search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bitwise negate is ~, not !.
[tor.git] / src / test / test_tortls.c
blob98f5facc1199991e1cb012e123d780f7149e3fa0
1 /* Copyright (c) 2010-2015, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3
4 #define TORTLS_PRIVATE
5 #define LOG_PRIVATE
6 #include "orconfig.h"
7
8 #ifdef _WIN32
9 #include <winsock2.h>
10 #endif
11
12 #ifdef __GNUC__
13 #define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
14 #endif
15
16 #if __GNUC__ && GCC_VERSION >= 402
17 #if GCC_VERSION >= 406
18 #pragma GCC diagnostic push
19 #endif
20 /* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
21 * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
22 #pragma GCC diagnostic ignored "-Wredundant-decls"
23 #endif
24
25 #include <openssl/opensslv.h>
26
27 #include <openssl/ssl.h>
28 #include <openssl/ssl3.h>
29 #include <openssl/err.h>
30 #include <openssl/asn1t.h>
31 #include <openssl/x509.h>
32 #include <openssl/rsa.h>
33 #include <openssl/evp.h>
34 #include <openssl/bn.h>
35
36 #if __GNUC__ && GCC_VERSION >= 402
37 #if GCC_VERSION >= 406
38 #pragma GCC diagnostic pop
39 #else
40 #pragma GCC diagnostic warning "-Wredundant-decls"
41 #endif
42 #endif
43
44 #include "or.h"
45 #include "torlog.h"
46 #include "config.h"
47 #include "tortls.h"
48
49 #include "test.h"
50 #include "log_test_helpers.h"
51 #define NS_MODULE tortls
52
53 extern tor_tls_context_t *server_tls_context;
54 extern tor_tls_context_t *client_tls_context;
55
56 #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) \
57 && !defined(LIBRESSL_VERSION_NUMBER)
58 #define OPENSSL_OPAQUE
59 #define SSL_STATE_STR "before SSL initialization"
60 #else
61 #define SSL_STATE_STR "before/accept initialization"
62 #endif
63
64 #ifndef OPENSSL_OPAQUE
65 static SSL_METHOD *
66 give_me_a_test_method(void)
67 {
68 SSL_METHOD *method = tor_malloc_zero(sizeof(SSL_METHOD));
69 memcpy(method, TLSv1_method(), sizeof(SSL_METHOD));
70 return method;
71 }
72
73 static int
74 fake_num_ciphers(void)
75 {
76 return 0;
77 }
78 #endif
79
80 static void
81 test_tortls_errno_to_tls_error(void *data)
82 {
83 (void) data;
84 tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,
85 TOR_TLS_ERROR_CONNRESET);
86 tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,
87 TOR_TLS_ERROR_TIMEOUT);
88 tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,
89 TOR_TLS_ERROR_NO_ROUTE);
90 tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,
91 TOR_TLS_ERROR_NO_ROUTE);
92 tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,
93 TOR_TLS_ERROR_CONNREFUSED);
94 tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
95 done:
96 (void)1;
97 }
98
99 static void
100 test_tortls_err_to_string(void *data)
101 {
102 (void) data;
103 tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
104 tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
105 tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
106 tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,
107 "connection refused");
108 tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,
109 "connection reset");
110 tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,
111 "host unreachable");
112 tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,
113 "connection timed out");
114 tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
115 tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
116 tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
117 tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
118 done:
119 (void)1;
120 }
121
122 static int
123 mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
124 {
125 (void) tls;
126 (void) cert; // XXXX look at this.
127 return 1;
128 }
129
130 static void
131 test_tortls_tor_tls_new(void *data)
132 {
133 (void) data;
134 MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
135 crypto_pk_t *key1 = NULL, *key2 = NULL;
136 SSL_METHOD *method = NULL;
137
138 key1 = pk_generate(2);
139 key2 = pk_generate(3);
140
141 tor_tls_t *tls = NULL;
142 tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
143 key1, key2, 86400), OP_EQ, 0);
144 tls = tor_tls_new(-1, 0);
145 tt_want(tls);
146 tor_tls_free(tls); tls = NULL;
147
148 SSL_CTX_free(client_tls_context->ctx);
149 client_tls_context->ctx = NULL;
150 tls = tor_tls_new(-1, 0);
151 tt_assert(!tls);
152
153 #ifndef OPENSSL_OPAQUE
154 method = give_me_a_test_method();
155 SSL_CTX *ctx = SSL_CTX_new(method);
156 method->num_ciphers = fake_num_ciphers;
157 client_tls_context->ctx = ctx;
158 tls = tor_tls_new(-1, 0);
159 tt_assert(!tls);
160 #endif
161
162 done:
163 UNMOCK(tor_tls_cert_matches_key);
164 crypto_pk_free(key1);
165 crypto_pk_free(key2);
166 tor_tls_free(tls);
167 tor_free(method);
168 tor_tls_free_all();
169 }
170
171 #define NS_MODULE tortls
172 NS_DECL(void, logv, (int severity, log_domain_mask_t domain,
173 const char *funcname, const char *suffix,
174 const char *format, va_list ap));
175
176 static void
177 NS(logv)(int severity, log_domain_mask_t domain,
178 const char *funcname, const char *suffix, const char *format,
179 va_list ap)
180 {
181 (void) severity;
182 (void) domain;
183 (void) funcname;
184 (void) suffix;
185 (void) format;
186 (void) ap; // XXXX look at this.
187 CALLED(logv)++;
188 }
189
190 static void
191 test_tortls_tor_tls_get_error(void *data)
192 {
193 (void) data;
194 MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
195 crypto_pk_t *key1 = NULL, *key2 = NULL;
196 key1 = pk_generate(2);
197 key2 = pk_generate(3);
198
199 tor_tls_t *tls = NULL;
200 tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
201 key1, key2, 86400), OP_EQ, 0);
202 tls = tor_tls_new(-1, 0);
203 NS_MOCK(logv);
204 tt_int_op(CALLED(logv), OP_EQ, 0);
205 tor_tls_get_error(tls, 0, 0,
206 (const char *)"test", 0, 0);
207 tt_int_op(CALLED(logv), OP_EQ, 1);
208
209 done:
210 UNMOCK(tor_tls_cert_matches_key);
211 NS_UNMOCK(logv);
212 crypto_pk_free(key1);
213 crypto_pk_free(key2);
214 tor_tls_free(tls);
215 }
216
217 static void
218 test_tortls_get_state_description(void *ignored)
219 {
220 (void)ignored;
221 tor_tls_t *tls;
222 char *buf;
223 SSL_CTX *ctx;
224
225 SSL_library_init();
226 SSL_load_error_strings();
227
228 ctx = SSL_CTX_new(SSLv23_method());
229
230 buf = tor_malloc_zero(1000);
231 tls = tor_malloc_zero(sizeof(tor_tls_t));
232
233 tor_tls_get_state_description(NULL, buf, 20);
234 tt_str_op(buf, OP_EQ, "(No SSL object)");
235
236 SSL_free(tls->ssl);
237 tls->ssl = NULL;
238 tor_tls_get_state_description(tls, buf, 20);
239 tt_str_op(buf, OP_EQ, "(No SSL object)");
240
241 tls->ssl = SSL_new(ctx);
242 tor_tls_get_state_description(tls, buf, 200);
243 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in HANDSHAKE");
244
245 tls->state = TOR_TLS_ST_OPEN;
246 tor_tls_get_state_description(tls, buf, 200);
247 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in OPEN");
248
249 tls->state = TOR_TLS_ST_GOTCLOSE;
250 tor_tls_get_state_description(tls, buf, 200);
251 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in GOTCLOSE");
252
253 tls->state = TOR_TLS_ST_SENTCLOSE;
254 tor_tls_get_state_description(tls, buf, 200);
255 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in SENTCLOSE");
256
257 tls->state = TOR_TLS_ST_CLOSED;
258 tor_tls_get_state_description(tls, buf, 200);
259 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in CLOSED");
260
261 tls->state = TOR_TLS_ST_RENEGOTIATE;
262 tor_tls_get_state_description(tls, buf, 200);
263 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in RENEGOTIATE");
264
265 tls->state = TOR_TLS_ST_BUFFEREVENT;
266 tor_tls_get_state_description(tls, buf, 200);
267 tt_str_op(buf, OP_EQ, SSL_STATE_STR);
268
269 tls->state = 7;
270 tor_tls_get_state_description(tls, buf, 200);
271 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in unknown TLS state");
272
273 done:
274 SSL_CTX_free(ctx);
275 SSL_free(tls->ssl);
276 tor_free(buf);
277 tor_free(tls);
278 }
279
280 extern int tor_tls_object_ex_data_index;
281
282 static void
283 test_tortls_get_by_ssl(void *ignored)
284 {
285 (void)ignored;
286 tor_tls_t *tls;
287 tor_tls_t *res;
288 SSL_CTX *ctx;
289 SSL *ssl;
290
291 SSL_library_init();
292 SSL_load_error_strings();
293 tor_tls_allocate_tor_tls_object_ex_data_index();
294
295 ctx = SSL_CTX_new(SSLv23_method());
296 tls = tor_malloc_zero(sizeof(tor_tls_t));
297 tls->magic = TOR_TLS_MAGIC;
298
299 ssl = SSL_new(ctx);
300
301 res = tor_tls_get_by_ssl(ssl);
302 tt_assert(!res);
303
304 SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
305
306 res = tor_tls_get_by_ssl(ssl);
307 tt_assert(res == tls);
308
309 done:
310 SSL_free(ssl);
311 SSL_CTX_free(ctx);
312 tor_free(tls);
313 }
314
315 static void
316 test_tortls_allocate_tor_tls_object_ex_data_index(void *ignored)
317 {
318 (void)ignored;
319 int first;
320
321 tor_tls_allocate_tor_tls_object_ex_data_index();
322
323 first = tor_tls_object_ex_data_index;
324 tor_tls_allocate_tor_tls_object_ex_data_index();
325 tt_int_op(first, OP_EQ, tor_tls_object_ex_data_index);
326
327 done:
328 (void)0;
329 }
330
331 static void
332 test_tortls_log_one_error(void *ignored)
333 {
334 (void)ignored;
335 tor_tls_t *tls;
336 SSL_CTX *ctx;
337 SSL *ssl = NULL;
338
339 SSL_library_init();
340 SSL_load_error_strings();
341
342 ctx = SSL_CTX_new(SSLv23_method());
343 tls = tor_malloc_zero(sizeof(tor_tls_t));
344 int previous_log = setup_capture_of_logs(LOG_INFO);
345
346 tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
347 expect_log_msg("TLS error while something: "
348 "(null) (in (null):(null):---)\n");
349
350 mock_clean_saved_logs();
351 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
352 expect_log_msg("TLS error: (null) "
353 "(in (null):(null):---)\n");
354
355 mock_clean_saved_logs();
356 tls->address = tor_strdup("127.hello");
357 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
358 expect_log_msg("TLS error with 127.hello: "
359 "(null) (in (null):(null):---)\n");
360 tor_free(tls->address);
361
362 mock_clean_saved_logs();
363 tls->address = tor_strdup("127.hello");
364 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
365 expect_log_msg("TLS error while blarg with "
366 "127.hello: (null) (in (null):(null):---)\n");
367
368 mock_clean_saved_logs();
369 tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
370 expect_log_msg("TLS error with 127.hello: "
371 "BN lib (in unknown library:(null):---)\n");
372
373 mock_clean_saved_logs();
374 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
375 LOG_WARN, 0, NULL);
376 expect_log_severity(LOG_INFO);
377
378 mock_clean_saved_logs();
379 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
380 LOG_WARN, 0, NULL);
381 expect_log_severity(LOG_INFO);
382
383 mock_clean_saved_logs();
384 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
385 LOG_WARN, 0, NULL);
386 expect_log_severity(LOG_INFO);
387
388 mock_clean_saved_logs();
389 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
390 LOG_WARN, 0, NULL);
391 expect_log_severity(LOG_INFO);
392
393 mock_clean_saved_logs();
394 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
395 LOG_WARN, 0, NULL);
396 expect_log_severity(LOG_INFO);
397
398 mock_clean_saved_logs();
399 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
400 LOG_WARN, 0, NULL);
401 expect_log_severity(LOG_INFO);
402
403 tls->ssl = SSL_new(ctx);
404
405 mock_clean_saved_logs();
406 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
407 expect_log_msg("TLS error with 127.hello: (null)"
408 " (in (null):(null):" SSL_STATE_STR ")\n");
409
410 done:
411 teardown_capture_of_logs(previous_log);
412 SSL_free(ssl);
413 SSL_CTX_free(ctx);
414 if (tls && tls->ssl)
415 SSL_free(tls->ssl);
416 if (tls)
417 tor_free(tls->address);
418 tor_free(tls);
419 }
420
421 #ifndef OPENSSL_OPAQUE
422 static void
423 test_tortls_get_error(void *ignored)
424 {
425 (void)ignored;
426 tor_tls_t *tls;
427 int ret;
428 SSL_CTX *ctx;
429
430 SSL_library_init();
431 SSL_load_error_strings();
432
433 ctx = SSL_CTX_new(SSLv23_method());
434 int previous_log = setup_capture_of_logs(LOG_INFO);
435 tls = tor_malloc_zero(sizeof(tor_tls_t));
436 tls->ssl = SSL_new(ctx);
437 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
438
439 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
440 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
441 expect_log_msg("TLS error: unexpected close while"
442 " something (before/accept initialization)\n");
443
444 mock_clean_saved_logs();
445 ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
446 tt_int_op(ret, OP_EQ, 0);
447 expect_no_log_entry();
448
449 mock_clean_saved_logs();
450 ret = tor_tls_get_error(tls, 0, 1, "something", LOG_WARN, 0);
451 tt_int_op(ret, OP_EQ, -11);
452 expect_no_log_entry();
453
454 mock_clean_saved_logs();
455 ERR_clear_error();
456 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
457 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
458 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
459 expect_log_msg("TLS error while something: (null)"
460 " (in bignum routines:(null):before/accept initialization)\n");
461
462 mock_clean_saved_logs();
463 ERR_clear_error();
464 tls->ssl->rwstate = SSL_READING;
465 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
466 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
467 tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
468 expect_no_log_entry();
469
470 mock_clean_saved_logs();
471 ERR_clear_error();
472 tls->ssl->rwstate = SSL_READING;
473 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
474 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
475 tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
476 expect_no_log_entry();
477
478 mock_clean_saved_logs();
479 ERR_clear_error();
480 tls->ssl->rwstate = 0;
481 tls->ssl->shutdown = SSL_RECEIVED_SHUTDOWN;
482 tls->ssl->s3->warn_alert =SSL_AD_CLOSE_NOTIFY;
483 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
484 tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
485 expect_log_entry();
486
487 mock_clean_saved_logs();
488 ret = tor_tls_get_error(tls, 0, 2, "something", LOG_WARN, 0);
489 tt_int_op(ret, OP_EQ, -10);
490 expect_no_log_entry();
491
492 mock_clean_saved_logs();
493 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
494 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
495 tt_int_op(ret, OP_EQ, -9);
496 expect_log_msg("TLS error while something: (null) (in system library:"
497 "connect:before/accept initialization)\n");
498
499 done:
500 teardown_capture_of_logs(previous_log);
501 SSL_free(tls->ssl);
502 tor_free(tls);
503 SSL_CTX_free(ctx);
504 }
505 #endif
506
507 static void
508 test_tortls_always_accept_verify_cb(void *ignored)
509 {
510 (void)ignored;
511 int ret;
512
513 ret = always_accept_verify_cb(0, NULL);
514 tt_int_op(ret, OP_EQ, 1);
515
516 done:
517 (void)0;
518 }
519
520 #ifndef OPENSSL_OPAQUE
521 static void
522 test_tortls_x509_cert_free(void *ignored)
523 {
524 (void)ignored;
525 tor_x509_cert_t *cert;
526
527 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
528 tor_x509_cert_free(cert);
529
530 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
531 cert->cert = tor_malloc_zero(sizeof(X509));
532 cert->encoded = tor_malloc_zero(1);
533 tor_x509_cert_free(cert);
534 }
535 #endif
536
537 static void
538 test_tortls_x509_cert_get_id_digests(void *ignored)
539 {
540 (void)ignored;
541 tor_x509_cert_t *cert;
542 digests_t *d;
543 const digests_t *res;
544 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
545 d = tor_malloc_zero(sizeof(digests_t));
546 d->d[0][0] = 42;
547
548 res = tor_x509_cert_get_id_digests(cert);
549 tt_assert(!res);
550
551 cert->pkey_digests_set = 1;
552 cert->pkey_digests = *d;
553 res = tor_x509_cert_get_id_digests(cert);
554 tt_int_op(res->d[0][0], OP_EQ, 42);
555
556 done:
557 tor_free(cert);
558 tor_free(d);
559 }
560
561 #ifndef OPENSSL_OPAQUE
562 static int
563 fixed_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
564 {
565 (void) a; (void) b;
566 return 1;
567 }
568
569 static void
570 fake_x509_free(X509 *cert)
571 {
572 if (cert) {
573 if (cert->cert_info) {
574 if (cert->cert_info->key) {
575 if (cert->cert_info->key->pkey) {
576 tor_free(cert->cert_info->key->pkey);
577 }
578 tor_free(cert->cert_info->key);
579 }
580 tor_free(cert->cert_info);
581 }
582 tor_free(cert);
583 }
584 }
585
586 static void
587 test_tortls_cert_matches_key(void *ignored)
588 {
589 (void)ignored;
590 int res;
591 tor_tls_t *tls;
592 tor_x509_cert_t *cert;
593 X509 *one = NULL, *two = NULL;
594 EVP_PKEY_ASN1_METHOD *meth = EVP_PKEY_asn1_new(999, 0, NULL, NULL);
595 EVP_PKEY_asn1_set_public(meth, NULL, NULL, fixed_pub_cmp, NULL, NULL, NULL);
596
597 tls = tor_malloc_zero(sizeof(tor_tls_t));
598 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
599 one = tor_malloc_zero(sizeof(X509));
600 one->references = 1;
601 two = tor_malloc_zero(sizeof(X509));
602 two->references = 1;
603
604 res = tor_tls_cert_matches_key(tls, cert);
605 tt_int_op(res, OP_EQ, 0);
606
607 tls->ssl = tor_malloc_zero(sizeof(SSL));
608 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
609 tls->ssl->session->peer = one;
610 res = tor_tls_cert_matches_key(tls, cert);
611 tt_int_op(res, OP_EQ, 0);
612
613 cert->cert = two;
614 res = tor_tls_cert_matches_key(tls, cert);
615 tt_int_op(res, OP_EQ, 0);
616
617 one->cert_info = tor_malloc_zero(sizeof(X509_CINF));
618 one->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
619 one->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
620 one->cert_info->key->pkey->references = 1;
621 one->cert_info->key->pkey->ameth = meth;
622 one->cert_info->key->pkey->type = 1;
623
624 two->cert_info = tor_malloc_zero(sizeof(X509_CINF));
625 two->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
626 two->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
627 two->cert_info->key->pkey->references = 1;
628 two->cert_info->key->pkey->ameth = meth;
629 two->cert_info->key->pkey->type = 2;
630
631 res = tor_tls_cert_matches_key(tls, cert);
632 tt_int_op(res, OP_EQ, 0);
633
634 one->cert_info->key->pkey->type = 1;
635 two->cert_info->key->pkey->type = 1;
636 res = tor_tls_cert_matches_key(tls, cert);
637 tt_int_op(res, OP_EQ, 1);
638
639 done:
640 EVP_PKEY_asn1_free(meth);
641 tor_free(tls->ssl->session);
642 tor_free(tls->ssl);
643 tor_free(tls);
644 tor_free(cert);
645 fake_x509_free(one);
646 fake_x509_free(two);
647 }
648
649 static void
650 test_tortls_cert_get_key(void *ignored)
651 {
652 (void)ignored;
653 tor_x509_cert_t *cert = NULL;
654 crypto_pk_t *res = NULL;
655 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
656 X509 *key = NULL;
657 key = tor_malloc_zero(sizeof(X509));
658 key->references = 1;
659
660 res = tor_tls_cert_get_key(cert);
661 tt_assert(!res);
662
663 cert->cert = key;
664 key->cert_info = tor_malloc_zero(sizeof(X509_CINF));
665 key->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
666 key->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
667 key->cert_info->key->pkey->references = 1;
668 key->cert_info->key->pkey->type = 2;
669 res = tor_tls_cert_get_key(cert);
670 tt_assert(!res);
671
672 done:
673 fake_x509_free(key);
674 tor_free(cert);
675 crypto_pk_free(res);
676 }
677 #endif
678
679 static void
680 test_tortls_get_my_client_auth_key(void *ignored)
681 {
682 (void)ignored;
683 crypto_pk_t *ret;
684 crypto_pk_t *expected;
685 tor_tls_context_t *ctx;
686 RSA *k = tor_malloc_zero(sizeof(RSA));
687
688 ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
689 expected = crypto_new_pk_from_rsa_(k);
690 ctx->auth_key = expected;
691
692 client_tls_context = NULL;
693 ret = tor_tls_get_my_client_auth_key();
694 tt_assert(!ret);
695
696 client_tls_context = ctx;
697 ret = tor_tls_get_my_client_auth_key();
698 tt_assert(ret == expected);
699
700 done:
701 tor_free(expected);
702 tor_free(k);
703 tor_free(ctx);
704 }
705
706 static void
707 test_tortls_get_my_certs(void *ignored)
708 {
709 (void)ignored;
710 int ret;
711 tor_tls_context_t *ctx;
712 const tor_x509_cert_t *link_cert_out = NULL;
713 const tor_x509_cert_t *id_cert_out = NULL;
714
715 ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
716
717 client_tls_context = NULL;
718 ret = tor_tls_get_my_certs(0, NULL, NULL);
719 tt_int_op(ret, OP_EQ, -1);
720
721 server_tls_context = NULL;
722 ret = tor_tls_get_my_certs(1, NULL, NULL);
723 tt_int_op(ret, OP_EQ, -1);
724
725 client_tls_context = ctx;
726 ret = tor_tls_get_my_certs(0, NULL, NULL);
727 tt_int_op(ret, OP_EQ, 0);
728
729 client_tls_context = ctx;
730 ret = tor_tls_get_my_certs(0, &link_cert_out, &id_cert_out);
731 tt_int_op(ret, OP_EQ, 0);
732
733 server_tls_context = ctx;
734 ret = tor_tls_get_my_certs(1, &link_cert_out, &id_cert_out);
735 tt_int_op(ret, OP_EQ, 0);
736
737 done:
738 (void)1;
739 }
740
741 #ifndef OPENSSL_OPAQUE
742 static void
743 test_tortls_get_ciphersuite_name(void *ignored)
744 {
745 (void)ignored;
746 const char *ret;
747 tor_tls_t *ctx;
748 ctx = tor_malloc_zero(sizeof(tor_tls_t));
749 ctx->ssl = tor_malloc_zero(sizeof(SSL));
750
751 ret = tor_tls_get_ciphersuite_name(ctx);
752 tt_str_op(ret, OP_EQ, "(NONE)");
753
754 done:
755 tor_free(ctx->ssl);
756 tor_free(ctx);
757 }
758
759 static SSL_CIPHER *
760 get_cipher_by_name(const char *name)
761 {
762 int i;
763 const SSL_METHOD *method = SSLv23_method();
764 int num = method->num_ciphers();
765 for (i = 0; i < num; ++i) {
766 const SSL_CIPHER *cipher = method->get_cipher(i);
767 const char *ciphername = SSL_CIPHER_get_name(cipher);
768 if (!strcmp(ciphername, name)) {
769 return (SSL_CIPHER *)cipher;
770 }
771 }
772
773 return NULL;
774 }
775
776 static SSL_CIPHER *
777 get_cipher_by_id(uint16_t id)
778 {
779 int i;
780 const SSL_METHOD *method = SSLv23_method();
781 int num = method->num_ciphers();
782 for (i = 0; i < num; ++i) {
783 const SSL_CIPHER *cipher = method->get_cipher(i);
784 if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
785 return (SSL_CIPHER *)cipher;
786 }
787 }
788
789 return NULL;
790 }
791
792 extern uint16_t v2_cipher_list[];
793
794 static void
795 test_tortls_classify_client_ciphers(void *ignored)
796 {
797 (void)ignored;
798 int i;
799 int ret;
800 SSL_CTX *ctx;
801 SSL *ssl;
802 tor_tls_t *tls;
803 STACK_OF(SSL_CIPHER) *ciphers;
804 SSL_CIPHER *tmp_cipher;
805
806 SSL_library_init();
807 SSL_load_error_strings();
808 tor_tls_allocate_tor_tls_object_ex_data_index();
809
810 tls = tor_malloc_zero(sizeof(tor_tls_t));
811 tls->magic = TOR_TLS_MAGIC;
812
813 ctx = SSL_CTX_new(TLSv1_method());
814 ssl = SSL_new(ctx);
815 tls->ssl = ssl;
816
817 ciphers = sk_SSL_CIPHER_new_null();
818
819 ret = tor_tls_classify_client_ciphers(ssl, NULL);
820 tt_int_op(ret, OP_EQ, -1);
821
822 SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
823 tls->client_cipher_list_type = 42;
824
825 ret = tor_tls_classify_client_ciphers(ssl, NULL);
826 tt_int_op(ret, OP_EQ, 42);
827
828 tls->client_cipher_list_type = 0;
829 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
830 tt_int_op(ret, OP_EQ, 1);
831 tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
832
833 tls->client_cipher_list_type = 0;
834 ret = tor_tls_classify_client_ciphers(ssl, SSL_get_ciphers(ssl));
835 tt_int_op(ret, OP_EQ, 3);
836 tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
837
838 SSL_CIPHER *one = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_128_SHA),
839 *two = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA),
840 *three = get_cipher_by_name(SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA),
841 *four = NULL;
842 sk_SSL_CIPHER_push(ciphers, one);
843 sk_SSL_CIPHER_push(ciphers, two);
844 sk_SSL_CIPHER_push(ciphers, three);
845 sk_SSL_CIPHER_push(ciphers, four);
846
847 tls->client_cipher_list_type = 0;
848 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
849 tt_int_op(ret, OP_EQ, 1);
850 tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
851
852 sk_SSL_CIPHER_zero(ciphers);
853
854 one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
855 one->id = 0x00ff;
856 two = get_cipher_by_name("ECDH-RSA-AES128-GCM-SHA256");
857 two->id = 0x0000;
858 sk_SSL_CIPHER_push(ciphers, one);
859 tls->client_cipher_list_type = 0;
860 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
861 tt_int_op(ret, OP_EQ, 3);
862 tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
863
864 sk_SSL_CIPHER_push(ciphers, two);
865 tls->client_cipher_list_type = 0;
866 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
867 tt_int_op(ret, OP_EQ, 3);
868 tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
869
870 one->id = 0xC00A;
871 tls->client_cipher_list_type = 0;
872 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
873 tt_int_op(ret, OP_EQ, 3);
874 tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
875
876 sk_SSL_CIPHER_zero(ciphers);
877 for (i=0; v2_cipher_list[i]; i++) {
878 tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
879 tt_assert(tmp_cipher);
880 sk_SSL_CIPHER_push(ciphers, tmp_cipher);
881 }
882 tls->client_cipher_list_type = 0;
883 ret = tor_tls_classify_client_ciphers(ssl, ciphers);
884 tt_int_op(ret, OP_EQ, 2);
885 tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
886
887 done:
888 sk_SSL_CIPHER_free(ciphers);
889 SSL_free(tls->ssl);
890 tor_free(tls);
891 SSL_CTX_free(ctx);
892 }
893 #endif
894
895 static void
896 test_tortls_client_is_using_v2_ciphers(void *ignored)
897 {
898 (void)ignored;
899
900 #ifdef HAVE_SSL_GET_CLIENT_CIPHERS
901 tt_skip();
902 done:
903 (void)1;
904 #else
905 int ret;
906 SSL_CTX *ctx;
907 SSL *ssl;
908 SSL_SESSION *sess;
909 STACK_OF(SSL_CIPHER) *ciphers;
910
911 SSL_library_init();
912 SSL_load_error_strings();
913
914 ctx = SSL_CTX_new(TLSv1_method());
915 ssl = SSL_new(ctx);
916 sess = SSL_SESSION_new();
917
918 ret = tor_tls_client_is_using_v2_ciphers(ssl);
919 tt_int_op(ret, OP_EQ, -1);
920
921 ssl->session = sess;
922 ret = tor_tls_client_is_using_v2_ciphers(ssl);
923 tt_int_op(ret, OP_EQ, 0);
924
925 ciphers = sk_SSL_CIPHER_new_null();
926 SSL_CIPHER *one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
927 one->id = 0x00ff;
928 sk_SSL_CIPHER_push(ciphers, one);
929 sess->ciphers = ciphers;
930 ret = tor_tls_client_is_using_v2_ciphers(ssl);
931 tt_int_op(ret, OP_EQ, 1);
932 done:
933 SSL_free(ssl);
934 SSL_CTX_free(ctx);
935 #endif
936 }
937
938 #ifndef OPENSSL_OPAQUE
939 static X509 *fixed_try_to_extract_certs_from_tls_cert_out_result = NULL;
940 static X509 *fixed_try_to_extract_certs_from_tls_id_cert_out_result = NULL;
941
942 static void
943 fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
944 X509 **cert_out, X509 **id_cert_out)
945 {
946 (void) severity;
947 (void) tls;
948 *cert_out = fixed_try_to_extract_certs_from_tls_cert_out_result;
949 *id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result;
950 }
951 #endif
952
953 #ifndef OPENSSL_OPAQUE
954 static const char* notCompletelyValidCertString =
955 "-----BEGIN CERTIFICATE-----\n"
956 "MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
957 "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n"
958 "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n"
959 "YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\n"
960 "ODIyMDUyNzIzWhcNMTcwODIxMDUyNzIzWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\n"
961 "CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\n"
962 "ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYBBrx5PlP0WNI/ZdzD\n"
963 "+6Pktmurn+F2kQYbtc7XQh8/LTBvCo+P6iZoLEmUA9e7EXLRxgU1CVqeAi7QcAn9\n"
964 "MwBlc8ksFJHB0rtf9pmf8Oza9E0Bynlq/4/Kb1x+d+AyhL7oK9tQwB24uHOueHi1\n"
965 "C/iVv8CSWKiYe6hzN1txYe8rAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAASPdjigJ\n"
966 "kXCqKWpnZ/Oc75EUcMi6HztaW8abUMlYXPIgkV2F7YanHOB7K4f7OOLjiz8DTPFf\n"
967 "jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr\n"
968 "evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
969 "-----END CERTIFICATE-----\n";
970 #endif
971
972 static const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
973 "MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
974 "VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n"
975 "c3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkwNjEzMzk1OVoXDTQz\n"
976 "MDEyMjEzMzk1OVowVjELMAkGA1UEBhMCVVMxEDAOBgNVBAcMB0NoaWNhZ28xFDAS\n"
977 "BgNVBAoMC1RvciBUZXN0aW5nMR8wHQYDVQQDDBZ0ZXN0aW5nLnRvcnByb2plY3Qu\n"
978 "b3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoT6uyVVhWyOF3wkHjjYbd\n"
979 "nKaykyRv4JVtKQdZ4OpEErmX1zw4MmyzpQNV6iR4bQnWiyLfzyVJMZDIC/WILBfX\n"
980 "w2Pza/yuLgUvDc3twMuhOACzOQVO8PrEF/aVv2+hbCCy2udXvKhnYn+CCXl3ozc8\n"
981 "XcKYvujTXDyvGWY3xwAjlQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQCUvnhzQWuQ\n"
982 "MrN+pERkE+zcTI/9dGS90rUMMLgu8VDNqTa0TUQh8uO0EQ6uDvI8Js6e8tgwS0BR\n"
983 "UBahqb7ZHv+rejGCBr5OudqD+x4STiiuPNJVs86JTLN8SpM9CHjIBH5WCCN2KOy3\n"
984 "mevNoRcRRyYJzSFULCunIK6FGulszigMYGscrO4oiTkZiHPh9KvWT40IMiHfL+Lw\n"
985 "EtEWiLex6064LcA2YQ1AMuSZyCexks63lcfaFmQbkYOKqXa1oLkIRuDsOaSVjTfe\n"
986 "vec+X6jvf12cFTKS5WIeqkKF2Irt+dJoiHEGTe5RscUMN/f+gqHPzfFz5dR23sxo\n"
987 "g+HC6MZHlFkLAOx3wW6epPS8A/m1mw3zMPoTnb2U2YYt8T0dJMMlUn/7Y1sEAa+a\n"
988 "dSTMaeUf6VnJ//11m454EZl1to9Z7oJOgqmFffSrdD4BGIWe8f7hhW6L1Enmqe/J\n"
989 "BKL3wbzZh80O1W0bndAwhnEEhlzneFY84cbBo9pmVxpODHkUcStpr5Z7pBDrcL21\n"
990 "Ss/aB/1YrsVXhdvJdOGxl3Mnl9dUY57CympLGlT8f0pPS6GAKOelECOhFMHmJd8L\n"
991 "dj3XQSmKtYHevZ6IvuMXSlB/fJvSjSlkCuLo5+kJoaqPuRu+i/S1qxeRy3CBwmnE\n"
992 "LdSNdcX4N79GQJ996PA8+mUCQG7YRtK+WA==\n"
993 "-----END CERTIFICATE-----\n";
994
995 static const char* caCertString = "-----BEGIN CERTIFICATE-----\n"
996 "MIIFjzCCA3egAwIBAgIJAKd5WgyfPMYRMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV\n"
997 "BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIG\n"
998 "A1UECgwLVG9yIFRlc3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkw\n"
999 "NjEzMzc0MVoXDTQzMDEyMjEzMzc0MVowXjELMAkGA1UEBhMCVVMxETAPBgNVBAgM\n"
1000 "CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRQwEgYDVQQKDAtUb3IgVGVzdGlu\n"
1001 "ZzEUMBIGA1UEAwwLVG9yIFRlc3RpbmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n"
1002 "ggIKAoICAQCpLMUEiLW5leUgBZoEJms2V7lZRhIAjnJBhVMHD0e3UubNknmaQoxf\n"
1003 "ARz3rvqOaRd0JlV+qM9qE0DjiYcCVP1cAfqAo9d83uS1vwY3YMVJzADlaIiHfyVW\n"
1004 "uEgBy0vvkeUBqaua24dYlcwsemOiXYLu41yM1wkcGHW1AhBNHppY6cznb8TyLgNM\n"
1005 "2x3SGUdzc5XMyAFx51faKGBA3wjs+Hg1PLY7d30nmCgEOBavpm5I1disM/0k+Mcy\n"
1006 "YmAKEo/iHJX/rQzO4b9znP69juLlR8PDBUJEVIG/CYb6+uw8MjjUyiWXYoqfVmN2\n"
1007 "hm/lH8b6rXw1a2Aa3VTeD0DxaWeacMYHY/i01fd5n7hCoDTRNdSw5KJ0L3Z0SKTu\n"
1008 "0lzffKzDaIfyZGlpW5qdouACkWYzsaitQOePVE01PIdO30vUfzNTFDfy42ccx3Di\n"
1009 "59UCu+IXB+eMtrBfsok0Qc63vtF1linJgjHW1z/8ujk8F7/qkOfODhk4l7wngc2A\n"
1010 "EmwWFIFoGaiTEZHB9qteXr4unbXZ0AHpM02uGGwZEGohjFyebEb73M+J57WKKAFb\n"
1011 "PqbLcGUksL1SHNBNAJcVLttX55sO4nbidOS/kA3m+F1R04MBTyQF9qA6YDDHqdI3\n"
1012 "h/3pw0Z4fxVouTYT4/NfRnX4JTP4u+7Mpcoof28VME0qWqD1LnRhFQIDAQABo1Aw\n"
1013 "TjAdBgNVHQ4EFgQUMoAgIXH7pZ3QMRwTjT+DM9Yo/v0wHwYDVR0jBBgwFoAUMoAg\n"
1014 "IXH7pZ3QMRwTjT+DM9Yo/v0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n"
1015 "AgEAUJxacjXR9sT+Xs6ISFiUsyd0T6WVKMnV46xrYJHirGfx+krWHrjxMY+ZtxYD\n"
1016 "DBDGlo11Qc4v6QrclNf5QUBfIiGQsP9Cm6hHcQ+Tpg9HHCgSqG1YNPwCPReCR4br\n"
1017 "BLvLfrfkcBL2IWM0PdQdCze+59DBfipsULD2mEn9fjYRXQEwb2QWtQ9qRc20Yb/x\n"
1018 "Q4b/+CvUodLkaq7B8MHz0BV8HHcBoph6DYaRmO/N+hPauIuSp6XyaGYcEefGKVKj\n"
1019 "G2+fcsdyXsoijNdL8vNKwm4j2gVwCBnw16J00yfFoV46YcbfqEdJB2je0XSvwXqt\n"
1020 "14AOTngxso2h9k9HLtrfpO1ZG/B5AcCMs1lzbZ2fp5DPHtjvvmvA2RJqgo3yjw4W\n"
1021 "4DHAuTglYFlC3mDHNfNtcGP20JvepcQNzNP2UzwcpOc94hfKikOFw+gf9Vf1qd0y\n"
1022 "h/Sk6OZHn2+JVUPiWHIQV98Vtoh4RmUZDJD+b55ia3fQGTGzt4z1XFzQYSva5sfs\n"
1023 "wocS/papthqWldQU7x+3wofNd5CNU1x6WKXG/yw30IT/4F8ADJD6GeygNT8QJYvt\n"
1024 "u/8lAkbOy6B9xGmSvr0Kk1oq9P2NshA6kalxp1Oz/DTNDdL4AeBXV3JmM6WWCjGn\n"
1025 "Yy1RT69d0rwYc5u/vnqODz1IjvT90smsrkBumGt791FAFeg=\n"
1026 "-----END CERTIFICATE-----\n";
1027
1028 static X509 *
1029 read_cert_from(const char *str)
1030 {
1031 BIO *bio = BIO_new(BIO_s_mem());
1032 BIO_write(bio, str, (int) strlen(str));
1033 X509 *res = PEM_read_bio_X509(bio, NULL, NULL, NULL);
1034 BIO_free(bio);
1035 return res;
1036 }
1037
1038 #ifndef OPENSSL_OPAQUE
1039 static void
1040 test_tortls_verify(void *ignored)
1041 {
1042 (void)ignored;
1043 int ret;
1044 tor_tls_t *tls;
1045 crypto_pk_t *k = NULL;
1046 X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
1047 *validCert = NULL, *caCert = NULL;
1048
1049 cert1 = tor_malloc_zero(sizeof(X509));
1050 cert1->references = 10;
1051
1052 cert2 = tor_malloc_zero(sizeof(X509));
1053 cert2->references = 10;
1054
1055 validCert = read_cert_from(validCertString);
1056 caCert = read_cert_from(caCertString);
1057 invalidCert = read_cert_from(notCompletelyValidCertString);
1058
1059 tls = tor_malloc_zero(sizeof(tor_tls_t));
1060 ret = tor_tls_verify(LOG_WARN, tls, &k);
1061 tt_int_op(ret, OP_EQ, -1);
1062
1063 MOCK(try_to_extract_certs_from_tls, fixed_try_to_extract_certs_from_tls);
1064
1065 fixed_try_to_extract_certs_from_tls_cert_out_result = cert1;
1066 ret = tor_tls_verify(LOG_WARN, tls, &k);
1067 tt_int_op(ret, OP_EQ, -1);
1068
1069 fixed_try_to_extract_certs_from_tls_id_cert_out_result = cert2;
1070 ret = tor_tls_verify(LOG_WARN, tls, &k);
1071 tt_int_op(ret, OP_EQ, -1);
1072
1073 fixed_try_to_extract_certs_from_tls_cert_out_result = invalidCert;
1074 fixed_try_to_extract_certs_from_tls_id_cert_out_result = invalidCert;
1075
1076 ret = tor_tls_verify(LOG_WARN, tls, &k);
1077 tt_int_op(ret, OP_EQ, -1);
1078
1079 fixed_try_to_extract_certs_from_tls_cert_out_result = validCert;
1080 fixed_try_to_extract_certs_from_tls_id_cert_out_result = caCert;
1081
1082 ret = tor_tls_verify(LOG_WARN, tls, &k);
1083 tt_int_op(ret, OP_EQ, 0);
1084 tt_assert(k);
1085
1086 done:
1087 UNMOCK(try_to_extract_certs_from_tls);
1088 tor_free(cert1);
1089 tor_free(cert2);
1090 tor_free(tls);
1091 tor_free(k);
1092 }
1093 #endif
1094
1095 #ifndef OPENSSL_OPAQUE
1096 static void
1097 test_tortls_check_lifetime(void *ignored)
1098 {
1099 (void)ignored;
1100 int ret;
1101 tor_tls_t *tls;
1102 X509 *validCert = read_cert_from(validCertString);
1103 time_t now = time(NULL);
1104
1105 tls = tor_malloc_zero(sizeof(tor_tls_t));
1106 ret = tor_tls_check_lifetime(LOG_WARN, tls, 0, 0);
1107 tt_int_op(ret, OP_EQ, -1);
1108
1109 tls->ssl = tor_malloc_zero(sizeof(SSL));
1110 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
1111 tls->ssl->session->peer = validCert;
1112 ret = tor_tls_check_lifetime(LOG_WARN, tls, 0, 0);
1113 tt_int_op(ret, OP_EQ, 0);
1114
1115 ASN1_STRING_free(validCert->cert_info->validity->notBefore);
1116 validCert->cert_info->validity->notBefore = ASN1_TIME_set(NULL, now-10);
1117 ASN1_STRING_free(validCert->cert_info->validity->notAfter);
1118 validCert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, now+60);
1119
1120 ret = tor_tls_check_lifetime(LOG_WARN, tls, 0, -1000);
1121 tt_int_op(ret, OP_EQ, -1);
1122
1123 ret = tor_tls_check_lifetime(LOG_WARN, tls, -1000, 0);
1124 tt_int_op(ret, OP_EQ, -1);
1125
1126 done:
1127 tor_free(tls->ssl->session);
1128 tor_free(tls->ssl);
1129 tor_free(tls);
1130 X509_free(validCert);
1131 }
1132 #endif
1133
1134 #ifndef OPENSSL_OPAQUE
1135 static int fixed_ssl_pending_result = 0;
1136
1137 static int
1138 fixed_ssl_pending(const SSL *ignored)
1139 {
1140 (void)ignored;
1141 return fixed_ssl_pending_result;
1142 }
1143
1144 static void
1145 test_tortls_get_pending_bytes(void *ignored)
1146 {
1147 (void)ignored;
1148 int ret;
1149 tor_tls_t *tls;
1150 SSL_METHOD *method;
1151
1152 tls = tor_malloc_zero(sizeof(tor_tls_t));
1153 tls->ssl = tor_malloc_zero(sizeof(SSL));
1154 method = tor_malloc_zero(sizeof(SSL_METHOD));
1155 method->ssl_pending = fixed_ssl_pending;
1156 tls->ssl->method = method;
1157
1158 fixed_ssl_pending_result = 42;
1159 ret = tor_tls_get_pending_bytes(tls);
1160 tt_int_op(ret, OP_EQ, 42);
1161
1162 done:
1163 tor_free(method);
1164 tor_free(tls->ssl);
1165 tor_free(tls);
1166 }
1167 #endif
1168
1169 static void
1170 test_tortls_get_forced_write_size(void *ignored)
1171 {
1172 (void)ignored;
1173 long ret;
1174 tor_tls_t *tls;
1175
1176 tls = tor_malloc_zero(sizeof(tor_tls_t));
1177
1178 tls->wantwrite_n = 43;
1179 ret = tor_tls_get_forced_write_size(tls);
1180 tt_int_op(ret, OP_EQ, 43);
1181
1182 done:
1183 tor_free(tls);
1184 }
1185
1186 extern uint64_t total_bytes_written_over_tls;
1187 extern uint64_t total_bytes_written_by_tls;
1188
1189 static void
1190 test_tortls_get_write_overhead_ratio(void *ignored)
1191 {
1192 (void)ignored;
1193 double ret;
1194
1195 total_bytes_written_over_tls = 0;
1196 ret = tls_get_write_overhead_ratio();
1197 tt_int_op(ret, OP_EQ, 1.0);
1198
1199 total_bytes_written_by_tls = 10;
1200 total_bytes_written_over_tls = 1;
1201 ret = tls_get_write_overhead_ratio();
1202 tt_int_op(ret, OP_EQ, 10.0);
1203
1204 total_bytes_written_by_tls = 10;
1205 total_bytes_written_over_tls = 2;
1206 ret = tls_get_write_overhead_ratio();
1207 tt_int_op(ret, OP_EQ, 5.0);
1208
1209 done:
1210 (void)0;
1211 }
1212
1213 static void
1214 test_tortls_used_v1_handshake(void *ignored)
1215 {
1216 (void)ignored;
1217 int ret;
1218 tor_tls_t *tls;
1219 tls = tor_malloc_zero(sizeof(tor_tls_t));
1220
1221 // These tests assume both V2 handshake server and client are enabled
1222 tls->wasV2Handshake = 0;
1223 ret = tor_tls_used_v1_handshake(tls);
1224 tt_int_op(ret, OP_EQ, 1);
1225
1226 tls->wasV2Handshake = 1;
1227 ret = tor_tls_used_v1_handshake(tls);
1228 tt_int_op(ret, OP_EQ, 0);
1229
1230 done:
1231 tor_free(tls);
1232 }
1233
1234 static void
1235 test_tortls_get_num_server_handshakes(void *ignored)
1236 {
1237 (void)ignored;
1238 int ret;
1239 tor_tls_t *tls;
1240
1241 tls = tor_malloc_zero(sizeof(tor_tls_t));
1242
1243 tls->server_handshake_count = 3;
1244 ret = tor_tls_get_num_server_handshakes(tls);
1245 tt_int_op(ret, OP_EQ, 3);
1246
1247 done:
1248 tor_free(tls);
1249 }
1250
1251 static void
1252 test_tortls_server_got_renegotiate(void *ignored)
1253 {
1254 (void)ignored;
1255 int ret;
1256 tor_tls_t *tls;
1257
1258 tls = tor_malloc_zero(sizeof(tor_tls_t));
1259
1260 tls->got_renegotiate = 1;
1261 ret = tor_tls_server_got_renegotiate(tls);
1262 tt_int_op(ret, OP_EQ, 1);
1263
1264 done:
1265 tor_free(tls);
1266 }
1267
1268 #ifndef OPENSSL_OPAQUE
1269 static void
1270 test_tortls_SSL_SESSION_get_master_key(void *ignored)
1271 {
1272 (void)ignored;
1273 size_t ret;
1274 tor_tls_t *tls;
1275 uint8_t *out;
1276 out = tor_malloc_zero(1);
1277 tls = tor_malloc_zero(sizeof(tor_tls_t));
1278 tls->ssl = tor_malloc_zero(sizeof(SSL));
1279 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
1280 tls->ssl->session->master_key_length = 1;
1281
1282 #ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
1283 tls->ssl->session->master_key[0] = 43;
1284 ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 0);
1285 tt_int_op(ret, OP_EQ, 1);
1286 tt_int_op(out[0], OP_EQ, 0);
1287
1288 ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 1);
1289 tt_int_op(ret, OP_EQ, 1);
1290 tt_int_op(out[0], OP_EQ, 43);
1291
1292 done:
1293 #endif
1294 tor_free(tls->ssl->session);
1295 tor_free(tls->ssl);
1296 tor_free(tls);
1297 tor_free(out);
1298 }
1299 #endif
1300
1301 #ifndef OPENSSL_OPAQUE
1302 static void
1303 test_tortls_get_tlssecrets(void *ignored)
1304 {
1305 (void)ignored;
1306 int ret;
1307 uint8_t *secret_out = tor_malloc_zero(DIGEST256_LEN);;
1308 tor_tls_t *tls;
1309 tls = tor_malloc_zero(sizeof(tor_tls_t));
1310 tls->ssl = tor_malloc_zero(sizeof(SSL));
1311 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
1312 tls->ssl->session->master_key_length = 1;
1313 tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
1314
1315 ret = tor_tls_get_tlssecrets(tls, secret_out);
1316 tt_int_op(ret, OP_EQ, 0);
1317
1318 done:
1319 tor_free(secret_out);
1320 tor_free(tls->ssl->s3);
1321 tor_free(tls->ssl->session);
1322 tor_free(tls->ssl);
1323 tor_free(tls);
1324 }
1325 #endif
1326
1327 #ifndef OPENSSL_OPAQUE
1328 static void
1329 test_tortls_get_buffer_sizes(void *ignored)
1330 {
1331 (void)ignored;
1332 int ret;
1333 tor_tls_t *tls;
1334 size_t rbuf_c=-1, rbuf_b=-1, wbuf_c=-1, wbuf_b=-1;
1335
1336 tls = tor_malloc_zero(sizeof(tor_tls_t));
1337 tls->ssl = tor_malloc_zero(sizeof(SSL));
1338 tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
1339
1340 tls->ssl->s3->rbuf.buf = NULL;
1341 tls->ssl->s3->rbuf.len = 1;
1342 tls->ssl->s3->rbuf.offset = 0;
1343 tls->ssl->s3->rbuf.left = 42;
1344
1345 tls->ssl->s3->wbuf.buf = NULL;
1346 tls->ssl->s3->wbuf.len = 2;
1347 tls->ssl->s3->wbuf.offset = 0;
1348 tls->ssl->s3->wbuf.left = 43;
1349
1350 #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
1351 ret = tor_tls_get_buffer_sizes(NULL, NULL, NULL, NULL, NULL);
1352 tt_int_op(ret, OP_EQ, -1);
1353 #else
1354 ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
1355 tt_int_op(ret, OP_EQ, 0);
1356 tt_int_op(rbuf_c, OP_EQ, 0);
1357 tt_int_op(wbuf_c, OP_EQ, 0);
1358 tt_int_op(rbuf_b, OP_EQ, 42);
1359 tt_int_op(wbuf_b, OP_EQ, 43);
1360
1361 tls->ssl->s3->rbuf.buf = tor_malloc_zero(1);
1362 tls->ssl->s3->wbuf.buf = tor_malloc_zero(1);
1363 ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
1364 tt_int_op(ret, OP_EQ, 0);
1365 tt_int_op(rbuf_c, OP_EQ, 1);
1366 tt_int_op(wbuf_c, OP_EQ, 2);
1367
1368 #endif
1369
1370 done:
1371 tor_free(tls->ssl->s3->rbuf.buf);
1372 tor_free(tls->ssl->s3->wbuf.buf);
1373 tor_free(tls->ssl->s3);
1374 tor_free(tls->ssl);
1375 tor_free(tls);
1376 }
1377 #endif
1378
1379 static void
1380 test_tortls_evaluate_ecgroup_for_tls(void *ignored)
1381 {
1382 (void)ignored;
1383 int ret;
1384
1385 ret = evaluate_ecgroup_for_tls(NULL);
1386 tt_int_op(ret, OP_EQ, 1);
1387
1388 ret = evaluate_ecgroup_for_tls("foobar");
1389 tt_int_op(ret, OP_EQ, 0);
1390
1391 ret = evaluate_ecgroup_for_tls("P256");
1392 tt_int_op(ret, OP_EQ, 1);
1393
1394 ret = evaluate_ecgroup_for_tls("P224");
1395 // tt_int_op(ret, OP_EQ, 1); This varies between machines
1396
1397 done:
1398 (void)0;
1399 }
1400
1401 #ifndef OPENSSL_OPAQUE
1402 typedef struct cert_pkey_st_local
1403 {
1404 X509 *x509;
1405 EVP_PKEY *privatekey;
1406 const EVP_MD *digest;
1407 } CERT_PKEY_local;
1408
1409 typedef struct sess_cert_st_local
1410 {
1411 STACK_OF(X509) *cert_chain;
1412 int peer_cert_type;
1413 CERT_PKEY_local *peer_key;
1414 CERT_PKEY_local peer_pkeys[8];
1415 int references;
1416 } SESS_CERT_local;
1417
1418 static void
1419 test_tortls_try_to_extract_certs_from_tls(void *ignored)
1420 {
1421 (void)ignored;
1422 tor_tls_t *tls;
1423 X509 *cert = NULL, *id_cert = NULL, *c1 = NULL, *c2 = NULL;
1424 SESS_CERT_local *sess = NULL;
1425
1426 c1 = read_cert_from(validCertString);
1427 c2 = read_cert_from(caCertString);
1428
1429 tls = tor_malloc_zero(sizeof(tor_tls_t));
1430 tls->ssl = tor_malloc_zero(sizeof(SSL));
1431 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
1432 sess = tor_malloc_zero(sizeof(SESS_CERT_local));
1433 tls->ssl->session->sess_cert = (void *)sess;
1434
1435 try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
1436 tt_assert(!cert);
1437 tt_assert(!id_cert);
1438
1439 tls->ssl->session->peer = c1;
1440 try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
1441 tt_assert(cert == c1);
1442 tt_assert(!id_cert);
1443 X509_free(cert); /* decrease refcnt */
1444
1445 sess->cert_chain = sk_X509_new_null();
1446 try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
1447 tt_assert(cert == c1);
1448 tt_assert(!id_cert);
1449 X509_free(cert); /* decrease refcnt */
1450
1451 sk_X509_push(sess->cert_chain, c1);
1452 sk_X509_push(sess->cert_chain, c2);
1453
1454 try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
1455 tt_assert(cert == c1);
1456 tt_assert(id_cert);
1457 X509_free(cert); /* decrease refcnt */
1458
1459 done:
1460 sk_X509_free(sess->cert_chain);
1461 tor_free(sess);
1462 tor_free(tls->ssl->session);
1463 tor_free(tls->ssl);
1464 tor_free(tls);
1465 X509_free(c1);
1466 X509_free(c2);
1467 }
1468 #endif
1469
1470 #ifndef OPENSSL_OPAQUE
1471 static void
1472 test_tortls_get_peer_cert(void *ignored)
1473 {
1474 (void)ignored;
1475 tor_x509_cert_t *ret;
1476 tor_tls_t *tls;
1477 X509 *cert = NULL;
1478
1479 cert = read_cert_from(validCertString);
1480
1481 tls = tor_malloc_zero(sizeof(tor_tls_t));
1482 tls->ssl = tor_malloc_zero(sizeof(SSL));
1483 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
1484
1485 ret = tor_tls_get_peer_cert(tls);
1486 tt_assert(!ret);
1487
1488 tls->ssl->session->peer = cert;
1489 ret = tor_tls_get_peer_cert(tls);
1490 tt_assert(ret);
1491 tt_assert(ret->cert == cert);
1492
1493 done:
1494 tor_x509_cert_free(ret);
1495 tor_free(tls->ssl->session);
1496 tor_free(tls->ssl);
1497 tor_free(tls);
1498 X509_free(cert);
1499 }
1500 #endif
1501
1502 #ifndef OPENSSL_OPAQUE
1503 static void
1504 test_tortls_peer_has_cert(void *ignored)
1505 {
1506 (void)ignored;
1507 int ret;
1508 tor_tls_t *tls;
1509 X509 *cert = NULL;
1510
1511 cert = read_cert_from(validCertString);
1512
1513 tls = tor_malloc_zero(sizeof(tor_tls_t));
1514 tls->ssl = tor_malloc_zero(sizeof(SSL));
1515 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
1516
1517 ret = tor_tls_peer_has_cert(tls);
1518 tt_assert(!ret);
1519
1520 tls->ssl->session->peer = cert;
1521 ret = tor_tls_peer_has_cert(tls);
1522 tt_assert(ret);
1523
1524 done:
1525 tor_free(tls->ssl->session);
1526 tor_free(tls->ssl);
1527 tor_free(tls);
1528 X509_free(cert);
1529 }
1530 #endif
1531
1532 static void
1533 test_tortls_is_server(void *ignored)
1534 {
1535 (void)ignored;
1536 tor_tls_t *tls;
1537 int ret;
1538
1539 tls = tor_malloc_zero(sizeof(tor_tls_t));
1540 tls->isServer = 1;
1541 ret = tor_tls_is_server(tls);
1542 tt_int_op(ret, OP_EQ, 1);
1543
1544 done:
1545 tor_free(tls);
1546 }
1547
1548 #ifndef OPENSSL_OPAQUE
1549 static void
1550 test_tortls_session_secret_cb(void *ignored)
1551 {
1552 (void)ignored;
1553 tor_tls_t *tls;
1554 SSL_CTX *ctx;
1555 STACK_OF(SSL_CIPHER) *ciphers = NULL;
1556 SSL_CIPHER *one;
1557
1558 SSL_library_init();
1559 SSL_load_error_strings();
1560 tor_tls_allocate_tor_tls_object_ex_data_index();
1561
1562 tls = tor_malloc_zero(sizeof(tor_tls_t));
1563
1564 tls->magic = TOR_TLS_MAGIC;
1565
1566 ctx = SSL_CTX_new(TLSv1_method());
1567 tls->ssl = SSL_new(ctx);
1568 SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
1569
1570 SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
1571
1572 tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
1573 tt_assert(!tls->ssl->tls_session_secret_cb);
1574
1575 one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
1576 one->id = 0x00ff;
1577 ciphers = sk_SSL_CIPHER_new_null();
1578 sk_SSL_CIPHER_push(ciphers, one);
1579
1580 tls->client_cipher_list_type = 0;
1581 tor_tls_session_secret_cb(tls->ssl, NULL, NULL, ciphers, NULL, NULL);
1582 tt_assert(!tls->ssl->tls_session_secret_cb);
1583
1584 done:
1585 sk_SSL_CIPHER_free(ciphers);
1586 SSL_free(tls->ssl);
1587 SSL_CTX_free(ctx);
1588 tor_free(tls);
1589 }
1590 #endif
1591
1592 #ifndef OPENSSL_OPAQUE
1593 /* TODO: It seems block_renegotiation and unblock_renegotiation and
1594 * using different blags. This might not be correct */
1595 static void
1596 test_tortls_block_renegotiation(void *ignored)
1597 {
1598 (void)ignored;
1599 tor_tls_t *tls;
1600
1601 tls = tor_malloc_zero(sizeof(tor_tls_t));
1602 tls->ssl = tor_malloc_zero(sizeof(SSL));
1603 tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
1604 tls->ssl->s3->flags = 0x0010;
1605
1606 tor_tls_block_renegotiation(tls);
1607
1608 tt_assert(!(SSL_get_options(tls->ssl) & 0x0010));
1609
1610 done:
1611 tor_free(tls->ssl->s3);
1612 tor_free(tls->ssl);
1613 tor_free(tls);
1614 }
1615
1616 static void
1617 test_tortls_unblock_renegotiation(void *ignored)
1618 {
1619 (void)ignored;
1620 tor_tls_t *tls;
1621
1622 tls = tor_malloc_zero(sizeof(tor_tls_t));
1623 tls->ssl = tor_malloc_zero(sizeof(SSL));
1624 tor_tls_unblock_renegotiation(tls);
1625
1626 tt_assert(SSL_get_options(tls->ssl) & 0x00040000L);
1627
1628 done:
1629 tor_free(tls->ssl);
1630 tor_free(tls);
1631 }
1632 #endif
1633
1634 #ifndef OPENSSL_OPAQUE
1635 static void
1636 test_tortls_assert_renegotiation_unblocked(void *ignored)
1637 {
1638 (void)ignored;
1639 tor_tls_t *tls;
1640
1641 tls = tor_malloc_zero(sizeof(tor_tls_t));
1642 tls->ssl = tor_malloc_zero(sizeof(SSL));
1643 tor_tls_unblock_renegotiation(tls);
1644 tor_tls_assert_renegotiation_unblocked(tls);
1645 /* No assertion here - this test will fail if tor_assert is turned on
1646 * and things are bad. */
1647
1648 tor_free(tls->ssl);
1649 tor_free(tls);
1650 }
1651 #endif
1652
1653 static void
1654 test_tortls_set_logged_address(void *ignored)
1655 {
1656 (void)ignored;
1657 tor_tls_t *tls;
1658
1659 tls = tor_malloc_zero(sizeof(tor_tls_t));
1660
1661 tor_tls_set_logged_address(tls, "foo bar");
1662
1663 tt_str_op(tls->address, OP_EQ, "foo bar");
1664
1665 tor_tls_set_logged_address(tls, "foo bar 2");
1666 tt_str_op(tls->address, OP_EQ, "foo bar 2");
1667
1668 done:
1669 tor_free(tls->address);
1670 tor_free(tls);
1671 }
1672
1673 #ifndef OPENSSL_OPAQUE
1674 static void
1675 example_cb(tor_tls_t *t, void *arg)
1676 {
1677 (void)t;
1678 (void)arg;
1679 }
1680
1681 static void
1682 test_tortls_set_renegotiate_callback(void *ignored)
1683 {
1684 (void)ignored;
1685 tor_tls_t *tls;
1686 const char *arg = "hello";
1687
1688 tls = tor_malloc_zero(sizeof(tor_tls_t));
1689 tls->ssl = tor_malloc_zero(sizeof(SSL));
1690
1691 tor_tls_set_renegotiate_callback(tls, example_cb, (void*)arg);
1692 tt_assert(tls->negotiated_callback == example_cb);
1693 tt_assert(tls->callback_arg == arg);
1694 tt_assert(!tls->got_renegotiate);
1695
1696 /* Assumes V2_HANDSHAKE_SERVER */
1697 tt_assert(tls->ssl->info_callback == tor_tls_server_info_callback);
1698
1699 tor_tls_set_renegotiate_callback(tls, NULL, (void*)arg);
1700 tt_assert(tls->ssl->info_callback == tor_tls_debug_state_callback);
1701
1702 done:
1703 tor_free(tls->ssl);
1704 tor_free(tls);
1705 }
1706 #endif
1707
1708 #ifndef OPENSSL_OPAQUE
1709 static SSL_CIPHER *fixed_cipher1 = NULL;
1710 static SSL_CIPHER *fixed_cipher2 = NULL;
1711 static const SSL_CIPHER *
1712 fake_get_cipher(unsigned ncipher)
1713 {
1714
1715 switch (ncipher) {
1716 case 1:
1717 return fixed_cipher1;
1718 case 2:
1719 return fixed_cipher2;
1720 default:
1721 return NULL;
1722 }
1723 }
1724 #endif
1725
1726 #ifndef OPENSSL_OPAQUE
1727 static void
1728 test_tortls_find_cipher_by_id(void *ignored)
1729 {
1730 (void)ignored;
1731 int ret;
1732 SSL *ssl;
1733 SSL_CTX *ctx;
1734 const SSL_METHOD *m = TLSv1_method();
1735 SSL_METHOD *empty_method = tor_malloc_zero(sizeof(SSL_METHOD));
1736
1737 fixed_cipher1 = tor_malloc_zero(sizeof(SSL_CIPHER));
1738 fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
1739 fixed_cipher2->id = 0xC00A;
1740
1741 SSL_library_init();
1742 SSL_load_error_strings();
1743
1744 ctx = SSL_CTX_new(m);
1745 ssl = SSL_new(ctx);
1746
1747 ret = find_cipher_by_id(ssl, NULL, 0xC00A);
1748 tt_int_op(ret, OP_EQ, 1);
1749
1750 ret = find_cipher_by_id(ssl, m, 0xC00A);
1751 tt_int_op(ret, OP_EQ, 1);
1752
1753 ret = find_cipher_by_id(ssl, m, 0xFFFF);
1754 tt_int_op(ret, OP_EQ, 0);
1755
1756 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1757 tt_int_op(ret, OP_EQ, 1);
1758
1759 ret = find_cipher_by_id(ssl, empty_method, 0xFFFF);
1760 #ifdef HAVE_SSL_CIPHER_FIND
1761 tt_int_op(ret, OP_EQ, 0);
1762 #else
1763 tt_int_op(ret, OP_EQ, 1);
1764 #endif
1765
1766 empty_method->get_cipher = fake_get_cipher;
1767 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1768 tt_int_op(ret, OP_EQ, 1);
1769
1770 empty_method->get_cipher = m->get_cipher;
1771 empty_method->num_ciphers = m->num_ciphers;
1772 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1773 tt_int_op(ret, OP_EQ, 1);
1774
1775 empty_method->get_cipher = fake_get_cipher;
1776 empty_method->num_ciphers = m->num_ciphers;
1777 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1778 tt_int_op(ret, OP_EQ, 1);
1779
1780 empty_method->num_ciphers = fake_num_ciphers;
1781 ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
1782 #ifdef HAVE_SSL_CIPHER_FIND
1783 tt_int_op(ret, OP_EQ, 1);
1784 #else
1785 tt_int_op(ret, OP_EQ, 0);
1786 #endif
1787
1788 done:
1789 tor_free(empty_method);
1790 SSL_free(ssl);
1791 SSL_CTX_free(ctx);
1792 tor_free(fixed_cipher1);
1793 }
1794 #endif
1795
1796 #ifndef OPENSSL_OPAQUE
1797 static void
1798 test_tortls_debug_state_callback(void *ignored)
1799 {
1800 (void)ignored;
1801 SSL *ssl;
1802 char *buf = tor_malloc_zero(1000);
1803 int n;
1804
1805 int previous_log = setup_capture_of_logs(LOG_DEBUG);
1806
1807 ssl = tor_malloc_zero(sizeof(SSL));
1808
1809 tor_tls_debug_state_callback(ssl, 32, 45);
1810
1811 n = tor_snprintf(buf, 1000, "SSL %p is now in state unknown"
1812 " state [type=32,val=45].\n", ssl);
1813 /* tor's snprintf returns -1 on error */
1814 tt_int_op(n, OP_NE, -1);
1815 expect_log_msg(buf);
1816
1817 done:
1818 teardown_capture_of_logs(previous_log);
1819 tor_free(buf);
1820 tor_free(ssl);
1821 }
1822 #endif
1823
1824 #ifndef OPENSSL_OPAQUE
1825 static void
1826 test_tortls_server_info_callback(void *ignored)
1827 {
1828 (void)ignored;
1829 tor_tls_t *tls;
1830 SSL_CTX *ctx;
1831 SSL *ssl;
1832 int previous_log = setup_capture_of_logs(LOG_WARN);
1833
1834 SSL_library_init();
1835 SSL_load_error_strings();
1836
1837 ctx = SSL_CTX_new(TLSv1_method());
1838 ssl = SSL_new(ctx);
1839
1840 tor_tls_allocate_tor_tls_object_ex_data_index();
1841
1842 tls = tor_malloc_zero(sizeof(tor_tls_t));
1843 tls->magic = TOR_TLS_MAGIC;
1844 tls->ssl = ssl;
1845
1846 tor_tls_server_info_callback(NULL, 0, 0);
1847
1848 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_A);
1849 mock_clean_saved_logs();
1850 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1851 expect_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
1852
1853 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
1854 mock_clean_saved_logs();
1855 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1856 expect_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
1857
1858 SSL_set_state(ssl, 99);
1859 mock_clean_saved_logs();
1860 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1861 expect_no_log_entry();
1862
1863 SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
1864 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
1865 tls->negotiated_callback = 0;
1866 tls->server_handshake_count = 120;
1867 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1868 tt_int_op(tls->server_handshake_count, OP_EQ, 121);
1869
1870 tls->server_handshake_count = 127;
1871 tls->negotiated_callback = (void *)1;
1872 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1873 tt_int_op(tls->server_handshake_count, OP_EQ, 127);
1874 tt_int_op(tls->got_renegotiate, OP_EQ, 1);
1875
1876 tls->ssl->session = SSL_SESSION_new();
1877 tls->wasV2Handshake = 0;
1878 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
1879 tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
1880
1881 done:
1882 teardown_capture_of_logs(previous_log);
1883 SSL_free(ssl);
1884 SSL_CTX_free(ctx);
1885 tor_free(tls);
1886 }
1887 #endif
1888
1889 #ifndef OPENSSL_OPAQUE
1890 static int fixed_ssl_read_result_index;
1891 static int fixed_ssl_read_result[5];
1892 static int fixed_ssl_shutdown_result;
1893
1894 static int
1895 fixed_ssl_read(SSL *s, void *buf, int len)
1896 {
1897 (void)s;
1898 (void)buf;
1899 (void)len;
1900 return fixed_ssl_read_result[fixed_ssl_read_result_index++];
1901 }
1902
1903 static int
1904 fixed_ssl_shutdown(SSL *s)
1905 {
1906 (void)s;
1907 return fixed_ssl_shutdown_result;
1908 }
1909
1910 static int fixed_ssl_state_to_set;
1911 static tor_tls_t *fixed_tls;
1912
1913 static int
1914 setting_version_ssl_shutdown(SSL *s)
1915 {
1916 s->version = SSL2_VERSION;
1917 return fixed_ssl_shutdown_result;
1918 }
1919
1920 static int
1921 setting_version_and_state_ssl_shutdown(SSL *s)
1922 {
1923 fixed_tls->state = fixed_ssl_state_to_set;
1924 s->version = SSL2_VERSION;
1925 return fixed_ssl_shutdown_result;
1926 }
1927
1928 static int
1929 dummy_handshake_func(SSL *s)
1930 {
1931 (void)s;
1932 return 1;
1933 }
1934
1935 static void
1936 test_tortls_shutdown(void *ignored)
1937 {
1938 (void)ignored;
1939 int ret;
1940 tor_tls_t *tls;
1941 SSL_METHOD *method = give_me_a_test_method();
1942 int previous_log = setup_capture_of_logs(LOG_WARN);
1943
1944 tls = tor_malloc_zero(sizeof(tor_tls_t));
1945 tls->ssl = tor_malloc_zero(sizeof(SSL));
1946 tls->ssl->method = method;
1947 method->ssl_read = fixed_ssl_read;
1948 method->ssl_shutdown = fixed_ssl_shutdown;
1949
1950 ret = tor_tls_shutdown(tls);
1951 tt_int_op(ret, OP_EQ, -9);
1952
1953 tls->state = TOR_TLS_ST_SENTCLOSE;
1954 fixed_ssl_read_result_index = 0;
1955 fixed_ssl_read_result[0] = 10;
1956 fixed_ssl_read_result[1] = -1;
1957 ret = tor_tls_shutdown(tls);
1958 tt_int_op(ret, OP_EQ, -9);
1959
1960 tls->ssl->handshake_func = dummy_handshake_func;
1961
1962 fixed_ssl_read_result_index = 0;
1963 fixed_ssl_read_result[0] = 10;
1964 fixed_ssl_read_result[1] = 42;
1965 fixed_ssl_read_result[2] = 0;
1966 fixed_ssl_shutdown_result = 1;
1967 ERR_clear_error();
1968 tls->ssl->version = SSL2_VERSION;
1969 ret = tor_tls_shutdown(tls);
1970 tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
1971 tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
1972
1973 fixed_ssl_read_result_index = 0;
1974 fixed_ssl_read_result[0] = 10;
1975 fixed_ssl_read_result[1] = 42;
1976 fixed_ssl_read_result[2] = 0;
1977 fixed_ssl_shutdown_result = 0;
1978 ERR_clear_error();
1979 tls->ssl->version = 0;
1980 ret = tor_tls_shutdown(tls);
1981 tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
1982 tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
1983
1984 fixed_ssl_read_result_index = 0;
1985 fixed_ssl_read_result[0] = 10;
1986 fixed_ssl_read_result[1] = 42;
1987 fixed_ssl_read_result[2] = 0;
1988 fixed_ssl_shutdown_result = 0;
1989 ERR_clear_error();
1990 tls->ssl->version = 0;
1991 method->ssl_shutdown = setting_version_ssl_shutdown;
1992 ret = tor_tls_shutdown(tls);
1993 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
1994
1995 fixed_ssl_read_result_index = 0;
1996 fixed_ssl_read_result[0] = 10;
1997 fixed_ssl_read_result[1] = 42;
1998 fixed_ssl_read_result[2] = 0;
1999 fixed_ssl_shutdown_result = 0;
2000 fixed_tls = tls;
2001 fixed_ssl_state_to_set = TOR_TLS_ST_GOTCLOSE;
2002 ERR_clear_error();
2003 tls->ssl->version = 0;
2004 method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
2005 ret = tor_tls_shutdown(tls);
2006 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
2007
2008 fixed_ssl_read_result_index = 0;
2009 fixed_ssl_read_result[0] = 10;
2010 fixed_ssl_read_result[1] = 42;
2011 fixed_ssl_read_result[2] = 0;
2012 fixed_ssl_read_result[3] = -1;
2013 fixed_ssl_shutdown_result = 0;
2014 fixed_tls = tls;
2015 fixed_ssl_state_to_set = 0;
2016 ERR_clear_error();
2017 tls->ssl->version = 0;
2018 method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
2019 ret = tor_tls_shutdown(tls);
2020 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
2021
2022 done:
2023 teardown_capture_of_logs(previous_log);
2024 tor_free(method);
2025 tor_free(tls->ssl);
2026 tor_free(tls);
2027 }
2028
2029 static int negotiated_callback_called;
2030
2031 static void
2032 negotiated_callback_setter(tor_tls_t *t, void *arg)
2033 {
2034 (void)t;
2035 (void)arg;
2036 negotiated_callback_called++;
2037 }
2038
2039 static void
2040 test_tortls_read(void *ignored)
2041 {
2042 (void)ignored;
2043 int ret;
2044 tor_tls_t *tls;
2045 char buf[100];
2046 SSL_METHOD *method = give_me_a_test_method();
2047 int previous_log = setup_capture_of_logs(LOG_WARN);
2048
2049 tls = tor_malloc_zero(sizeof(tor_tls_t));
2050 tls->ssl = tor_malloc_zero(sizeof(SSL));
2051 tls->state = TOR_TLS_ST_OPEN;
2052
2053 ret = tor_tls_read(tls, buf, 10);
2054 tt_int_op(ret, OP_EQ, -9);
2055
2056 /* These tests assume that V2_HANDSHAKE_SERVER is set */
2057 tls->ssl->handshake_func = dummy_handshake_func;
2058 tls->ssl->method = method;
2059 method->ssl_read = fixed_ssl_read;
2060 fixed_ssl_read_result_index = 0;
2061 fixed_ssl_read_result[0] = 42;
2062 tls->state = TOR_TLS_ST_OPEN;
2063 ERR_clear_error();
2064 ret = tor_tls_read(tls, buf, 10);
2065 tt_int_op(ret, OP_EQ, 42);
2066
2067 tls->state = TOR_TLS_ST_OPEN;
2068 tls->got_renegotiate = 1;
2069 fixed_ssl_read_result_index = 0;
2070 ERR_clear_error();
2071 ret = tor_tls_read(tls, buf, 10);
2072 tt_int_op(tls->got_renegotiate, OP_EQ, 0);
2073
2074 tls->state = TOR_TLS_ST_OPEN;
2075 tls->got_renegotiate = 1;
2076 negotiated_callback_called = 0;
2077 tls->negotiated_callback = negotiated_callback_setter;
2078 fixed_ssl_read_result_index = 0;
2079 ERR_clear_error();
2080 ret = tor_tls_read(tls, buf, 10);
2081 tt_int_op(negotiated_callback_called, OP_EQ, 1);
2082
2083 fixed_ssl_read_result_index = 0;
2084 fixed_ssl_read_result[0] = 0;
2085 tls->ssl->version = SSL2_VERSION;
2086 ERR_clear_error();
2087 ret = tor_tls_read(tls, buf, 10);
2088 tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
2089 tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
2090
2091 // TODO: fill up
2092
2093 done:
2094 teardown_capture_of_logs(previous_log);
2095 tor_free(tls->ssl);
2096 tor_free(tls);
2097 tor_free(method);
2098 }
2099
2100 static int fixed_ssl_write_result;
2101
2102 static int
2103 fixed_ssl_write(SSL *s, const void *buf, int len)
2104 {
2105 (void)s;
2106 (void)buf;
2107 (void)len;
2108 return fixed_ssl_write_result;
2109 }
2110
2111 static void
2112 test_tortls_write(void *ignored)
2113 {
2114 (void)ignored;
2115 int ret;
2116 tor_tls_t *tls;
2117 SSL_METHOD *method = give_me_a_test_method();
2118 char buf[100];
2119 int previous_log = setup_capture_of_logs(LOG_WARN);
2120
2121 tls = tor_malloc_zero(sizeof(tor_tls_t));
2122 tls->ssl = tor_malloc_zero(sizeof(SSL));
2123 tls->state = TOR_TLS_ST_OPEN;
2124
2125 ret = tor_tls_write(tls, buf, 0);
2126 tt_int_op(ret, OP_EQ, 0);
2127
2128 ret = tor_tls_write(tls, buf, 10);
2129 tt_int_op(ret, OP_EQ, -9);
2130
2131 tls->ssl->method = method;
2132 tls->wantwrite_n = 1;
2133 ret = tor_tls_write(tls, buf, 10);
2134 tt_int_op(tls->wantwrite_n, OP_EQ, 0);
2135
2136 method->ssl_write = fixed_ssl_write;
2137 tls->ssl->handshake_func = dummy_handshake_func;
2138 fixed_ssl_write_result = 1;
2139 ERR_clear_error();
2140 ret = tor_tls_write(tls, buf, 10);
2141 tt_int_op(ret, OP_EQ, 1);
2142
2143 fixed_ssl_write_result = -1;
2144 ERR_clear_error();
2145 tls->ssl->rwstate = SSL_READING;
2146 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
2147 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
2148 ret = tor_tls_write(tls, buf, 10);
2149 tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
2150
2151 ERR_clear_error();
2152 tls->ssl->rwstate = SSL_READING;
2153 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
2154 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
2155 ret = tor_tls_write(tls, buf, 10);
2156 tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
2157
2158 done:
2159 teardown_capture_of_logs(previous_log);
2160 BIO_free(tls->ssl->rbio);
2161 tor_free(tls->ssl);
2162 tor_free(tls);
2163 tor_free(method);
2164 }
2165 #endif
2166
2167 #ifndef OPENSSL_OPAQUE
2168 static int fixed_ssl_accept_result;
2169 static int fixed_ssl_connect_result;
2170
2171 static int
2172 setting_error_ssl_accept(SSL *ssl)
2173 {
2174 (void)ssl;
2175 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
2176 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
2177 return fixed_ssl_accept_result;
2178 }
2179
2180 static int
2181 setting_error_ssl_connect(SSL *ssl)
2182 {
2183 (void)ssl;
2184 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
2185 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
2186 return fixed_ssl_connect_result;
2187 }
2188
2189 static int
2190 fixed_ssl_accept(SSL *ssl)
2191 {
2192 (void) ssl;
2193 return fixed_ssl_accept_result;
2194 }
2195
2196 static void
2197 test_tortls_handshake(void *ignored)
2198 {
2199 (void)ignored;
2200 int ret;
2201 tor_tls_t *tls;
2202 SSL_CTX *ctx;
2203 SSL_METHOD *method = give_me_a_test_method();
2204 int previous_log = setup_capture_of_logs(LOG_INFO);
2205
2206 SSL_library_init();
2207 SSL_load_error_strings();
2208
2209 ctx = SSL_CTX_new(TLSv1_method());
2210
2211 tls = tor_malloc_zero(sizeof(tor_tls_t));
2212 tls->ssl = SSL_new(ctx);
2213 tls->state = TOR_TLS_ST_HANDSHAKE;
2214
2215 ret = tor_tls_handshake(tls);
2216 tt_int_op(ret, OP_EQ, -9);
2217
2218 tls->isServer = 1;
2219 tls->state = TOR_TLS_ST_HANDSHAKE;
2220 ret = tor_tls_handshake(tls);
2221 tt_int_op(ret, OP_EQ, -9);
2222
2223 tls->ssl->method = method;
2224 method->ssl_accept = fixed_ssl_accept;
2225 fixed_ssl_accept_result = 2;
2226 ERR_clear_error();
2227 tls->state = TOR_TLS_ST_HANDSHAKE;
2228 ret = tor_tls_handshake(tls);
2229 tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_OPEN);
2230
2231 method->ssl_accept = setting_error_ssl_accept;
2232 fixed_ssl_accept_result = 1;
2233 ERR_clear_error();
2234 mock_clean_saved_logs();
2235 tls->state = TOR_TLS_ST_HANDSHAKE;
2236 ret = tor_tls_handshake(tls);
2237 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
2238 expect_log_entry();
2239 /* This fails on jessie. Investigate why! */
2240 #if 0
2241 expect_log_msg("TLS error while handshaking: (null) (in bignum routines:"
2242 "(null):SSLv3 write client hello B)\n");
2243 expect_log_msg("TLS error while handshaking: (null) (in system library:"
2244 "connect:SSLv3 write client hello B)\n");
2245 #endif
2246 expect_log_severity(LOG_INFO);
2247
2248 tls->isServer = 0;
2249 method->ssl_connect = setting_error_ssl_connect;
2250 fixed_ssl_connect_result = 1;
2251 ERR_clear_error();
2252 mock_clean_saved_logs();
2253 tls->state = TOR_TLS_ST_HANDSHAKE;
2254 ret = tor_tls_handshake(tls);
2255 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
2256 expect_log_entry();
2257 #if 0
2258 /* See above */
2259 expect_log_msg("TLS error while handshaking: "
2260 "(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
2261 expect_log_msg("TLS error while handshaking: "
2262 "(null) (in system library:connect:SSLv3 write client hello B)\n");
2263 #endif
2264 expect_log_severity(LOG_WARN);
2265
2266 done:
2267 teardown_capture_of_logs(previous_log);
2268 SSL_free(tls->ssl);
2269 SSL_CTX_free(ctx);
2270 tor_free(tls);
2271 tor_free(method);
2272 }
2273 #endif
2274
2275 #ifndef OPENSSL_OPAQUE
2276 static void
2277 test_tortls_finish_handshake(void *ignored)
2278 {
2279 (void)ignored;
2280 int ret;
2281 tor_tls_t *tls;
2282 SSL_CTX *ctx;
2283 SSL_METHOD *method = give_me_a_test_method();
2284 SSL_library_init();
2285 SSL_load_error_strings();
2286
2287 X509 *c1 = read_cert_from(validCertString);
2288 SESS_CERT_local *sess = NULL;
2289
2290 ctx = SSL_CTX_new(method);
2291
2292 tls = tor_malloc_zero(sizeof(tor_tls_t));
2293 tls->ssl = SSL_new(ctx);
2294 tls->state = TOR_TLS_ST_OPEN;
2295
2296 ret = tor_tls_finish_handshake(tls);
2297 tt_int_op(ret, OP_EQ, 0);
2298
2299 tls->isServer = 1;
2300 tls->wasV2Handshake = 0;
2301 ret = tor_tls_finish_handshake(tls);
2302 tt_int_op(ret, OP_EQ, 0);
2303 tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
2304
2305 tls->wasV2Handshake = 1;
2306 ret = tor_tls_finish_handshake(tls);
2307 tt_int_op(ret, OP_EQ, 0);
2308 tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
2309
2310 tls->wasV2Handshake = 1;
2311 tls->ssl->session = SSL_SESSION_new();
2312 ret = tor_tls_finish_handshake(tls);
2313 tt_int_op(ret, OP_EQ, 0);
2314 tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
2315
2316 tls->isServer = 0;
2317
2318 sess = tor_malloc_zero(sizeof(SESS_CERT_local));
2319 tls->ssl->session->sess_cert = (void *)sess;
2320 sess->cert_chain = sk_X509_new_null();
2321 sk_X509_push(sess->cert_chain, c1);
2322 tls->ssl->session->peer = c1;
2323 tls->wasV2Handshake = 0;
2324 ret = tor_tls_finish_handshake(tls);
2325 tt_int_op(ret, OP_EQ, 0);
2326 tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
2327
2328 method->num_ciphers = fake_num_ciphers;
2329 ret = tor_tls_finish_handshake(tls);
2330 tt_int_op(ret, OP_EQ, -9);
2331
2332 done:
2333 if (sess)
2334 sk_X509_free(sess->cert_chain);
2335 if (tls->ssl && tls->ssl->session) {
2336 tor_free(tls->ssl->session->sess_cert);
2337 }
2338 SSL_free(tls->ssl);
2339 tor_free(tls);
2340 SSL_CTX_free(ctx);
2341 tor_free(method);
2342 }
2343 #endif
2344
2345 static int fixed_crypto_pk_new_result_index;
2346 static crypto_pk_t *fixed_crypto_pk_new_result[5];
2347
2348 static crypto_pk_t *
2349 fixed_crypto_pk_new(void)
2350 {
2351 return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++];
2352 }
2353
2354 #ifndef OPENSSL_OPAQUE
2355 static int fixed_crypto_pk_generate_key_with_bits_result_index;
2356 static int fixed_crypto_pk_generate_key_with_bits_result[5];
2357 static int fixed_tor_tls_create_certificate_result_index;
2358 static X509 *fixed_tor_tls_create_certificate_result[5];
2359 static int fixed_tor_x509_cert_new_result_index;
2360 static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5];
2361
2362 static int
2363 fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
2364 {
2365 (void)env;
2366 (void)bits;
2367 return fixed_crypto_pk_generate_key_with_bits_result[
2368 fixed_crypto_pk_generate_key_with_bits_result_index++];
2369 }
2370
2371 static X509 *
2372 fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
2373 crypto_pk_t *rsa_sign,
2374 const char *cname,
2375 const char *cname_sign,
2376 unsigned int cert_lifetime)
2377 {
2378 (void)rsa;
2379 (void)rsa_sign;
2380 (void)cname;
2381 (void)cname_sign;
2382 (void)cert_lifetime;
2383 return fixed_tor_tls_create_certificate_result[
2384 fixed_tor_tls_create_certificate_result_index++];
2385 }
2386
2387 static tor_x509_cert_t *
2388 fixed_tor_x509_cert_new(X509 *x509_cert)
2389 {
2390 (void) x509_cert;
2391 return fixed_tor_x509_cert_new_result[
2392 fixed_tor_x509_cert_new_result_index++];
2393 }
2394
2395 static void
2396 test_tortls_context_new(void *ignored)
2397 {
2398 (void)ignored;
2399 tor_tls_context_t *ret;
2400 crypto_pk_t *pk1, *pk2, *pk3, *pk4, *pk5, *pk6, *pk7, *pk8, *pk9, *pk10,
2401 *pk11, *pk12, *pk13, *pk14, *pk15, *pk16, *pk17, *pk18;
2402
2403 pk1 = crypto_pk_new();
2404 pk2 = crypto_pk_new();
2405 pk3 = crypto_pk_new();
2406 pk4 = crypto_pk_new();
2407 pk5 = crypto_pk_new();
2408 pk6 = crypto_pk_new();
2409 pk7 = crypto_pk_new();
2410 pk8 = crypto_pk_new();
2411 pk9 = crypto_pk_new();
2412 pk10 = crypto_pk_new();
2413 pk11 = crypto_pk_new();
2414 pk12 = crypto_pk_new();
2415 pk13 = crypto_pk_new();
2416 pk14 = crypto_pk_new();
2417 pk15 = crypto_pk_new();
2418 pk16 = crypto_pk_new();
2419 pk17 = crypto_pk_new();
2420 pk18 = crypto_pk_new();
2421
2422 fixed_crypto_pk_new_result_index = 0;
2423 fixed_crypto_pk_new_result[0] = NULL;
2424 MOCK(crypto_pk_new, fixed_crypto_pk_new);
2425 ret = tor_tls_context_new(NULL, 0, 0, 0);
2426 tt_assert(!ret);
2427
2428 MOCK(crypto_pk_generate_key_with_bits,
2429 fixed_crypto_pk_generate_key_with_bits);
2430 fixed_crypto_pk_new_result_index = 0;
2431 fixed_crypto_pk_new_result[0] = pk1;
2432 fixed_crypto_pk_new_result[1] = NULL;
2433 fixed_crypto_pk_generate_key_with_bits_result[0] = -1;
2434 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2435 ret = tor_tls_context_new(NULL, 0, 0, 0);
2436 tt_assert(!ret);
2437
2438 fixed_crypto_pk_new_result_index = 0;
2439 fixed_crypto_pk_new_result[0] = pk2;
2440 fixed_crypto_pk_new_result[1] = NULL;
2441 fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
2442 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2443 ret = tor_tls_context_new(NULL, 0, 0, 0);
2444 tt_assert(!ret);
2445
2446 fixed_crypto_pk_new_result_index = 0;
2447 fixed_crypto_pk_new_result[0] = pk3;
2448 fixed_crypto_pk_new_result[1] = pk4;
2449 fixed_crypto_pk_new_result[2] = NULL;
2450 fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
2451 fixed_crypto_pk_generate_key_with_bits_result[1] = -1;
2452 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2453 ret = tor_tls_context_new(NULL, 0, 0, 0);
2454 tt_assert(!ret);
2455
2456 MOCK(tor_tls_create_certificate, fixed_tor_tls_create_certificate);
2457
2458 fixed_crypto_pk_new_result_index = 0;
2459 fixed_crypto_pk_new_result[0] = pk5;
2460 fixed_crypto_pk_new_result[1] = pk6;
2461 fixed_crypto_pk_new_result[2] = NULL;
2462 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2463 fixed_crypto_pk_generate_key_with_bits_result[1] = 0;
2464 fixed_tor_tls_create_certificate_result_index = 0;
2465 fixed_tor_tls_create_certificate_result[0] = NULL;
2466 fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
2467 fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
2468 ret = tor_tls_context_new(NULL, 0, 0, 0);
2469 tt_assert(!ret);
2470
2471 fixed_crypto_pk_new_result_index = 0;
2472 fixed_crypto_pk_new_result[0] = pk7;
2473 fixed_crypto_pk_new_result[1] = pk8;
2474 fixed_crypto_pk_new_result[2] = NULL;
2475 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2476 fixed_tor_tls_create_certificate_result_index = 0;
2477 fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
2478 fixed_tor_tls_create_certificate_result[1] = NULL;
2479 fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
2480 ret = tor_tls_context_new(NULL, 0, 0, 0);
2481 tt_assert(!ret);
2482
2483 fixed_crypto_pk_new_result_index = 0;
2484 fixed_crypto_pk_new_result[0] = pk9;
2485 fixed_crypto_pk_new_result[1] = pk10;
2486 fixed_crypto_pk_new_result[2] = NULL;
2487 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2488 fixed_tor_tls_create_certificate_result_index = 0;
2489 fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
2490 fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
2491 fixed_tor_tls_create_certificate_result[2] = NULL;
2492 ret = tor_tls_context_new(NULL, 0, 0, 0);
2493 tt_assert(!ret);
2494
2495 MOCK(tor_x509_cert_new, fixed_tor_x509_cert_new);
2496 fixed_crypto_pk_new_result_index = 0;
2497 fixed_crypto_pk_new_result[0] = pk11;
2498 fixed_crypto_pk_new_result[1] = pk12;
2499 fixed_crypto_pk_new_result[2] = NULL;
2500 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2501 fixed_tor_tls_create_certificate_result_index = 0;
2502 fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
2503 fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
2504 fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
2505 fixed_tor_x509_cert_new_result_index = 0;
2506 fixed_tor_x509_cert_new_result[0] = NULL;
2507 fixed_tor_x509_cert_new_result[1] = NULL;
2508 fixed_tor_x509_cert_new_result[2] = NULL;
2509 ret = tor_tls_context_new(NULL, 0, 0, 0);
2510 tt_assert(!ret);
2511
2512 fixed_crypto_pk_new_result_index = 0;
2513 fixed_crypto_pk_new_result[0] = pk13;
2514 fixed_crypto_pk_new_result[1] = pk14;
2515 fixed_crypto_pk_new_result[2] = NULL;
2516 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2517 fixed_tor_tls_create_certificate_result_index = 0;
2518 fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
2519 fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
2520 fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
2521 fixed_tor_x509_cert_new_result_index = 0;
2522 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2523 fixed_tor_x509_cert_new_result[1] = NULL;
2524 fixed_tor_x509_cert_new_result[2] = NULL;
2525 ret = tor_tls_context_new(NULL, 0, 0, 0);
2526 tt_assert(!ret);
2527
2528 fixed_crypto_pk_new_result_index = 0;
2529 fixed_crypto_pk_new_result[0] = pk15;
2530 fixed_crypto_pk_new_result[1] = pk16;
2531 fixed_crypto_pk_new_result[2] = NULL;
2532 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2533 fixed_tor_tls_create_certificate_result_index = 0;
2534 fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
2535 fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
2536 fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
2537 fixed_tor_x509_cert_new_result_index = 0;
2538 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2539 fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2540 fixed_tor_x509_cert_new_result[2] = NULL;
2541 ret = tor_tls_context_new(NULL, 0, 0, 0);
2542 tt_assert(!ret);
2543
2544 fixed_crypto_pk_new_result_index = 0;
2545 fixed_crypto_pk_new_result[0] = pk17;
2546 fixed_crypto_pk_new_result[1] = pk18;
2547 fixed_crypto_pk_new_result[2] = NULL;
2548 fixed_crypto_pk_generate_key_with_bits_result_index = 0;
2549 fixed_tor_tls_create_certificate_result_index = 0;
2550 fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
2551 fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
2552 fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
2553 fixed_tor_x509_cert_new_result_index = 0;
2554 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2555 fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2556 fixed_tor_x509_cert_new_result[2] = tor_malloc_zero(sizeof(tor_x509_cert_t));
2557 ret = tor_tls_context_new(NULL, 0, 0, 0);
2558 tt_assert(!ret);
2559
2560 done:
2561 UNMOCK(tor_x509_cert_new);
2562 UNMOCK(tor_tls_create_certificate);
2563 UNMOCK(crypto_pk_generate_key_with_bits);
2564 UNMOCK(crypto_pk_new);
2565 }
2566 #endif
2567
2568 static int fixed_crypto_pk_get_evp_pkey_result_index = 0;
2569 static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5];
2570
2571 static EVP_PKEY *
2572 fixed_crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private)
2573 {
2574 (void) env;
2575 (void) private;
2576 return fixed_crypto_pk_get_evp_pkey_result[
2577 fixed_crypto_pk_get_evp_pkey_result_index++];
2578 }
2579
2580 static void
2581 test_tortls_create_certificate(void *ignored)
2582 {
2583 (void)ignored;
2584 X509 *ret;
2585 crypto_pk_t *pk1, *pk2;
2586
2587 pk1 = crypto_pk_new();
2588 pk2 = crypto_pk_new();
2589
2590 MOCK(crypto_pk_get_evp_pkey_, fixed_crypto_pk_get_evp_pkey_);
2591 fixed_crypto_pk_get_evp_pkey_result_index = 0;
2592 fixed_crypto_pk_get_evp_pkey_result[0] = NULL;
2593 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2594 tt_assert(!ret);
2595
2596 fixed_crypto_pk_get_evp_pkey_result_index = 0;
2597 fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));
2598 fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
2599 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2600 tt_assert(!ret);
2601
2602 fixed_crypto_pk_get_evp_pkey_result_index = 0;
2603 fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));
2604 fixed_crypto_pk_get_evp_pkey_result[1] = tor_malloc_zero(sizeof(EVP_PKEY));
2605 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
2606 tt_assert(!ret);
2607
2608 done:
2609 UNMOCK(crypto_pk_get_evp_pkey_);
2610 crypto_pk_free(pk1);
2611 crypto_pk_free(pk2);
2612 }
2613
2614 static void
2615 test_tortls_cert_new(void *ignored)
2616 {
2617 (void)ignored;
2618 tor_x509_cert_t *ret;
2619 X509 *cert = read_cert_from(validCertString);
2620
2621 ret = tor_x509_cert_new(NULL);
2622 tt_assert(!ret);
2623
2624 ret = tor_x509_cert_new(cert);
2625 tt_assert(ret);
2626 tor_x509_cert_free(ret);
2627 ret = NULL;
2628
2629 #if 0
2630 cert = read_cert_from(validCertString);
2631 /* XXX this doesn't do what you think: it alters a copy of the pubkey. */
2632 X509_get_pubkey(cert)->type = EVP_PKEY_DSA;
2633 ret = tor_x509_cert_new(cert);
2634 tt_assert(ret);
2635 #endif
2636
2637 #ifndef OPENSSL_OPAQUE
2638 cert = read_cert_from(validCertString);
2639 X509_CINF_free(cert->cert_info);
2640 cert->cert_info = NULL;
2641 ret = tor_x509_cert_new(cert);
2642 tt_assert(ret);
2643 #endif
2644
2645 done:
2646 tor_x509_cert_free(ret);
2647 }
2648
2649 static void
2650 test_tortls_cert_is_valid(void *ignored)
2651 {
2652 (void)ignored;
2653 int ret;
2654 tor_x509_cert_t *cert = NULL, *scert = NULL;
2655
2656 scert = tor_malloc_zero(sizeof(tor_x509_cert_t));
2657 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
2658 tt_int_op(ret, OP_EQ, 0);
2659
2660 cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
2661 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
2662 tt_int_op(ret, OP_EQ, 0);
2663 tor_free(scert);
2664 tor_free(cert);
2665
2666 cert = tor_x509_cert_new(read_cert_from(validCertString));
2667 scert = tor_x509_cert_new(read_cert_from(caCertString));
2668 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
2669 tt_int_op(ret, OP_EQ, 1);
2670
2671 #ifndef OPENSSL_OPAQUE
2672 tor_x509_cert_free(cert);
2673 tor_x509_cert_free(scert);
2674 cert = tor_x509_cert_new(read_cert_from(validCertString));
2675 scert = tor_x509_cert_new(read_cert_from(caCertString));
2676 ASN1_TIME_free(cert->cert->cert_info->validity->notAfter);
2677 cert->cert->cert_info->validity->notAfter =
2678 ASN1_TIME_set(NULL, time(NULL)-1000000);
2679 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
2680 tt_int_op(ret, OP_EQ, 0);
2681
2682 tor_x509_cert_free(cert);
2683 tor_x509_cert_free(scert);
2684 cert = tor_x509_cert_new(read_cert_from(validCertString));
2685 scert = tor_x509_cert_new(read_cert_from(caCertString));
2686 X509_PUBKEY_free(cert->cert->cert_info->key);
2687 cert->cert->cert_info->key = NULL;
2688 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
2689 tt_int_op(ret, OP_EQ, 0);
2690 #endif
2691
2692 #if 0
2693 tor_x509_cert_free(cert);
2694 tor_x509_cert_free(scert);
2695 cert = tor_x509_cert_new(read_cert_from(validCertString));
2696 scert = tor_x509_cert_new(read_cert_from(caCertString));
2697 /* This doesn't actually change the key in the cert. XXXXXX */
2698 BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n);
2699 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
2700 tt_int_op(ret, OP_EQ, 0);
2701
2702 tor_x509_cert_free(cert);
2703 tor_x509_cert_free(scert);
2704 cert = tor_x509_cert_new(read_cert_from(validCertString));
2705 scert = tor_x509_cert_new(read_cert_from(caCertString));
2706 /* This doesn't actually change the key in the cert. XXXXXX */
2707 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2708 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
2709 tt_int_op(ret, OP_EQ, 0);
2710
2711 tor_x509_cert_free(cert);
2712 tor_x509_cert_free(scert);
2713 cert = tor_x509_cert_new(read_cert_from(validCertString));
2714 scert = tor_x509_cert_new(read_cert_from(caCertString));
2715 /* This doesn't actually change the key in the cert. XXXXXX */
2716 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2717 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
2718 tt_int_op(ret, OP_EQ, 1);
2719
2720 tor_x509_cert_free(cert);
2721 tor_x509_cert_free(scert);
2722 cert = tor_x509_cert_new(read_cert_from(validCertString));
2723 scert = tor_x509_cert_new(read_cert_from(caCertString));
2724 /* This doesn't actually change the key in the cert. XXXXXX */
2725 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
2726 X509_get_pubkey(cert->cert)->ameth = NULL;
2727 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
2728 tt_int_op(ret, OP_EQ, 0);
2729 #endif
2730
2731 done:
2732 tor_x509_cert_free(cert);
2733 tor_x509_cert_free(scert);
2734 }
2735
2736 static void
2737 test_tortls_context_init_one(void *ignored)
2738 {
2739 (void)ignored;
2740 int ret;
2741 tor_tls_context_t *old = NULL;
2742
2743 MOCK(crypto_pk_new, fixed_crypto_pk_new);
2744
2745 fixed_crypto_pk_new_result_index = 0;
2746 fixed_crypto_pk_new_result[0] = NULL;
2747 ret = tor_tls_context_init_one(&old, NULL, 0, 0, 0);
2748 tt_int_op(ret, OP_EQ, -1);
2749
2750 done:
2751 UNMOCK(crypto_pk_new);
2752 }
2753
2754 #define LOCAL_TEST_CASE(name, flags) \
2755 { #name, test_tortls_##name, (flags|TT_FORK), NULL, NULL }
2756
2757 #ifdef OPENSSL_OPAQUE
2758 #define INTRUSIVE_TEST_CASE(name, flags) \
2759 { #name, NULL, TT_SKIP, NULL, NULL }
2760 #else
2761 #define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags)
2762 #endif
2763
2764 struct testcase_t tortls_tests[] = {
2765 LOCAL_TEST_CASE(errno_to_tls_error, 0),
2766 LOCAL_TEST_CASE(err_to_string, 0),
2767 LOCAL_TEST_CASE(tor_tls_new, TT_FORK),
2768 LOCAL_TEST_CASE(tor_tls_get_error, 0),
2769 LOCAL_TEST_CASE(get_state_description, TT_FORK),
2770 LOCAL_TEST_CASE(get_by_ssl, TT_FORK),
2771 LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK),
2772 LOCAL_TEST_CASE(log_one_error, TT_FORK),
2773 INTRUSIVE_TEST_CASE(get_error, TT_FORK),
2774 LOCAL_TEST_CASE(always_accept_verify_cb, 0),
2775 INTRUSIVE_TEST_CASE(x509_cert_free, 0),
2776 LOCAL_TEST_CASE(x509_cert_get_id_digests, 0),
2777 INTRUSIVE_TEST_CASE(cert_matches_key, 0),
2778 INTRUSIVE_TEST_CASE(cert_get_key, 0),
2779 LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK),
2780 LOCAL_TEST_CASE(get_my_certs, TT_FORK),
2781 INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0),
2782 INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
2783 LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
2784 INTRUSIVE_TEST_CASE(verify, 0),
2785 INTRUSIVE_TEST_CASE(check_lifetime, 0),
2786 INTRUSIVE_TEST_CASE(get_pending_bytes, 0),
2787 LOCAL_TEST_CASE(get_forced_write_size, 0),
2788 LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
2789 LOCAL_TEST_CASE(used_v1_handshake, TT_FORK),
2790 LOCAL_TEST_CASE(get_num_server_handshakes, 0),
2791 LOCAL_TEST_CASE(server_got_renegotiate, 0),
2792 INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0),
2793 INTRUSIVE_TEST_CASE(get_tlssecrets, 0),
2794 INTRUSIVE_TEST_CASE(get_buffer_sizes, 0),
2795 LOCAL_TEST_CASE(evaluate_ecgroup_for_tls, 0),
2796 INTRUSIVE_TEST_CASE(try_to_extract_certs_from_tls, 0),
2797 INTRUSIVE_TEST_CASE(get_peer_cert, 0),
2798 INTRUSIVE_TEST_CASE(peer_has_cert, 0),
2799 INTRUSIVE_TEST_CASE(shutdown, 0),
2800 INTRUSIVE_TEST_CASE(finish_handshake, 0),
2801 INTRUSIVE_TEST_CASE(handshake, 0),
2802 INTRUSIVE_TEST_CASE(write, 0),
2803 INTRUSIVE_TEST_CASE(read, 0),
2804 INTRUSIVE_TEST_CASE(server_info_callback, 0),
2805 LOCAL_TEST_CASE(is_server, 0),
2806 INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
2807 INTRUSIVE_TEST_CASE(block_renegotiation, 0),
2808 INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
2809 INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),
2810 LOCAL_TEST_CASE(set_logged_address, 0),
2811 INTRUSIVE_TEST_CASE(find_cipher_by_id, 0),
2812 INTRUSIVE_TEST_CASE(session_secret_cb, 0),
2813 INTRUSIVE_TEST_CASE(debug_state_callback, 0),
2814 INTRUSIVE_TEST_CASE(context_new, 0),
2815 LOCAL_TEST_CASE(create_certificate, 0),
2816 LOCAL_TEST_CASE(cert_new, 0),
2817 LOCAL_TEST_CASE(cert_is_valid, 0),
2818 LOCAL_TEST_CASE(context_init_one, 0),
2819 END_OF_TESTCASES
2820 };
2821
The Onion Router