_EQ, NULL);
107
108 #ifndef OPENSSL_OPAQUE
109 method = give_me_a_test_method();
110 SSL_CTX *ctx = SSL_CTX_new(method);
111 method->num_ciphers = fake_num_ciphers;
112 client_tls_context->ctx = ctx;
113 tls = tor_tls_new(-1, 0);
114 tt_ptr_op(tls, OP_EQ, NULL);
115 #endif /* !defined(OPENSSL_OPAQUE) */
116
117 done:
118 UNMOCK(tor_tls_cert_matches_key);
119 crypto_pk_free(key1);
120 crypto_pk_free(key2);
121 tor_tls_free(tls);
122 tor_free(method);
123 tor_tls_free_all();
124 }
125
126 #define NS_MODULE tortls
127
128 static void
129 library_init(void)
130 {
131 #ifdef OPENSSL_1_1_API
132 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
133 #else
134 SSL_library_init();
135 SSL_load_error_strings();
136 #endif
137 }
138
139 static void
140 test_tortls_get_state_description(void *ignored)
141 {
142 (void)ignored;
143 tor_tls_t *tls;
144 char *buf;
145 SSL_CTX *ctx;
146
147 library_init();
148 ctx = SSL_CTX_new(SSLv23_method());
149
150 buf = tor_malloc_zero(1000);
151 tls = tor_malloc_zero(sizeof(tor_tls_t));
152
153 tor_tls_get_state_description(NULL, buf, 20);
154 tt_str_op(buf, OP_EQ, "(No SSL object)");
155
156 SSL_free(tls->ssl);
157 tls->ssl = NULL;
158 tor_tls_get_state_description(tls, buf, 20);
159 tt_str_op(buf, OP_EQ, "(No SSL object)");
160
161 tls->ssl = SSL_new(ctx);
162 tor_tls_get_state_description(tls, buf, 200);
163 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in HANDSHAKE");
164
165 tls->state = TOR_TLS_ST_OPEN;
166 tor_tls_get_state_description(tls, buf, 200);
167 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in OPEN");
168
169 tls->state = TOR_TLS_ST_GOTCLOSE;
170 tor_tls_get_state_description(tls, buf, 200);
171 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in GOTCLOSE");
172
173 tls->state = TOR_TLS_ST_SENTCLOSE;
174 tor_tls_get_state_description(tls, buf, 200);
175 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in SENTCLOSE");
176
177 tls->state = TOR_TLS_ST_CLOSED;
178 tor_tls_get_state_description(tls, buf, 200);
179 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in CLOSED");
180
181 tls->state = TOR_TLS_ST_RENEGOTIATE;
182 tor_tls_get_state_description(tls, buf, 200);
183 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in RENEGOTIATE");
184
185 tls->state = TOR_TLS_ST_BUFFEREVENT;
186 tor_tls_get_state_description(tls, buf, 200);
187 tt_str_op(buf, OP_EQ, SSL_STATE_STR);
188
189 tls->state = 7;
190 tor_tls_get_state_description(tls, buf, 200);
191 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in unknown TLS state");
192
193 done:
194 SSL_CTX_free(ctx);
195 SSL_free(tls->ssl);
196 tor_free(buf);
197 tor_free(tls);
198 }
199
200 static void
201 test_tortls_get_by_ssl(void *ignored)
202 {
203 (void)ignored;
204 tor_tls_t *tls;
205 tor_tls_t *res;
206 SSL_CTX *ctx;
207 SSL *ssl;
208
209 library_init();
210 tor_tls_allocate_tor_tls_object_ex_data_index();
211
212 ctx = SSL_CTX_new(SSLv23_method());
213 tls = tor_malloc_zero(sizeof(tor_tls_t));
214 tls->magic = TOR_TLS_MAGIC;
215
216 ssl = SSL_new(ctx);
217
218 res = tor_tls_get_by_ssl(ssl);
219 tt_assert(!res);
220
221 SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
222
223 res = tor_tls_get_by_ssl(ssl);
224 tt_assert(res == tls);
225
226 done:
227 SSL_free(ssl);
228 SSL_CTX_free(ctx);
229 tor_free(tls);
230 }
231
232 static void
233 test_tortls_allocate_tor_tls_object_ex_data_index(void *ignored)
234 {
235 (void)ignored;
236 int first;
237
238 tor_tls_allocate_tor_tls_object_ex_data_index();
239
240 first = tor_tls_object_ex_data_index;
241 tor_tls_allocate_tor_tls_object_ex_data_index();
242 tt_int_op(first, OP_EQ, tor_tls_object_ex_data_index);
243
244 done:
245 (void)0;
246 }
247
248 static void
249 test_tortls_log_one_error(void *ignored)
250 {
251 (void)ignored;
252 tor_tls_t *tls;
253 SSL_CTX *ctx;
254 SSL *ssl = NULL;
255
256 library_init();
257
258 ctx = SSL_CTX_new(SSLv23_method());
259 tls = tor_malloc_zero(sizeof(tor_tls_t));
260 setup_capture_of_logs(LOG_INFO);
261
262 tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
263 expect_log_msg("TLS error while something: "
264 "(null) (in (null):(null):---)\n");
265
266 mock_clean_saved_logs();
267 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
268 expect_log_msg("TLS error: (null) "
269 "(in (null):(null):---)\n");
270
271 mock_clean_saved_logs();
272 tls->address = tor_strdup("127.hello");
273 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
274 expect_log_msg("TLS error with 127.hello: "
275 "(null) (in (null):(null):---)\n");
276 tor_free(tls->address);
277
278 mock_clean_saved_logs();
279 tls->address = tor_strdup("127.hello");
280 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
281 expect_log_msg("TLS error while blarg with "
282 "127.hello: (null) (in (null):(null):---)\n");
283
284 mock_clean_saved_logs();
285 tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
286 expect_log_msg("TLS error with 127.hello: "
287 "BN lib (in unknown library:(null):---)\n");
288
289 mock_clean_saved_logs();
290 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
291 LOG_WARN, 0, NULL);
292 expect_log_severity(LOG_INFO);
293
294 mock_clean_saved_logs();
295 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
296 LOG_WARN, 0, NULL);
297 expect_log_severity(LOG_INFO);
298
299 mock_clean_saved_logs();
300 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
301 LOG_WARN, 0, NULL);
302 expect_log_severity(LOG_INFO);
303
304 #ifndef OPENSSL_1_1_API
305 mock_clean_saved_logs();
306 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
307 LOG_WARN, 0, NULL);
308 expect_log_severity(LOG_INFO);
309 #endif /* !defined(OPENSSL_1_1_API) */
310
311 mock_clean_saved_logs();
312 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
313 LOG_WARN, 0, NULL);
314 expect_log_severity(LOG_INFO);
315
316 mock_clean_saved_logs();
317 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
318 LOG_WARN, 0, NULL);
319 expect_log_severity(LOG_INFO);
320
321 tls->ssl = SSL_new(ctx);
322
323 mock_clean_saved_logs();
324 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
325 expect_log_msg("TLS error with 127.hello: (null)"
326 " (in (null):(null):" SSL_STATE_STR ")\n");
327
328 done:
329 teardown_capture_of_logs();
330 SSL_free(ssl);
331 SSL_CTX_free(ctx);
332 if (tls && tls->ssl)
333 SSL_free(tls->ssl);
334 if (tls)
335 tor_free(tls->address);
336 tor_free(tls);
337 }
338
339 #ifndef OPENSSL_OPAQUE
340 static void
341 test_tortls_get_error(void *ignored)
342 {
343 (void)ignored;
344 tor_tls_t *tls;
345 int ret;
346 SSL_CTX *ctx;
347
348 library_init();
349
350 ctx = SSL_CTX_new(SSLv23_method());
351 setup_capture_of_logs(LOG_INFO);
352 tls = tor_malloc_zero(sizeof(tor_tls_t));
353 tls->ssl = SSL_new(ctx);
354 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
355
356 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
357 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
358 expect_log_msg("TLS error: unexpected close while"
359 " something (before/accept initialization)\n");
360
361 mock_clean_saved_logs();
362 ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
363 tt_int_op(ret, OP_EQ, 0);
364 expect_no_log_entry();
365
366 mock_clean_saved_logs();
367 ret = tor_tls_get_error(tls, 0, 1, "something", LOG_WARN, 0);
368 tt_int_op(ret, OP_EQ, -11);
369 expect_no_log_entry();
370
371 mock_clean_saved_logs();
372 ERR_clear_error();
373 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
374 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
375 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
376 expect_log_msg("TLS error while something: (null)"
377 " (in bignum routines:(null):before/accept initialization)\n");
378
379 mock_clean_saved_logs();
380 ERR_clear_error();
381 tls->ssl->rwstate = SSL_READING;
382 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
383 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
384 tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
385 expect_no_log_entry();
386
387 mock_clean_saved_logs();
388 ERR_clear_error();
389 tls->ssl->rwstate = SSL_READING;
390 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
391 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
392 tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
393 expect_no_log_entry();
394
395 mock_clean_saved_logs();
396 ERR_clear_error();
397 tls->ssl->rwstate = 0;
398 tls->ssl->shutdown = SSL_RECEIVED_SHUTDOWN;
399 tls->ssl->s3->warn_alert =SSL_AD_CLOSE_NOTIFY;
400 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
401 tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
402 expect_log_entry();
403
404 mock_clean_saved_logs();
405 ret = tor_tls_get_error(tls, 0, 2, "something", LOG_WARN, 0);
406 tt_int_op(ret, OP_EQ, -10);
407 expect_no_log_entry();
408
409 mock_clean_saved_logs();
410 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
411 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
412 tt_int_op(ret, OP_EQ, -9);
413 expect_log_msg("TLS error while something: (null) (in system library:"
414 "connect:before/accept initialization)\n");
415
416 done:
417 teardown_capture_of_logs();
418 SSL_free(tls->ssl);
419 tor_free(tls);
420 SSL_CTX_free(ctx);
421 }
422 #endif /* !defined(OPENSSL_OPAQUE) */
423
424 static void
425 test_tortls_always_accept_verify_cb(void *ignored)
426 {
427 (void)ignored;
428 int ret;
429
430 ret = always_accept_verify_cb(0, NULL);
431 tt_int_op(ret, OP_EQ, 1);
432
433 done:
434 (void)0;
435 }
436
437 #ifndef OPENSSL_OPAQUE
438 static void
439 test_tortls_x509_cert_free(void *ignored)
440 {
441 (void)ignored;
442 tor_x509_cert_t *cert;
443
444 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
445 tor_x509_cert_free(cert);
446
447 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
448 cert->cert = X509_new();
449 cert->encoded = tor_malloc_zero(1);
450 tor_x509_cert_free(cert);
451 }
452 #endif /* !defined(OPENSSL_OPAQUE) */
453
454 #ifndef OPENSSL_OPAQUE
455 /*
456 * Use only for the matching fake_x509_free() call
457 */
458 static X509 *
459 fake_x509_malloc(void)
460 {
461 return tor_malloc_zero(sizeof(X509));
462 }
463
464 static void
465 fake_x509_free(X509 *cert)
466 {
467 if (cert) {
468 if (cert->cert_info) {
469 if (cert->cert_info->key) {
470 if (cert->cert_info->key->pkey) {
471 tor_free(cert->cert_info->key->pkey);
472 }
473 tor_free(cert->cert_info->key);
474 }
475 tor_free(cert->cert_info);
476 }
477 tor_free(cert);
478 }
479 }
480 #endif
481
482 static tor_x509_cert_t *fixed_x509_cert = NULL;
483 static tor_x509_cert_t *
484 get_peer_cert_mock_return_fixed(tor_tls_t *tls)
485 {
486 (void)tls;
487 if (fixed_x509_cert)
488 return tor_x509_cert_dup(fixed_x509_cert);
489 else
490 return NULL;
491 }
492
493 static void
494 test_tortls_cert_matches_key(void *ignored)
495 {
496 (void)ignored;
497
498 X509 *cert1 = NULL, *cert2 = NULL, *cert3 = NULL, *cert4 = NULL;
499 tor_x509_cert_t *c1 = NULL, *c2 = NULL, *c3 = NULL, *c4 = NULL;
500 crypto_pk_t *k1 = NULL, *k2 = NULL, *k3 = NULL;
501
502 k1 = pk_generate(1);
503 k2 = pk_generate(2);
504 k3 = pk_generate(3);
505
506 cert1 = tor_tls_create_certificate(k1, k2, "A", "B", 1000);
507 cert2 = tor_tls_create_certificate(k1, k3, "C", "D", 1000);
508 cert3 = tor_tls_create_certificate(k2, k3, "C", "D", 1000);
509 cert4 = tor_tls_create_certificate(k3, k2, "E", "F", 1000);
510
511 tt_assert(cert1 && cert2 && cert3 && cert4);
512
513 c1 = tor_x509_cert_new(cert1); cert1 = NULL;
514 c2 = tor_x509_cert_new(cert2); cert2 = NULL;
515 c3 = tor_x509_cert_new(cert3); cert3 = NULL;
516 c4 = tor_x509_cert_new(cert4); cert4 = NULL;
517
518 tt_assert(c1 && c2 && c3 && c4);
519
520 MOCK(tor_tls_get_peer_cert, get_peer_cert_mock_return_fixed);
521
522 fixed_x509_cert = NULL;
523 /* If the peer has no certificate, it shouldn't match anything. */
524 tt_assert(! tor_tls_cert_matches_key(NULL, c1));
525 tt_assert(! tor_tls_cert_matches_key(NULL, c2));
526 tt_assert(! tor_tls_cert_matches_key(NULL, c3));
527 tt_assert(! tor_tls_cert_matches_key(NULL, c4));
528 fixed_x509_cert = c1;
529 /* If the peer has a certificate, it should match every cert with the same
530 * subject key. */
531 tt_assert(tor_tls_cert_matches_key(NULL, c1));
532 tt_assert(tor_tls_cert_matches_key(NULL, c2));
533 tt_assert(! tor_tls_cert_matches_key(NULL, c3));
534 tt_assert(! tor_tls_cert_matches_key(NULL, c4));
535
536 done:
537 tor_x509_cert_free(c1);
538 tor_x509_cert_free(c2);
539 tor_x509_cert_free(c3);
540 tor_x509_cert_free(c4);
541 if (cert1) X509_free(cert1);
542 if (cert2) X509_free(cert2);
543 if (cert3) X509_free(cert3);
544 if (cert4) X509_free(cert4);
545 crypto_pk_free(k1);
546 crypto_pk_free(k2);
547 crypto_pk_free(k3);
548 UNMOCK(tor_tls_get_peer_cert);
549 }
550
551 #ifndef OPENSSL_OPAQUE
552 static void
553 test_tortls_cert_get_key(void *ignored)
554 {
555 (void)ignored;
556 tor_x509_cert_t *cert = NULL;
557 crypto_pk_t *res = NULL;
558 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
559 X509 *key = NULL;
560 key = fake_x509_malloc();
561 key->references = 1;
562
563 res = tor_tls_cert_get_key(cert);
564 tt_assert(!res);
565
566 cert->cert = key;
567 key->cert_info = tor_malloc_zero(sizeof(X509_CINF));
568 key->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
569 key->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
570 key->cert_info->key->pkey->references = 1;
571 key->cert_info->key->pkey->type = 2;
572 res = tor_tls_cert_get_key(cert);
573 tt_assert(!res);
574
575 done:
576 fake_x509_free(key);
577 tor_free(cert);
578 crypto_pk_free(res);
579 }
580 #endif /* !defined(OPENSSL_OPAQUE) */
581
582 static void
583 test_tortls_get_my_client_auth_key(void *ignored)
584 {
585 (void)ignored;
586 crypto_pk_t *ret;
587 crypto_pk_t *expected;
588 tor_tls_context_t *ctx;
589 RSA *k = RSA_new();
590
591 ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
592 expected = crypto_new_pk_from_openssl_rsa_(k);
593 ctx->auth_key = expected;
594
595 client_tls_context = NULL;
596 ret = tor_tls_get_my_client_auth_key();
597 tt_assert(!ret);
598
599 client_tls_context = ctx;
600 ret = tor_tls_get_my_client_auth_key();
601 tt_assert(ret == expected);
602
603 done:
604 crypto_pk_free(expected);
605 tor_free(ctx);
606 }
607
608 #ifndef HAVE_SSL_GET_CLIENT_CIPHERS
609 static SSL_CIPHER *
610 get_cipher_by_name(const char *name)
611 {
612 int i;
613 const SSL_METHOD *method = SSLv23_method();
614 int num = method->num_ciphers();
615
616 for (i = 0; i < num; ++i) {
617 const SSL_CIPHER *cipher = method->get_cipher(i);
618 const char *ciphername = SSL_CIPHER_get_name(cipher);
619 if (!strcmp(ciphername, name)) {
620 return (SSL_CIPHER *)cipher;
621 }
622 }
623
624 return NULL;
625 }
626 #endif /* !defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
627
628 #ifndef OPENSSL_OPAQUE
629 static void
630 test_tortls_get_ciphersuite_name(void *ignored)
631 {
632 (void)ignored;
633 const char *ret;
634 tor_tls_t *ctx;
635 ctx = tor_malloc_zero(sizeof(tor_tls_t));
636 ctx->ssl = tor_malloc_zero(sizeof(SSL));
637
638 ret = tor_tls_get_ciphersuite_name(ctx);
639 tt_str_op(ret, OP_EQ, "(NONE)");
640
641 done:
642 tor_free(ctx->ssl);
643 tor_free(ctx);
644 }
645
646 static SSL_CIPHER *
647 get_cipher_by_id(uint16_t id)
648 {
649 int i;
650 const SSL_METHOD *method = SSLv23_method();
651 int num = method->num_ciphers();
652 for (i = 0; i < num; ++i) {
653 const SSL_CIPHER *cipher = method->get_cipher(i);
654 if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
655 return (SSL_CIPHER *)cipher;
656 }
657 }
658
659 return NULL;
660 }
661
662 static void
663 test_tortls_classify_client_ciphers(void *ignored)
664 {
665 (void)ignored;
666 int i;
667 int ret;
668 SSL_CTX *ctx;
669 SSL *ssl;
670 tor_tls_t *tls;
671 STACK_OF(SSL_CIPHER) *ciphers;
672 SSL_CIPHER *tmp_cipher;
673
674 library_init();
675
676 tor_tls_allocate_tor_tls_object_ex_data_index();
677
678 tls = tor_malloc_zero(sizeof(tor_tls_t));
679 tls->magic = TOR_TLS_MAGIC;
680
681 ctx = SSL_CTX_new(TLSv1_method());
682 ssl = SSL_new(ctx);
683 tls->ssl = ssl;
684
685 ciphers = sk_SSL_CIPHER_new_null();
686
687 ret = tor_tls_classify_client_ciphers(ssl, NULL);
688 tt_int_op(ret, OP_EQ, -1);
689
690 SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
691 tls->client_cipher_list_type = 42;
692
693 ret = tor_tls_classify_client_ciphers(ssl, NULL);
694 tt_int_op(ret, OP_EQ, 42);
695
696 tls->client_cipher_list_type = 0;
697 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
698 tt_int_op(ret, OP_EQ, 1);
699 tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
700
701 tls->client_cipher_list_type = 0;
702 ret = tor_tls_classify_client_ciphers(ssl, SSL_get_ciphers(ssl));
703 tt_int_op(ret, OP_EQ, 3);
704 tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
705
706 SSL_CIPHER *one = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_128_SHA),
707 *two = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA),
708 *three = get_cipher_by_name(SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA),
709 *four = NULL;
710 sk_SSL_CIPHER_push(ciphers, one);
711 sk_SSL_CIPHER_push(ciphers, two);
712 sk_SSL_CIPHER_push(ciphers, three);
713 sk_SSL_CIPHER_push(ciphers, four);
714
715 tls->client_cipher_list_type = 0;
716 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
717 tt_int_op(ret, OP_EQ, 1);
718 tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
719
720 sk_SSL_CIPHER_zero(ciphers);
721
722 one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
723 tt_assert(one);
724 one->id = 0x00ff;
725 two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
726 tt_assert(two);
727 two->id = 0x0000;
728 sk_SSL_CIPHER_push(ciphers, one);
729 tls->client_cipher_list_type = 0;
730 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
731 tt_int_op(ret, OP_EQ, 3);
732 tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
733
734 sk_SSL_CIPHER_push(ciphers, two);
735 tls->client_cipher_list_type = 0;
736 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
737 tt_int_op(ret, OP_EQ, 3);
738 tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
739
740 one->id = 0xC00A;
741 tls->client_cipher_list_type = 0;
742 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
743 tt_int_op(ret, OP_EQ, 3);
744 tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
745
746 sk_SSL_CIPHER_zero(ciphers);
747 for (i=0; v2_cipher_list[i]; i++) {
748 tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
749 tt_assert(tmp_cipher);
750 sk_SSL_CIPHER_push(ciphers, tmp_cipher);
751 }
752 tls->client_cipher_list_type = 0;
753 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
754 tt_int_op(ret, OP_EQ, 2);
755 tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
756
757 done:
758 sk_SSL_CIPHER_free(ciphers);
759 SSL_free(tls->ssl);
760 tor_free(tls);
761 SSL_CTX_free(ctx);
762 }
763 #endif /* !defined(OPENSSL_OPAQUE) */
764
765 static void
766 test_tortls_client_is_using_v2_ciphers(void *ignored)
767 {
768 (void)ignored;
769
770 #ifdef HAVE_SSL_GET_CLIENT_CIPHERS
771 tt_skip();
772 done:
773 (void)1;
774 #else
775 int ret;
776 SSL_CTX *ctx;
777 SSL *ssl;
778 SSL_SESSION *sess;
779 STACK_OF(SSL_CIPHER) *ciphers;
780
781 library_init();
782
783 ctx = SSL_CTX_new(TLSv1_method());
784 ssl = SSL_new(ctx);
785 sess = SSL_SESSION_new();
786
787 ret = tor_tls_client_is_using_v2_ciphers(ssl);
788 tt_int_op(ret, OP_EQ, -1);
789
790 ssl->session = sess;
791 ret = tor_tls_client_is_using_v2_ciphers(ssl);
792 tt_int_op(ret, OP_EQ, 0);
793
794 ciphers = sk_SSL_CIPHER_new_null();
795 SSL_CIPHER *one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
796 tt_assert(one);
797 one->id = 0x00ff;
798 sk_SSL_CIPHER_push(ciphers, one);
799 sess->ciphers = ciphers;
800 ret = tor_tls_client_is_using_v2_ciphers(ssl);
801 tt_int_op(ret, OP_EQ, 1);
802 done:
803 SSL_free(ssl);
804 SSL_CTX_free(ctx);
805 #endif /* defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
806 }
807
808 #ifndef OPENSSL_OPAQUE
809 static int fixed_ssl_pending_result = 0;
810
811 static int
812 fixed_ssl_pending(const SSL *ignored)
813 {
814 (void)ignored;
815 return fixed_ssl_pending_result;
816 }
817
818 static void
819 test_tortls_get_pending_bytes(void *ignored)
820 {
821 (void)ignored;
822 int ret;
823 tor_tls_t *tls;
824 SSL_METHOD *method;
825
826 tls = tor_malloc_zero(sizeof(tor_tls_t));
827 tls->ssl = tor_malloc_zero(sizeof(SSL));
828 method = tor_malloc_zero(sizeof(SSL_METHOD));
829 method->ssl_pending = fixed_ssl_pending;
830 tls->ssl->method = method;
831
832 fixed_ssl_pending_result = 42;
833 ret = tor_tls_get_pending_bytes(tls);
834 tt_int_op(ret, OP_EQ, 42);
835
836 done:
837 tor_free(method);
838 tor_free(tls->ssl);
839 tor_free(tls);
840 }
841 #endif /* !defined(OPENSSL_OPAQUE) */
842
843 #ifndef OPENSSL_OPAQUE
844 static void
845 test_tortls_SSL_SESSION_get_master_key(void *ignored)
846 {
847 (void)ignored;
848 size_t ret;
849 tor_tls_t *tls;
850 uint8_t *out;
851 out = tor_malloc_zero(1);
852 tls = tor_malloc_zero(sizeof(tor_tls_t));
853 tls->ssl = tor_malloc_zero(sizeof(SSL));
854 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
855 tls->ssl->session->master_key_length = 1;
856
857 #ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
858 tls->ssl->session->master_key[0] = 43;
859 ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 0);
860 tt_int_op(ret, OP_EQ, 1);
861 tt_int_op(out[0], OP_EQ, 0);
862
863 ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 1);
864 tt_int_op(ret, OP_EQ, 1);
865 tt_int_op(out[0], OP_EQ, 43);
866
867 done:
868 #endif /* !defined(HAVE_SSL_SESSION_GET_MASTER_KEY) */
869 tor_free(tls->ssl->session);
870 tor_free(tls->ssl);
871 tor_free(tls);
872 tor_free(out);
873 }
874 #endif /* !defined(OPENSSL_OPAQUE) */
875
876 #ifndef OPENSSL_OPAQUE
877 static void
878 test_tortls_get_tlssecrets(void *ignored)
879 {
880 (void)ignored;
881 int ret;
882 uint8_t *secret_out = tor_malloc_zero(DIGEST256_LEN);
883 tor_tls_t *tls;
884 tls = tor_malloc_zero(sizeof(tor_tls_t));
885 tls->ssl = tor_malloc_zero(sizeof(SSL));
886 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
887 tls->ssl->session->master_key_length = 1;
888 tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
889
890 ret = tor_tls_get_tlssecrets(tls, secret_out);
891 tt_int_op(ret, OP_EQ, 0);
892
893 done:
894 tor_free(secret_out);
895 tor_free(tls->ssl->s3);
896 tor_free(tls->ssl->session);
897 tor_free(tls->ssl);
898 tor_free(tls);
899 }
900 #endif /* !defined(OPENSSL_OPAQUE) */
901
902 #ifndef OPENSSL_OPAQUE
903 static void
904 test_tortls_get_buffer_sizes(void *ignored)
905 {
906 (void)ignored;
907 int ret;
908 tor_tls_t *tls;
909 size_t rbuf_c=-1, rbuf_b=-1, wbuf_c=-1, wbuf_b=-1;
910
911 tls = tor_malloc_zero(sizeof(tor_tls_t));
912 tls->ssl = tor_malloc_zero(sizeof(SSL));
913 tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
914
915 tls->ssl->s3->rbuf.buf = NULL;
916 tls->ssl->s3->rbuf.len = 1;
917 tls->ssl->s3->rbuf.offset = 0;
918 tls->ssl->s3->rbuf.left = 42;
919
920 tls->ssl->s3->wbuf.buf = NULL;
921 tls->ssl->s3->wbuf.len = 2;
922 tls->ssl->s3->wbuf.offset = 0;
923 tls->ssl->s3->wbuf.left = 43;
924
925 ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
926 #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
927 tt_int_op(ret, OP_EQ, -1);
928 #else
929 tt_int_op(ret, OP_EQ, 0);
930 tt_int_op(rbuf_c, OP_EQ, 0);
931 tt_int_op(wbuf_c, OP_EQ, 0);
932 tt_int_op(rbuf_b, OP_EQ, 42);
933 tt_int_op(wbuf_b, OP_EQ, 43);
934
935 tls->ssl->s3->rbuf.buf = tor_malloc_zero(1);
936 tls->ssl->s3->wbuf.buf = tor_malloc_zero(1);
937 ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
938 tt_int_op(ret, OP_EQ, 0);
939 tt_int_op(rbuf_c, OP_EQ, 1);
940 tt_int_op(wbuf_c, OP_EQ, 2);
941
942 #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) */
943
944 done:
945 tor_free(tls->ssl->s3->rbuf.buf);
946 tor_free(tls->ssl->s3->wbuf.buf);
947 tor_free(tls->ssl->s3);
948 tor_free(tls->ssl);
949 tor_free(tls);
950 }
951 #endif /* !defined(OPENSSL_OPAQUE) */
952
953 #ifndef OPENSSL_OPAQUE
954 typedef struct cert_pkey_st_local
955 {
956 X509 *x509;
957 EVP_PKEY *privatekey;
958 const EVP_MD *digest;
959 } CERT_PKEY_local;
960
961 typedef struct sess_cert_st_local
962 {
963 STACK_OF(X509) *cert_chain;
964 int peer_cert_type;
965 CERT_PKEY_local *peer_key;
966 CERT_PKEY_local peer_pkeys[8];
967 int references;
968 } SESS_CERT_local;
969
970 static void
971 test_tortls_try_to_extract_certs_from_tls(void *ignored)
972 {
973 (void)ignored;
974 tor_tls_t *tls;
975 X509 *cert = NULL, *id_cert = NULL, *c1 = NULL, *c2 = NULL;
976 SESS_CERT_local *sess = NULL;
977
978 c1 = read_cert_from(validCertString);
979 c2 = read_cert_from(caCertString);
980
981 tls = tor_malloc_zero(sizeof(tor_tls_t));
982 tls->ssl = tor_malloc_zero(sizeof(SSL));
983 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
984 sess = tor_malloc_zero(sizeof(SESS_CERT_local));
985 tls->ssl->session->sess_cert = (void *)sess;
986
987 try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
988 tt_assert(!cert);
989 tt_assert(!id_cert);
990
991 tls->ssl->session->peer = c1;
992 try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
993 tt_assert(cert == c1);
994 tt_assert(!id_cert);
995 X509_free(cert); /* decrease refcnt */
996
997 sess->cert_chain = sk_X509_new_null();
998 try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
999 tt_assert(cert == c1);
1000 tt_assert(!id_cert);
1001 X509_free(cert); /* decrease refcnt */
1002
1003 sk_X509_push(sess->cert_chain, c1);
1004 sk_X509_push(sess->cert_chain, c2);
1005
1006 try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
1007 tt_assert(cert == c1);
1008 tt_assert(id_cert);
1009 X509_free(cert); /* decrease refcnt */
1010 X509_free(id_cert); /* decrease refcnt */
1011
1012 done:
1013 sk_X509_free(sess->cert_chain);
1014 tor_free(sess);
1015 tor_free(tls->ssl->session);
1016 tor_free(tls->ssl);
1017 tor_free(tls);
1018 X509_free(c1);
1019 X509_free(c2);
1020 }
1021 #endif /* !defined(OPENSSL_OPAQUE) */
1022
1023 #ifndef OPENSSL_OPAQUE
1024 static void
1025 test_tortls_get_peer_cert(void *ignored)
1026 {
1027 (void)ignored;
1028 tor_x509_cert_t *ret;
1029 tor_tls_t *tls;
1030 X509 *cert = NULL;
1031
1032 cert = read_cert_from(validCertString);
1033
1034 tls = tor_malloc_zero(sizeof(tor_tls_t));
1035 tls->ssl = tor_malloc_zero(sizeof(SSL));
1036 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
1037
1038 ret = tor_tls_get_peer_cert(tls);
1039 tt_assert(!ret);
1040
1041 tls->ssl->session->peer = cert;
1042 ret = tor_tls_get_peer_cert(tls);
1043 tt_assert(ret);
1044 tt_assert(ret->cert == cert);
1045
1046 done:
1047 tor_x509_cert_free(ret);
1048 tor_free(tls->ssl->session);
1049 tor_free(tls->ssl);
1050 tor_free(tls);
1051 X509_free(cert);
1052 }
1053 #endif /* !defined(OPENSSL_OPAQUE) */
1054
1055 #ifndef OPENSSL_OPAQUE
1056 static void
1057 test_tortls_peer_has_cert(void *ignored)
1058 {
1059 (void)ignored;
1060 int ret;
1061 tor_tls_t *tls;
1062 X509 *cert = NULL;
1063
1064 cert = read_cert_from(validCertString);
1065
1066 tls = tor_malloc_zero(sizeof(tor_tls_t));
1067 tls->ssl = tor_malloc_zero(sizeof(SSL));
1068 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
1069
1070 ret = tor_tls_peer_has_cert(tls);
1071 tt_assert(!ret);
1072
1073 tls->ssl->session->peer = cert;
1074 ret = tor_tls_peer_has_cert(tls);
1075 tt_assert(ret);
1076
1077 done:
1078 tor_free(tls->ssl->session);
1079 tor_free(tls->ssl);
1080 tor_free(tls);
1081 X509_free(cert);
1082 }
1083 #endif /* !defined(OPENSSL_OPAQUE) */
1084
1085 static void
1086 test_tortls_get_write_overhead_ratio(void *ignored)
1087 {
1088 (void)ignored;
1089 double ret;
1090
1091 total_bytes_written_over_tls = 0;
1092 ret = tls_get_write_overhead_ratio();
1093 tt_double_op(fabs(ret - 1.0), OP_LT, 1E-12);
1094
1095 total_bytes_written_by_tls = 10;
1096 total_bytes_written_over_tls = 1;
1097 ret = tls_get_write_overhead_ratio();
1098 tt_double_op(fabs(ret - 10.0), OP_LT, 1E-12);
1099
1100 total_bytes_written_by_tls = 10;
1101 total_bytes_written_over_tls = 2;
1102 ret = tls_get_write_overhead_ratio();
1103 tt_double_op(fabs(ret - 5.0), OP_LT, 1E-12);
1104
1105 done:
1106 (void)0;
1107 }
1108
1109 static void
1110 test_tortls_is_server(void *ignored)
1111 {
1112 (void)ignored;
1113 tor_tls_t *tls;
1114 int ret;
1115
1116 tls = tor_malloc_zero(sizeof(tor_tls_t));
1117 tls->isServer = 1;
1118 ret = tor_tls_is_server(tls);
1119 tt_int_op(ret, OP_EQ, 1);
1120
1121 done:
1122 tor_free(tls);
1123 }
1124
1125 #ifndef OPENSSL_OPAQUE
1126 static void
1127 test_tortls_session_secret_cb(void *ignored)
1128 {
1129 (void)ignored;
1130 tor_tls_t *tls;
1131 SSL_CTX *ctx;
1132 STACK_OF(SSL_CIPHER) *ciphers = NULL;
1133 SSL_CIPHER *one;
1134
1135 library_init();
1136
1137 tor_tls_allocate_tor_tls_object_ex_data_index();
1138
1139 tls = tor_malloc_zero(sizeof(tor_tls_t));
1140
1141 tls->magic = TOR_TLS_MAGIC;
1142
1143 ctx = SSL_CTX_new(TLSv1_method());
1144 tls->ssl = SSL_new(ctx);
1145 SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
1146
1147 SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
1148
1149 tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
1150 tt_assert(!tls->ssl->tls_session_secret_cb);
1151
1152 one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
1153 one->id = 0x00ff;
1154 ciphers = sk_SSL_CIPHER_new_null();
1155 sk_SSL_CIPHER_push(ciphers, one);
1156
1157 tls->client_cipher_list_type = 0;
1158 tor_tls_session_secret_cb(tls->ssl, NULL, NULL, ciphers, NULL, NULL);
1159 tt_assert(!tls->ssl->tls_session_secret_cb);
1160
1161 done:
1162 sk_SSL_CIPHER_free(ciphers);
1163 SSL_free(tls->ssl);
1164 SSL_CTX_free(ctx);
1165 tor_free(tls);
1166 }
1167 #endif /* !defined(OPENSSL_OPAQUE) */
1168
1169 #ifndef OPENSSL_OPAQUE
1170 /* TODO: It seems block_renegotiation and unblock_renegotiation and
1171 * using different blags. This might not be correct */
1172 static void
1173 test_tortls_block_renegotiation(void *ignored)
1174 {
1175 (void)ignored;
1176 tor_tls_t *tls;
1177
1178 tls = tor_malloc_zero(sizeof(tor_tls_t));
1179 tls->ssl = tor_malloc_zero(sizeof(SSL));
1180 tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
1181 #ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
1182 #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
1183 #endif
1184
1185 tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
1186
1187 tor_tls_block_renegotiation(tls);
1188
1189 #ifndef OPENSSL_1_1_API
1190 tt_assert(!(tls->ssl->s3->flags &
1191 SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
1192 #endif
1193
1194 done:
1195 tor_free(tls->ssl->s3);
1196 tor_free(tls->ssl);
1197 tor_free(tls);
1198 }
1199
1200 static void
1201 test_tortls_unblock_renegotiation(void *ignored)
1202 {
1203 (void)ignored;
1204 tor_tls_t *tls;
1205
1206 tls = tor_malloc_zero(sizeof(tor_tls_t));
1207 tls->ssl = tor_malloc_zero(sizeof(SSL));
1208 tor_tls_unblock_renegotiation(tls);
1209
1210 tt_uint_op(SSL_get_options(tls->ssl) &
1211 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ,
1212 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
1213
1214 done:
1215 tor_free(tls->ssl);
1216 tor_free(tls);
1217 }
1218 #endif /* !defined(OPENSSL_OPAQUE) */
1219
1220 #ifndef OPENSSL_OPAQUE
1221 static void
1222 test_tortls_assert_renegotiation_unblocked(void *ignored)
1223 {
1224 (void)ignored;
1225 tor_tls_t *tls;
1226
1227 tls = tor_malloc_zero(sizeof(tor_tls_t));
1228 tls->ssl = tor_malloc_zero(sizeof(SSL));
1229 tor_tls_unblock_renegotiation(tls);
1230 tor_tls_assert_renegotiation_unblocked(tls);
1231 /* No assertion here - this test will fail if tor_assert is turned on
1232 * and things are bad. */
1233
1234 tor_free(tls->ssl);
1235 tor_free(tls);
1236 }
1237 #endif /* !defined(OPENSSL_OPAQUE) */
1238
1239 static void
1240 test_tortls_set_logged_address(void *ignored)
1241 {
1242 (void)ignored;
1243 tor_tls_t *tls;
1244
1245 tls = tor_malloc_zero(sizeof(tor_tls_t));
1246
1247 tor_tls_set_logged_address(tls, "foo bar");
1248
1249 tt_str_op(tls->address, OP_EQ, "foo bar");
1250
1251 tor_tls_set_logged_address(tls, "foo bar 2");
1252 tt_str_op(tls->address, OP_EQ, "foo bar 2");
1253
1254 done:
1255 tor_free(tls->address);
1256 tor_free(tls);
1257 }
1258
1259 #ifndef OPENSSL_OPAQUE
1260 static void
1261 example_cb(tor_tls_t *t, void *arg)
1262 {
1263 (void)t;
1264 (void)arg;
1265 }
1266
1267 static void
1268 test_tortls_set_renegotiate_callback(void *ignored)
1269 {
1270 (void)ignored;
1271 tor_tls_t *tls;
1272 const char *arg = "hello";
1273
1274 tls = tor_malloc_zero(sizeof(tor_tls_t));
1275 tls->ssl = tor_malloc_zero(sizeof(SSL));
1276
1277 tor_tls_set_renegotiate_callback(tls, example_cb, (void*)arg);
1278 tt_assert(tls->negotiated_callback == example_cb);
1279 tt_assert(tls->callback_arg == arg);
1280 tt_assert(!tls->got_renegotiate);
1281
1282 /* Assumes V2_HANDSHAKE_SERVER */
1283 tt_assert(tls->ssl->info_callback == tor_tls_server_info_callback);
1284
1285 tor_tls_set_renegotiate_callback(tls, NULL, (void*)arg);
1286 tt_assert(tls->ssl->info_callback == tor_tls_debug_state_callback);
1287
1288 done:
1289 tor_free(tls->ssl);
1290 tor_free(tls);
1291 }
1292 #endif /* !defined(OPENSSL_OPAQUE) */
1293
1294 #ifndef OPENSSL_OPAQUE
1295 static SSL_CIPHER *fixed_cipher1 = NULL;
1296 static SSL_CIPHER *fixed_cipher2 = NULL;
1297 static const SSL_CIPHER *
1298 fake_get_cipher(unsigned ncipher)
1299 {
1300
1301 switch (ncipher) {
1302 case 1:
1303 return fixed_cipher1;
1304 case 2:
1305 return fixed_cipher2;
1306 default:
1307 return NULL;
1308 }
1309 }
1310 #endif /* !defined(OPENSSL_OPAQUE) */
1311
1312 #ifndef OPENSSL_OPAQUE
1313 static void
1314 test_tortls_find_cipher_by_id(void *ignored)
1315 {
1316 (void)ignored;
1317 int ret;
1318 SSL *ssl;
1319 SSL_CTX *ctx;
1320 const SSL_METHOD *m = TLSv1_method();
1321 SSL_METHOD *empty_method = tor_malloc_zero(sizeof(SSL_METHOD));
1322
1323 fixed_cipher1 = tor_malloc_zero(sizeof(SSL_CIPHER));
1324 fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
1325 fixed_cipher2->id = 0xC00A;
1326
1327 library_init();
1328
1329 ctx = SSL_CTX_new(m);
1330 ssl = SSL_new(ctx);
1331
1332 ret = find_cipher_by_id(ssl, NULL, 0xC00A);
1333 tt_int_op(ret, OP_EQ, 1);
1334
1335 ret = find_cipher_by_id(ssl, m, 0xC00A);
1336 tt_int_op(ret, OP_EQ, 1);
1337
1338 ret = find_cipher_by_id(ssl, m, 0xFFFF);
1339 tt_int_op(ret, OP_EQ, 0);
1340
1341 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1342 tt_int_op(ret, OP_EQ, 1);
1343
1344 ret = find_cipher_by_id(ssl, empty_method, 0xFFFF);
1345 #ifdef HAVE_SSL_CIPHER_FIND
1346 tt_int_op(ret, OP_EQ, 0);
1347 #else
1348 tt_int_op(ret, OP_EQ, 1);
1349 #endif
1350
1351 empty_method->get_cipher = fake_get_cipher;
1352 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1353 tt_int_op(ret, OP_EQ, 1);
1354
1355 empty_method->get_cipher = m->get_cipher;
1356 empty_method->num_ciphers = m->num_ciphers;
1357 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1358 tt_int_op(ret, OP_EQ, 1);
1359
1360 empty_method->get_cipher = fake_get_cipher;
1361 empty_method->num_ciphers = m->num_ciphers;
1362 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1363 tt_int_op(ret, OP_EQ, 1);
1364
1365 empty_method->num_ciphers = fake_num_ciphers;
1366 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1367 #ifdef HAVE_SSL_CIPHER_FIND
1368 tt_int_op(ret, OP_EQ, 1);
1369 #else
1370 tt_int_op(ret, OP_EQ, 0);
1371 #endif
1372
1373 done:
1374 tor_free(empty_method);
1375 SSL_free(ssl);
1376 SSL_CTX_free(ctx);
1377 tor_free(fixed_cipher1);
1378 }
1379 #endif /* !defined(OPENSSL_OPAQUE) */
1380
1381 #ifndef OPENSSL_OPAQUE
1382 static void
1383 test_tortls_debug_state_callback(void *ignored)
1384 {
1385 (void)ignored;
1386 SSL *ssl;
1387 char *buf = tor_malloc_zero(1000);
1388 int n;
1389
1390 setup_capture_of_logs(LOG_DEBUG);
1391
1392 ssl = tor_malloc_zero(sizeof(SSL));
1393
1394 tor_tls_debug_state_callback(ssl, 32, 45);
1395
1396 n = tor_snprintf(buf, 1000, "SSL %p is now in state unknown"
1397 " state [type=32,val=45].\n", ssl);
1398 /* tor's snprintf returns -1 on error */
1399 tt_int_op(n, OP_NE, -1);
1400 expect_log_msg(buf);
1401
1402 done:
1403 teardown_capture_of_logs();
1404 tor_free(buf);
1405 tor_free(ssl);
1406 }
1407 #endif /* !defined(OPENSSL_OPAQUE) */
1408
1409 #ifndef OPENSSL_OPAQUE
1410 static void
1411 test_tortls_server_info_callback(void *ignored)
1412 {
1413 (void)ignored;
1414 tor_tls_t *tls;
1415 SSL_CTX *ctx;
1416 SSL *ssl;
1417
1418 library_init();
1419
1420 ctx = SSL_CTX_new(TLSv1_method());
1421 ssl = SSL_new(ctx);
1422
1423 tor_tls_allocate_tor_tls_object_ex_data_index();
1424
1425 tls = tor_malloc_zero(sizeof(tor_tls_t));
1426 tls->magic = TOR_TLS_MAGIC;
1427 tls->ssl = ssl;
1428
1429 setup_full_capture_of_logs(LOG_WARN);
1430 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_A);
1431 mock_clean_saved_logs();
1432 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1433 expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
1434
1435 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
1436 mock_clean_saved_logs();
1437 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1438 expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
1439
1440 SSL_set_state(ssl, 99);
1441 mock_clean_saved_logs();
1442 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1443 expect_no_log_entry();
1444 teardown_capture_of_logs();
1445
1446 SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
1447 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
1448 tls->negotiated_callback = 0;
1449 //tls->server_handshake_count = 120;
1450 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1451 //tt_int_op(tls->server_handshake_count, OP_EQ, 121);
1452
1453 //tls->server_handshake_count = 127;
1454 tls->negotiated_callback = (void *)1;
1455 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1456 //tt_int_op(tls->server_handshake_count, OP_EQ, 127);
1457 tt_int_op(tls->got_renegotiate, OP_EQ, 1);
1458
1459 tls->ssl->session = SSL_SESSION_new();
1460 tls->wasV2Handshake = 0;
1461 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1462 tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
1463
1464 done:
1465 teardown_capture_of_logs();
1466 SSL_free(ssl);
1467 SSL_CTX_free(ctx);
1468 tor_free(tls);
1469 }
1470 #endif /* !defined(OPENSSL_OPAQUE) */
1471
1472 #ifndef OPENSSL_OPAQUE
1473 static int fixed_ssl_read_result_index;
1474 static int fixed_ssl_read_result[5];
1475
1476 static int
1477 fixed_ssl_read(SSL *s, void *buf, int len)
1478 {
1479 (void)s;
1480 (void)buf;
1481 (void)len;
1482 return fixed_ssl_read_result[fixed_ssl_read_result_index++];
1483 }
1484
1485 static int
1486 dummy_handshake_func(SSL *s)
1487 {
1488 (void)s;
1489 return 1;
1490 }
1491
1492 static int negotiated_callback_called;
1493
1494 static void
1495 negotiated_callback_setter(tor_tls_t *t, void *arg)
1496 {
1497 (void)t;
1498 (void)arg;
1499 negotiated_callback_called++;
1500 }
1501
1502 static void
1503 test_tortls_read(void *ignored)
1504 {
1505 (void)ignored;
1506 int ret;
1507 tor_tls_t *tls;
1508 char buf[100];
1509 SSL_METHOD *method = give_me_a_test_method();
1510 setup_capture_of_logs(LOG_WARN);
1511
1512 tls = tor_malloc_zero(sizeof(tor_tls_t));
1513 tls->ssl = tor_malloc_zero(sizeof(SSL));
1514 tls->state = TOR_TLS_ST_OPEN;
1515
1516 ret = tor_tls_read(tls, buf, 10);
1517 tt_int_op(ret, OP_EQ, -9);
1518
1519 /* These tests assume that V2_HANDSHAKE_SERVER is set */
1520 tls->ssl->handshake_func = dummy_handshake_func;
1521 tls->ssl->method = method;
1522 method->ssl_read = fixed_ssl_read;
1523 fixed_ssl_read_result_index = 0;
1524 fixed_ssl_read_result[0] = 42;
1525 tls->state = TOR_TLS_ST_OPEN;
1526 ERR_clear_error();
1527 ret = tor_tls_read(tls, buf, 10);
1528 tt_int_op(ret, OP_EQ, 42);
1529
1530 tls->state = TOR_TLS_ST_OPEN;
1531 tls->got_renegotiate = 1;
1532 fixed_ssl_read_result_index = 0;
1533 ERR_clear_error();
1534 ret = tor_tls_read(tls, buf, 10);
1535 tt_int_op(tls->got_renegotiate, OP_EQ, 0);
1536
1537 tls->state = TOR_TLS_ST_OPEN;
1538 tls->got_renegotiate = 1;
1539 negotiated_callback_called = 0;
1540 tls->negotiated_callback = negotiated_callback_setter;
1541 fixed_ssl_read_result_index = 0;
1542 ERR_clear_error();
1543 ret = tor_tls_read(tls, buf, 10);
1544 tt_int_op(negotiated_callback_called, OP_EQ, 1);
1545
1546 #ifndef LIBRESSL_VERSION_NUMBER
1547 fixed_ssl_read_result_index = 0;
1548 fixed_ssl_read_result[0] = 0;
1549 tls->ssl->version = SSL2_VERSION;
1550 ERR_clear_error();
1551 ret = tor_tls_read(tls, buf, 10);
1552 tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
1553 tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
1554 #endif /* !defined(LIBRESSL_VERSION_NUMBER) */
1555 // TODO: fill up
1556
1557 done:
1558 teardown_capture_of_logs();
1559 tor_free(tls->ssl);
1560 tor_free(tls);
1561 tor_free(method);
1562 }
1563
1564 static int fixed_ssl_write_result;
1565
1566 static int
1567 fixed_ssl_write(SSL *s, const void *buf, int len)
1568 {
1569 (void)s;
1570 (void)buf;
1571 (void)len;
1572 return fixed_ssl_write_result;
1573 }
1574
1575 static void
1576 test_tortls_write(void *ignored)
1577 {
1578 (void)ignored;
1579 int ret;
1580 tor_tls_t *tls;
1581 SSL_METHOD *method = give_me_a_test_method();
1582 char buf[100];
1583 setup_capture_of_logs(LOG_WARN);
1584
1585 tls = tor_malloc_zero(sizeof(tor_tls_t));
1586 tls->ssl = tor_malloc_zero(sizeof(SSL));
1587 tls->state = TOR_TLS_ST_OPEN;
1588
1589 ret = tor_tls_write(tls, buf, 0);
1590 tt_int_op(ret, OP_EQ, 0);
1591
1592 ret = tor_tls_write(tls, buf, 10);
1593 tt_int_op(ret, OP_EQ, -9);
1594
1595 tls->ssl->method = method;
1596 tls->wantwrite_n = 1;
1597 ret = tor_tls_write(tls, buf, 10);
1598 tt_int_op(tls->wantwrite_n, OP_EQ, 0);
1599
1600 method->ssl_write = fixed_ssl_write;
1601 tls->ssl->handshake_func = dummy_handshake_func;
1602 fixed_ssl_write_result = 1;
1603 ERR_clear_error();
1604 ret = tor_tls_write(tls, buf, 10);
1605 tt_int_op(ret, OP_EQ, 1);
1606
1607 fixed_ssl_write_result = -1;
1608 ERR_clear_error();
1609 tls->ssl->rwstate = SSL_READING;
1610 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
1611 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
1612 ret = tor_tls_write(tls, buf, 10);
1613 tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
1614
1615 ERR_clear_error();
1616 tls->ssl->rwstate = SSL_READING;
1617 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
1618 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
1619 ret = tor_tls_write(tls, buf, 10);
1620 tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
1621
1622 done:
1623 teardown_capture_of_logs();
1624 BIO_free(tls->ssl->rbio);
1625 tor_free(tls->ssl);
1626 tor_free(tls);
1627 tor_free(method);
1628 }
1629 #endif /* !defined(OPENSSL_OPAQUE) */
1630
1631 #ifndef OPENSSL_OPAQUE
1632 static int fixed_ssl_accept_result;
1633 static int fixed_ssl_connect_result;
1634
1635 static int
1636 setting_error_ssl_accept(SSL *ssl)
1637 {
1638 (void)ssl;
1639 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
1640 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
1641 return fixed_ssl_accept_result;
1642 }
1643
1644 static int
1645 setting_error_ssl_connect(SSL *ssl)
1646 {
1647 (void)ssl;
1648 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
1649 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
1650 return fixed_ssl_connect_result;
1651 }
1652
1653 static int
1654 fixed_ssl_accept(SSL *ssl)
1655 {
1656 (void) ssl;
1657 return fixed_ssl_accept_result;
1658 }
1659
1660 static void
1661 test_tortls_handshake(void *ignored)
1662 {
1663 (void)ignored;
1664 int ret;
1665 tor_tls_t *tls;
1666 SSL_CTX *ctx;
1667 SSL_METHOD *method = give_me_a_test_method();
1668 setup_capture_of_logs(LOG_INFO);
1669
1670 SSL_library_init();
1671 SSL_load_error_strings();
1672
1673 ctx = SSL_CTX_new(TLSv1_method());
1674
1675 tls = tor_malloc_zero(sizeof(tor_tls_t));
1676 tls->ssl = SSL_new(ctx);
1677 tls->state = TOR_TLS_ST_HANDSHAKE;
1678
1679 ret = tor_tls_handshake(tls);
1680 tt_int_op(ret, OP_EQ, -9);
1681
1682 tls->isServer = 1;
1683 tls->state = TOR_TLS_ST_HANDSHAKE;
1684 ret = tor_tls_handshake(tls);
1685 tt_int_op(ret, OP_EQ, -9);
1686
1687 tls->ssl->method = method;
1688 method->ssl_accept = fixed_ssl_accept;
1689 fixed_ssl_accept_result = 2;
1690 ERR_clear_error();
1691 tls->state = TOR_TLS_ST_HANDSHAKE;
1692 ret = tor_tls_handshake(tls);
1693 tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_OPEN);
1694
1695 method->ssl_accept = setting_error_ssl_accept;
1696 fixed_ssl_accept_result = 1;
1697 ERR_clear_error();
1698 mock_clean_saved_logs();
1699 tls->state = TOR_TLS_ST_HANDSHAKE;
1700 ret = tor_tls_handshake(tls);
1701 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
1702 expect_log_entry();
1703 /* This fails on jessie. Investigate why! */
1704 #if 0
1705 expect_log_msg("TLS error while handshaking: (null) (in bignum routines:"
1706 "(null):SSLv3 write client hello B)\n");
1707 expect_log_msg("TLS error while handshaking: (null) (in system library:"
1708 "connect:SSLv3 write client hello B)\n");
1709 #endif /* 0 */
1710 expect_log_severity(LOG_INFO);
1711
1712 tls->isServer = 0;
1713 method->ssl_connect = setting_error_ssl_connect;
1714 fixed_ssl_connect_result = 1;
1715 ERR_clear_error();
1716 mock_clean_saved_logs();
1717 tls->state = TOR_TLS_ST_HANDSHAKE;
1718 ret = tor_tls_handshake(tls);
1719 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
1720 expect_log_entry();
1721 #if 0
1722 /* See above */
1723 expect_log_msg("TLS error while handshaking: "
1724 "(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
1725 expect_log_msg("TLS error while handshaking: "
1726 "(null) (in system library:connect:SSLv3 write client hello B)\n");
1727 #endif /* 0 */
1728 expect_log_severity(LOG_WARN);
1729
1730 done:
1731 teardown_capture_of_logs();
1732 SSL_free(tls->ssl);
1733 SSL_CTX_free(ctx);
1734 tor_free(tls);
1735 tor_free(method);
1736 }
1737 #endif /* !defined(OPENSSL_OPAQUE) */
1738
1739 #ifndef OPENSSL_OPAQUE
1740 static void
1741 test_tortls_finish_handshake(void *ignored)
1742 {
1743 (void)ignored;
1744 int ret;
1745 tor_tls_t *tls;
1746 SSL_CTX *ctx;
1747 SSL_METHOD *method = give_me_a_test_method();
1748 SSL_library_init();
1749 SSL_load_error_strings();
1750
1751 X509 *c1 = read_cert_from(validCertString);
1752 SESS_CERT_local *sess = NULL;
1753
1754 ctx = SSL_CTX_new(method);
1755
1756 tls = tor_malloc_zero(sizeof(tor_tls_t));
1757 tls->ssl = SSL_new(ctx);
1758 tls->state = TOR_TLS_ST_OPEN;
1759
1760 ret = tor_tls_finish_handshake(tls);
1761 tt_int_op(ret, OP_EQ, 0);
1762
1763 tls->isServer = 1;
1764 tls->wasV2Handshake = 0;
1765 setup_full_capture_of_logs(LOG_WARN);
1766 ret = tor_tls_finish_handshake(tls);
1767 tt_int_op(ret, OP_EQ, 0);
1768 tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
1769 expect_single_log_msg_containing("For some reason, wasV2Handshake didn't "
1770 "get set.");
1771 teardown_capture_of_logs();
1772
1773 tls->wasV2Handshake = 1;
1774 ret = tor_tls_finish_handshake(tls);
1775 tt_int_op(ret, OP_EQ, 0);
1776 tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
1777
1778 tls->wasV2Handshake = 1;
1779 tls->ssl->session = SSL_SESSION_new();
1780 ret = tor_tls_finish_handshake(tls);
1781 tt_int_op(ret, OP_EQ, 0);
1782 tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
1783
1784 tls->isServer = 0;
1785
1786 sess = tor_malloc_zero(sizeof(SESS_CERT_local));
1787 tls->ssl->session->sess_cert = (void *)sess;
1788 sess->cert_chain = sk_X509_new_null();
1789 sk_X509_push(sess->cert_chain, c1);
1790 tls->ssl->session->peer = c1;
1791 tls->wasV2Handshake = 0;
1792 ret = tor_tls_finish_handshake(tls);
1793 tt_int_op(ret, OP_EQ, 0);
1794 tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
1795
1796 method->num_ciphers = fake_num_ciphers;
1797 ret = tor_tls_finish_handshake(tls);
1798 tt_int_op(ret, OP_EQ, -9);
1799
1800 done:
1801 if (sess)
1802 sk_X509_free(sess->cert_chain);
1803 if (tls->ssl && tls->ssl->session) {
1804 tor_free(tls->ssl->session->sess_cert);
1805 }
1806 SSL_free(tls->ssl);
1807 tor_free(tls);
1808 SSL_CTX_free(ctx);
1809 tor_free(method);
1810 teardown_capture_of_logs();
1811 }
1812 #endif /* !defined(OPENSSL_OPAQUE) */
1813
1814 static int fixed_crypto_pk_new_result_index;
1815 static crypto_pk_t *fixed_crypto_pk_new_result[5];
1816
1817 static crypto_pk_t *
1818 fixed_crypto_pk_new(void)
1819 {
1820 return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++];
1821 }
1822
1823 #ifndef OPENSSL_OPAQUE
1824 static int fixed_crypto_pk_generate_key_with_bits_result_index;
1825 static int fixed_crypto_pk_generate_key_with_bits_result[5];
1826 static int fixed_tor_tls_create_certificate_result_index;
1827 static X509 *fixed_tor_tls_create_certificate_result[5];
1828 static int fixed_tor_x509_cert_new_result_index;
1829 static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5];
1830
1831 static int
1832 fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
1833 {
1834 (void)env;
1835 (void)bits;
1836 return fixed_crypto_pk_generate_key_with_bits_result[
1837 fixed_crypto_pk_generate_key_with_bits_result_index++];
1838 }
1839
1840 static X509 *
1841 fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
1842 crypto_pk_t *rsa_sign,
1843 const char *cname,
1844 const char *cname_sign,
1845 unsigned int cert_lifetime)
1846 {
1847 (void)rsa;
1848 (void)rsa_sign;
1849 (void)cname;
1850 (void)cname_sign;
1851 (void)cert_lifetime;
1852 X509 *result = fixed_tor_tls_create_certificate_result[
1853 fixed_tor_tls_create_certificate_result_index++];
1854 if (result)
1855 return X509_dup(result);
1856 else
1857 return NULL;
1858 }
1859
1860 static void
1861 fixed_tor_tls_create_certificate_results_free(void)
1862 {
1863 unsigned i;
1864 for (i = 0; i < ARRAY_LENGTH(fixed_tor_tls_create_certificate_result); ++i) {
1865 X509 *cert = fixed_tor_tls_create_certificate_result[i];
1866 if (cert)
1867 X509_free(cert);
1868 fixed_tor_tls_create_certificate_result[i] = NULL;
1869 }
1870 }
1871
1872 static void
1873 fixed_tor_x509_cert_new_results_free(void)
1874 {
1875 unsigned i;
1876 for (i = 0; i < ARRAY_LENGTH(fixed_tor_x509_cert_new_result); ++i) {
1877 tor_x509_cert_free(fixed_tor_x509_cert_new_result[i]);
1878 }
1879 }
1880
1881 static tor_x509_cert_t *
1882 fixed_tor_x509_cert_new(tor_x509_cert_impl_t *x509_cert)
1883 {
1884 (void) x509_cert;
1885 tor_x509_cert_t **certp =
1886 &fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++];
1887 tor_x509_cert_t *cert = *certp;
1888 *certp = NULL;
1889 return cert;
1890 }
1891
1892 static void
1893 test_tortls_context_new(void *ignored)
1894 {
1895 (void)ignored;
1896 tor_tls_context_t *ret;
1897 crypto_pk_t *pk1, *pk2, *pk3, *pk4, *pk5, *pk6, *pk7, *pk8, *pk9, *pk10,
1898 *pk11, *pk12, *pk13, *pk14, *pk15, *pk16, *pk17, *pk18;
1899
1900 pk1 = crypto_pk_new();
1901 pk2 = crypto_pk_new();
1902 pk3 = crypto_pk_new();
1903 pk4 = crypto_pk_new();
1904 pk5 = crypto_pk_new();
1905 pk6 = crypto_pk_new();
1906 pk7 = crypto_pk_new();
1907 pk8 = crypto_pk_new();
1908 pk9 = crypto_pk_new();
1909 pk10 = crypto_pk_new();
1910 pk11 = crypto_pk_new();
1911 pk12 = crypto_pk_new();
1912 pk13 = crypto_pk_new();
1913 pk14 = crypto_pk_new();
1914 pk15 = crypto_pk_new();
1915 pk16 = crypto_pk_new();
1916 pk17 = crypto_pk_new();
1917 pk18 = crypto_pk_new();
1918
1919 fixed_crypto_pk_new_result_index = 0;
1920 fixed_crypto_pk_new_result[0] = NULL;
1921 MOCK(crypto_pk_new, fixed_crypto_pk_new);
1922 ret = tor_tls_context_new(NULL, 0, 0, 0);
1923 tt_assert(!ret);
1924
1925 /* note: we already override this in testing_common.c, so we
1926 * run this unit test in a subprocess. */
1927 MOCK(crypto_pk_generate_key_with_bits,
1928 fixed_crypto_pk_generate_key_with_bits);
1929 fixed_crypto_pk_new_result_index = 0;
1930 fixed_crypto_pk_new_result[0] = pk1;
1931 fixed_crypto_pk_new_result[1] = NULL;
1932 fixed_crypto_pk_generate_key_with_bits_result[0] = -1;
1933 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1934 ret = tor_tls_context_new(NULL, 0, 0, 0);
1935 tt_assert(!ret);
1936
1937 fixed_crypto_pk_new_result_index = 0;
1938 fixed_crypto_pk_new_result[0] = pk2;
1939 fixed_crypto_pk_new_result[1] = NULL;
1940 fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
1941 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1942 ret = tor_tls_context_new(NULL, 0, 0, 0);
1943 tt_assert(!ret);
1944
1945 fixed_crypto_pk_new_result_index = 0;
1946 fixed_crypto_pk_new_result[0] = pk3;
1947 fixed_crypto_pk_new_result[1] = pk4;
1948 fixed_crypto_pk_new_result[2] = NULL;
1949 fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
1950 fixed_crypto_pk_generate_key_with_bits_result[1] = -1;
1951 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1952 ret = tor_tls_context_new(NULL, 0, 0, 0);
1953 tt_assert(!ret);
1954
1955 MOCK(tor_tls_create_certificate, fixed_tor_tls_create_certificate);
1956
1957 fixed_crypto_pk_new_result_index = 0;
1958 fixed_crypto_pk_new_result[0] = pk5;
1959 fixed_crypto_pk_new_result[1] = pk6;
1960 fixed_crypto_pk_new_result[2] = NULL;
1961 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1962 fixed_crypto_pk_generate_key_with_bits_result[1] = 0;
1963 fixed_tor_tls_create_certificate_result_index = 0;
1964 fixed_tor_tls_create_certificate_result[0] = NULL;
1965 fixed_tor_tls_create_certificate_result[1] = X509_new();
1966 fixed_tor_tls_create_certificate_result[2] = X509_new();
1967 ret = tor_tls_context_new(NULL, 0, 0, 0);
1968 tt_assert(!ret);
1969 fixed_tor_tls_create_certificate_results_free();
1970
1971 fixed_crypto_pk_new_result_index = 0;
1972 fixed_crypto_pk_new_result[0] = pk7;
1973 fixed_crypto_pk_new_result[1] = pk8;
1974 fixed_crypto_pk_new_result[2] = NULL;
1975 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1976 fixed_tor_tls_create_certificate_result_index = 0;
1977 fixed_tor_tls_create_certificate_result[0] = X509_new();
1978 fixed_tor_tls_create_certificate_result[1] = NULL;
1979 fixed_tor_tls_create_certificate_result[2] = X509_new();
1980 ret = tor_tls_context_new(NULL, 0, 0, 0);
1981 tt_assert(!ret);
1982 fixed_tor_tls_create_certificate_results_free();
1983
1984 fixed_crypto_pk_new_result_index = 0;
1985 fixed_crypto_pk_new_result[0] = pk9;
1986 fixed_crypto_pk_new_result[1] = pk10;
1987 fixed_crypto_pk_new_result[2] = NULL;
1988 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
1989 fixed_tor_tls_create_certificate_result_index = 0;
1990 fixed_tor_tls_create_certificate_result[0] = X509_new();
1991 fixed_tor_tls_create_certificate_result[1] = X509_new();
1992 fixed_tor_tls_create_certificate_result[2] = NULL;
1993 ret = tor_tls_context_new(NULL, 0, 0, 0);
1994 tt_assert(!ret);
1995 fixed_tor_tls_create_certificate_results_free();
1996
1997 MOCK(tor_x509_cert_new, fixed_tor_x509_cert_new);
1998 fixed_crypto_pk_new_result_index = 0;
1999 fixed_crypto_pk_new_result[0] = pk11;
2000 fixed_crypto_pk_new_result[1] = pk12;
2001 fixed_crypto_pk_new_result[2] = NULL;
2002 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2003 fixed_tor_tls_create_certificate_result_index = 0;
2004 fixed_tor_tls_create_certificate_result[0] = X509_new();
2005 fixed_tor_tls_create_certificate_result[1] = X509_new();
2006 fixed_tor_tls_create_certificate_result[2] = X509_new();
2007 fixed_tor_x509_cert_new_result_index = 0;
2008 fixed_tor_x509_cert_new_result[0] = NULL;
2009 fixed_tor_x509_cert_new_result[1] = NULL;
2010 fixed_tor_x509_cert_new_result[2] = NULL;
2011 ret = tor_tls_context_new(NULL, 0, 0, 0);
2012 tt_assert(!ret);
2013 fixed_tor_tls_create_certificate_results_free();
2014
2015 fixed_crypto_pk_new_result_index = 0;
2016 fixed_crypto_pk_new_result[0] = pk13;
2017 fixed_crypto_pk_new_result[1] = pk14;
2018 fixed_crypto_pk_new_result[2] = NULL;
2019 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2020 fixed_tor_tls_create_certificate_result_index = 0;
2021 fixed_tor_tls_create_certificate_result[0] = X509_new();
2022 fixed_tor_tls_create_certificate_result[1] = X509_new();
2023 fixed_tor_tls_create_certificate_result[2] = X509_new();
2024 fixed_tor_x509_cert_new_result_index = 0;
2025 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2026 fixed_tor_x509_cert_new_result[1] = NULL;
2027 fixed_tor_x509_cert_new_result[2] = NULL;
2028 ret = tor_tls_context_new(NULL, 0, 0, 0);
2029 tt_assert(!ret);
2030 fixed_tor_tls_create_certificate_results_free();
2031 fixed_tor_x509_cert_new_results_free();
2032
2033 fixed_crypto_pk_new_result_index = 0;
2034 fixed_crypto_pk_new_result[0] = pk15;
2035 fixed_crypto_pk_new_result[1] = pk16;
2036 fixed_crypto_pk_new_result[2] = NULL;
2037 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2038 fixed_tor_tls_create_certificate_result_index = 0;
2039 fixed_tor_tls_create_certificate_result[0] = X509_new();
2040 fixed_tor_tls_create_certificate_result[1] = X509_new();
2041 fixed_tor_tls_create_certificate_result[2] = X509_new();
2042 fixed_tor_x509_cert_new_result_index = 0;
2043 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2044 fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2045 fixed_tor_x509_cert_new_result[2] = NULL;
2046 ret = tor_tls_context_new(NULL, 0, 0, 0);
2047 tt_assert(!ret);
2048 fixed_tor_tls_create_certificate_results_free();
2049 fixed_tor_x509_cert_new_results_free();
2050
2051 fixed_crypto_pk_new_result_index = 0;
2052 fixed_crypto_pk_new_result[0] = pk17;
2053 fixed_crypto_pk_new_result[1] = pk18;
2054 fixed_crypto_pk_new_result[2] = NULL;
2055 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2056 fixed_tor_tls_create_certificate_result_index = 0;
2057 fixed_tor_tls_create_certificate_result[0] = X509_new();
2058 fixed_tor_tls_create_certificate_result[1] = X509_new();
2059 fixed_tor_tls_create_certificate_result[2] = X509_new();
2060 fixed_tor_x509_cert_new_result_index = 0;
2061 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2062 fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2063 fixed_tor_x509_cert_new_result[2] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2064 ret = tor_tls_context_new(NULL, 0, 0, 0);
2065 tt_assert(!ret);
2066
2067 done:
2068 fixed_tor_tls_create_certificate_results_free();
2069 fixed_tor_x509_cert_new_results_free();
2070 UNMOCK(tor_x509_cert_new);
2071 UNMOCK(tor_tls_create_certificate);
2072 UNMOCK(crypto_pk_generate_key_with_bits);
2073 UNMOCK(crypto_pk_new);
2074 }
2075 #endif /* !defined(OPENSSL_OPAQUE) */
2076
2077 static int fixed_crypto_pk_get_evp_pkey_result_index = 0;
2078 static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5];
2079
2080 static EVP_PKEY *
2081 fixed_crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private)
2082 {
2083 (void) env;
2084 (void) private;
2085 return fixed_crypto_pk_get_evp_pkey_result[
2086 fixed_crypto_pk_get_evp_pkey_result_index++];
2087 }
2088
2089 static void
2090 test_tortls_create_certificate(void *ignored)
2091 {
2092 (void)ignored;
2093 X509 *ret;
2094 crypto_pk_t *pk1, *pk2;
2095
2096 pk1 = crypto_pk_new();
2097 pk2 = crypto_pk_new();
2098
2099 MOCK(crypto_pk_get_openssl_evp_pkey_, fixed_crypto_pk_get_evp_pkey_);
2100 fixed_crypto_pk_get_evp_pkey_result_index = 0;
2101 fixed_crypto_pk_get_evp_pkey_result[0] = NULL;
2102 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2103 tt_assert(!ret);
2104
2105 fixed_crypto_pk_get_evp_pkey_result_index = 0;
2106 fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
2107 fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
2108 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2109 tt_assert(!ret);
2110
2111 fixed_crypto_pk_get_evp_pkey_result_index = 0;
2112 fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
2113 fixed_crypto_pk_get_evp_pkey_result[1] = EVP_PKEY_new();
2114 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2115 tt_assert(!ret);
2116
2117 done:
2118 UNMOCK(crypto_pk_get_openssl_evp_pkey_);
2119 crypto_pk_free(pk1);
2120 crypto_pk_free(pk2);
2121 }
2122
2123 static void
2124 test_tortls_cert_new(void *ignored)
2125 {
2126 (void)ignored;
2127 tor_x509_cert_t *ret;
2128 X509 *cert = read_cert_from(validCertString);
2129
2130 ret = tor_x509_cert_new(NULL);
2131 tt_assert(!ret);
2132
2133 ret = tor_x509_cert_new(cert);
2134 tt_assert(ret);
2135 tor_x509_cert_free(ret);
2136 ret = NULL;
2137
2138 #if 0
2139 cert = read_cert_from(validCertString);
2140 /* XXX this doesn't do what you think: it alters a copy of the pubkey. */
2141 X509_get_pubkey(cert)->type = EVP_PKEY_DSA;
2142 ret = tor_x509_cert_new(cert);
2143 tt_assert(ret);
2144 #endif /* 0 */
2145
2146 #ifndef OPENSSL_OPAQUE
2147 cert = read_cert_from(validCertString);
2148 X509_CINF_free(cert->cert_info);
2149 cert->cert_info = NULL;
2150 ret = tor_x509_cert_new(cert);
2151 tt_assert(ret);
2152 #endif /* !defined(OPENSSL_OPAQUE) */
2153
2154 done:
2155 tor_x509_cert_free(ret);
2156 }
2157
2158 static void
2159 test_tortls_cert_is_valid(void *ignored)
2160 {
2161 (void)ignored;
2162 int ret;
2163 tor_x509_cert_t *cert = NULL, *scert = NULL;
2164
2165 scert = tor_malloc_zero(sizeof(tor_x509_cert_t));
2166 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2167 tt_int_op(ret, OP_EQ, 0);
2168
2169 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
2170 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2171 tt_int_op(ret, OP_EQ, 0);
2172 tor_free(scert);
2173 tor_free(cert);
2174
2175 cert = tor_x509_cert_new(read_cert_from(validCertString));
2176 scert = tor_x509_cert_new(read_cert_from(caCertString));
2177 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2178 tt_int_op(ret, OP_EQ, 1);
2179
2180 #ifndef OPENSSL_OPAQUE
2181 tor_x509_cert_free(cert);
2182 tor_x509_cert_free(scert);
2183 cert = tor_x509_cert_new(read_cert_from(validCertString));
2184 scert = tor_x509_cert_new(read_cert_from(caCertString));
2185 ASN1_TIME_free(cert->cert->cert_info->validity->notAfter);
2186 cert->cert->cert_info->validity->notAfter =
2187 ASN1_TIME_set(NULL, time(NULL)-1000000);
2188 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2189 tt_int_op(ret, OP_EQ, 0);
2190
2191 tor_x509_cert_free(cert);
2192 tor_x509_cert_free(scert);
2193 cert = tor_x509_cert_new(read_cert_from(validCertString));
2194 scert = tor_x509_cert_new(read_cert_from(caCertString));
2195 X509_PUBKEY_free(cert->cert->cert_info->key);
2196 cert->cert->cert_info->key = NULL;
2197 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
2198 tt_int_op(ret, OP_EQ, 0);
2199 #endif /* !defined(OPENSSL_OPAQUE) */
2200
2201 #if 0
2202 tor_x509_cert_free(cert);
2203 tor_x509_cert_free(scert);
2204 cert = tor_x509_cert_new(read_cert_from(validCertString));
2205 scert = tor_x509_cert_new(read_cert_from(caCertString));
2206 /* This doesn't actually change the key in the cert. XXXXXX */
2207 BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n);
2208 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
2209 tt_int_op(ret, OP_EQ, 0);
2210
2211 tor_x509_cert_free(cert);
2212 tor_x509_cert_free(scert);
2213 cert = tor_x509_cert_new(read_cert_from(validCertString));
2214 scert = tor_x509_cert_new(read_cert_from(caCertString));
2215 /* This doesn't actually change the key in the cert. XXXXXX */
2216 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2217 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
2218 tt_int_op(ret, OP_EQ, 0);
2219
2220 tor_x509_cert_free(cert);
2221 tor_x509_cert_free(scert);
2222 cert = tor_x509_cert_new(read_cert_from(validCertString));
2223 scert = tor_x509_cert_new(read_cert_from(caCertString));
2224 /* This doesn't actually change the key in the cert. XXXXXX */
2225 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2226 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2227 tt_int_op(ret, OP_EQ, 1);
2228
2229 tor_x509_cert_free(cert);
2230 tor_x509_cert_free(scert);
2231 cert = tor_x509_cert_new(read_cert_from(validCertString));
2232 scert = tor_x509_cert_new(read_cert_from(caCertString));
2233 /* This doesn't actually change the key in the cert. XXXXXX */
2234 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2235 X509_get_pubkey(cert->cert)->ameth = NULL;
2236 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
2237 tt_int_op(ret, OP_EQ, 0);
2238 #endif /* 0 */
2239
2240 done:
2241 tor_x509_cert_free(cert);
2242 tor_x509_cert_free(scert);
2243 }
2244
2245 static void
2246 test_tortls_context_init_one(void *ignored)
2247 {
2248 (void)ignored;
2249 int ret;
2250 tor_tls_context_t *old = NULL;
2251
2252 MOCK(crypto_pk_new, fixed_crypto_pk_new);
2253
2254 fixed_crypto_pk_new_result_index = 0;
2255 fixed_crypto_pk_new_result[0] = NULL;
2256 ret = tor_tls_context_init_one(&old, NULL, 0, 0, 0);
2257 tt_int_op(ret, OP_EQ, -1);
2258
2259 done:
2260 UNMOCK(crypto_pk_new);
2261 }
2262
2263 #define LOCAL_TEST_CASE(name, flags) \
2264 { #name, test_tortls_##name, (flags|TT_FORK), NULL, NULL }
2265
2266 #ifdef OPENSSL_OPAQUE
2267 #define INTRUSIVE_TEST_CASE(name, flags) \
2268 { #name, NULL, TT_SKIP, NULL, NULL }
2269 #else
2270 #define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags)
2271 #endif /* defined(OPENSSL_OPAQUE) */
2272
2273 struct testcase_t tortls_openssl_tests[] = {
2274 LOCAL_TEST_CASE(tor_tls_new, TT_FORK),
2275 LOCAL_TEST_CASE(get_state_description, TT_FORK),
2276 LOCAL_TEST_CASE(get_by_ssl, TT_FORK),
2277 LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK),
2278 LOCAL_TEST_CASE(log_one_error, TT_FORK),
2279 INTRUSIVE_TEST_CASE(get_error, TT_FORK),
2280 LOCAL_TEST_CASE(always_accept_verify_cb, 0),
2281 INTRUSIVE_TEST_CASE(x509_cert_free, 0),
2282 LOCAL_TEST_CASE(cert_matches_key, 0),
2283 INTRUSIVE_TEST_CASE(cert_get_key, 0),
2284 LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK),
2285 INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0),
2286 INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
2287 LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
2288 INTRUSIVE_TEST_CASE(get_pending_bytes, 0),
2289 INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0),
2290 INTRUSIVE_TEST_CASE(get_tlssecrets, 0),
2291 INTRUSIVE_TEST_CASE(get_buffer_sizes, 0),
2292 INTRUSIVE_TEST_CASE(try_to_extract_certs_from_tls, 0),
2293 INTRUSIVE_TEST_CASE(get_peer_cert, 0),
2294 INTRUSIVE_TEST_CASE(peer_has_cert, 0),
2295 INTRUSIVE_TEST_CASE(finish_handshake, 0),
2296 INTRUSIVE_TEST_CASE(handshake, 0),
2297 INTRUSIVE_TEST_CASE(write, 0),
2298 INTRUSIVE_TEST_CASE(read, 0),
2299 INTRUSIVE_TEST_CASE(server_info_callback, 0),
2300 LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
2301 LOCAL_TEST_CASE(is_server, 0),
2302 INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
2303 INTRUSIVE_TEST_CASE(block_renegotiation, 0),
2304 INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
2305 INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),
2306 LOCAL_TEST_CASE(set_logged_address, 0),
2307 INTRUSIVE_TEST_CASE(find_cipher_by_id, 0),
2308 INTRUSIVE_TEST_CASE(session_secret_cb, 0),
2309 INTRUSIVE_TEST_CASE(debug_state_callback, 0),
2310 INTRUSIVE_TEST_CASE(context_new, TT_FORK /* redundant */),
2311 LOCAL_TEST_CASE(create_certificate, 0),
2312 LOCAL_TEST_CASE(cert_new, 0),
2313 LOCAL_TEST_CASE(cert_is_valid, 0),
2314 LOCAL_TEST_CASE(context_init_one, 0),
2315 END_OF_TESTCASES
2316 };
The Onion Router