diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2016-12-26 15:31:39 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2016-12-26 15:31:39 +0000 |
commit | 1ac05a8689bcdb2d28bb91a39a8b5037706cc09c (patch) | |
tree | 5702a2acea53fe3fb7bfc3c17f6f992fa5d8fb8a /regress/lib | |
parent | 64cab4e3e790c7bb45a0f59de2e73295be3bef24 (diff) |
Extend regress to include a peer certificate in the session.
Diffstat (limited to 'regress/lib')
-rw-r--r-- | regress/lib/libssl/asn1/asn1test.c | 192 |
1 files changed, 134 insertions, 58 deletions
diff --git a/regress/lib/libssl/asn1/asn1test.c b/regress/lib/libssl/asn1/asn1test.c index 28cd3d827af..69be0867241 100644 --- a/regress/lib/libssl/asn1/asn1test.c +++ b/regress/lib/libssl/asn1/asn1test.c @@ -1,6 +1,6 @@ -/* $OpenBSD: asn1test.c,v 1.5 2016/12/26 15:24:03 jsing Exp $ */ +/* $OpenBSD: asn1test.c,v 1.6 2016/12/26 15:31:38 jsing Exp $ */ /* - * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -27,9 +27,24 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); +X509 *peer_cert; + +unsigned char *peer_cert_pem = + "-----BEGIN CERTIFICATE-----\n" + "MIIBcTCCARugAwIBAgIJAPYhaZJAvUuUMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV\n" + "BAoMCVRlc3QgUGVlcjAeFw0xNjEyMjYxNDQ3NDdaFw0yNjEyMjQxNDQ3NDdaMBQx\n" + "EjAQBgNVBAoMCVRlc3QgUGVlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCyhAdJ\n" + "wojHv/uKONh8MbmR2U2+VF1HQusnLfSfHPqkJfvDzLWJ41TG7QcXkx2rIJVtAFrO\n" + "U9yNdFYJLA/hsrbjAgMBAAGjUDBOMB0GA1UdDgQWBBS3bZOw7fvaortdsdE2TPMq\n" + "IRXFRzAfBgNVHSMEGDAWgBS3bZOw7fvaortdsdE2TPMqIRXFRzAMBgNVHRMEBTAD\n" + "AQH/MA0GCSqGSIb3DQEBBQUAA0EAHsxNS+rNUZbopeDMhVIviOfUmelDjJrT56Rc\n" + "VJoFN3Gc1cV8nQAHm9aJs71uksC+MN04Pzh0WqmYX9XXrnYPcg==\n" + "-----END CERTIFICATE-----\n"; + struct ssl_asn1_test { SSL_SESSION session; - const unsigned char asn1[512]; + int peer_cert; + const unsigned char asn1[1024]; int asn1_len; }; @@ -64,19 +79,19 @@ unsigned char tlsext_tick[] = { struct ssl_asn1_test ssl_asn1_tests[] = { { - { + .session = { .cipher_id = 0x03000000L | 1, .ssl_version = TLS1_2_VERSION, }, - { + .asn1 = { 0x30, 0x13, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x00, 0x04, 0x00, 0xa4, 0x02, 0x04, 0x00, }, - 21, + .asn1_len = 21, }, { - { + .session = { .cipher_id = 0x03000000L | 1, .ssl_version = TLS1_2_VERSION, .master_key_length = 26, @@ -85,7 +100,7 @@ struct ssl_asn1_test ssl_asn1_tests[] = { .sid_ctx = "abcdefghijklmnopqrstuvwxyz", .sid_ctx_length = 26, }, - { + .asn1 = { 0x30, 0x51, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x0a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, @@ -98,10 +113,10 @@ struct ssl_asn1_test ssl_asn1_tests[] = { 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, }, - 83, + .asn1_len = 83, }, { - { + .session = { .cipher_id = 0x03000000L | 1, .ssl_version = TLS1_2_VERSION, .master_key_length = 26, @@ -115,10 +130,11 @@ struct ssl_asn1_test ssl_asn1_tests[] = { .tlsext_hostname = "libressl.openbsd.org", .tlsext_tick_lifetime_hint = 0x7abbccdd, .tlsext_tick = tlsext_tick, - .tlsext_ticklen = 207, + .tlsext_ticklen = sizeof(tlsext_tick), }, - { - 0x30, 0x82, 0x01, 0x58, 0x02, 0x01, 0x01, 0x02, + .peer_cert = 1, + .asn1 = { + 0x30, 0x82, 0x02, 0xd1, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x0a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00, @@ -126,66 +142,113 @@ struct ssl_asn1_test ssl_asn1_tests[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa1, 0x06, 0x02, 0x04, 0x53, 0xc2, 0xa8, 0x95, 0xa2, - 0x03, 0x02, 0x01, 0x05, 0xa4, 0x1c, 0x04, 0x1a, - 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, - 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, - 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, - 0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a, 0xa6, - 0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72, 0x65, - 0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65, 0x6e, - 0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67, 0xa9, - 0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd, 0xaa, - 0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56, 0x45, - 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31, - 0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68, 0x20, - 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, - 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, - 0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39, 0x38, - 0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41, 0x70, + 0x03, 0x02, 0x01, 0x05, 0xa3, 0x82, 0x01, 0x75, + 0x30, 0x82, 0x01, 0x71, 0x30, 0x82, 0x01, 0x1b, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0xf6, 0x21, 0x69, 0x92, 0x40, 0xbd, 0x4b, 0x94, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, + 0x20, 0x50, 0x65, 0x65, 0x72, 0x30, 0x1e, 0x17, + 0x0d, 0x31, 0x36, 0x31, 0x32, 0x32, 0x36, 0x31, + 0x34, 0x34, 0x37, 0x34, 0x37, 0x5a, 0x17, 0x0d, + 0x32, 0x36, 0x31, 0x32, 0x32, 0x34, 0x31, 0x34, + 0x34, 0x37, 0x34, 0x37, 0x5a, 0x30, 0x14, 0x31, + 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, + 0x65, 0x65, 0x72, 0x30, 0x5c, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, + 0x48, 0x02, 0x41, 0x00, 0xb2, 0x84, 0x07, 0x49, + 0xc2, 0x88, 0xc7, 0xbf, 0xfb, 0x8a, 0x38, 0xd8, + 0x7c, 0x31, 0xb9, 0x91, 0xd9, 0x4d, 0xbe, 0x54, + 0x5d, 0x47, 0x42, 0xeb, 0x27, 0x2d, 0xf4, 0x9f, + 0x1c, 0xfa, 0xa4, 0x25, 0xfb, 0xc3, 0xcc, 0xb5, + 0x89, 0xe3, 0x54, 0xc6, 0xed, 0x07, 0x17, 0x93, + 0x1d, 0xab, 0x20, 0x95, 0x6d, 0x00, 0x5a, 0xce, + 0x53, 0xdc, 0x8d, 0x74, 0x56, 0x09, 0x2c, 0x0f, + 0xe1, 0xb2, 0xb6, 0xe3, 0x02, 0x03, 0x01, 0x00, + 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06, + 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda, 0xa2, + 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3, 0x2a, + 0x21, 0x15, 0xc5, 0x47, 0x30, 0x1f, 0x06, 0x03, + 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda, + 0xa2, 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3, + 0x2a, 0x21, 0x15, 0xc5, 0x47, 0x30, 0x0c, 0x06, + 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x03, 0x41, 0x00, 0x1e, 0xcc, 0x4d, + 0x4b, 0xea, 0xcd, 0x51, 0x96, 0xe8, 0xa5, 0xe0, + 0xcc, 0x85, 0x52, 0x2f, 0x88, 0xe7, 0xd4, 0x99, + 0xe9, 0x43, 0x8c, 0x9a, 0xd3, 0xe7, 0xa4, 0x5c, + 0x54, 0x9a, 0x05, 0x37, 0x71, 0x9c, 0xd5, 0xc5, + 0x7c, 0x9d, 0x00, 0x07, 0x9b, 0xd6, 0x89, 0xb3, + 0xbd, 0x6e, 0x92, 0xc0, 0xbe, 0x30, 0xdd, 0x38, + 0x3f, 0x38, 0x74, 0x5a, 0xa9, 0x98, 0x5f, 0xd5, + 0xd7, 0xae, 0x76, 0x0f, 0x72, 0xa4, 0x1c, 0x04, + 0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, + 0x78, 0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a, + 0xa6, 0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72, + 0x65, 0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65, + 0x6e, 0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67, + 0xa9, 0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd, + 0xaa, 0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56, + 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, + 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68, + 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, + 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, + 0x32, 0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39, + 0x38, 0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41, + 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, + 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, + 0x31, 0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a, + 0x20, 0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, - 0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a, 0x20, - 0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70, 0x72, - 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, + 0x34, 0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20, + 0x33, 0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79, + 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, + 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, + 0x31, 0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68, + 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30, + 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, + 0x30, 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31, + 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, + 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, - 0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20, 0x33, - 0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79, 0x20, - 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, - 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31, - 0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20, - 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31, - 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, - 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31, 0x3a, - 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, - 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, - 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, - 0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35, 0x74, - 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, - 0x30, 0x31, 0x34, 0x0a, + 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35, + 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, + 0x32, 0x30, 0x31, 0x34, 0x0a, }, - 348, + .asn1_len = 725, }, { - { + .session = { .cipher_id = 0x03000000L | 1, .ssl_version = TLS1_2_VERSION, .timeout = -1, }, - { + .asn1 = { 0x0, }, - -1, + .asn1_len = -1, }, { - { + .session = { .cipher_id = 0x03000000L | 1, .ssl_version = TLS1_2_VERSION, .time = -1, }, - { + .asn1 = { 0x0, }, - -1, + .asn1_len = -1, }, }; @@ -266,7 +329,8 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2) /* Ensure that a certificate is or is not present in both. */ if ((s1->peer != NULL || s2->peer != NULL) && - (s1->peer == NULL || s2->peer == NULL)) { + (s1->peer == NULL || s2->peer == NULL || + X509_cmp(s1->peer, s2->peer) != 0)) { fprintf(stderr, "peer differs\n"); return (1); } @@ -310,6 +374,9 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat) const unsigned char *pp; int i, len, rv = 1; + if (sat->peer_cert) + sat->session.peer = peer_cert; + len = i2d_SSL_SESSION(&sat->session, NULL); if (len != sat->asn1_len) { fprintf(stderr, "FAIL: test %i returned ASN1 length %i, " @@ -327,10 +394,7 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat) ap = asn1; len = i2d_SSL_SESSION(&sat->session, &ap); - /* - * Length *should* be the same, but check it again since the code - * path is different. - */ + /* Check the length again since the code path is different. */ if (len != sat->asn1_len) { fprintf(stderr, "FAIL: test %i returned ASN1 length %i, " "want %i\n", test_no, len, sat->asn1_len); @@ -389,14 +453,26 @@ failed: int main(int argc, char **argv) { + BIO *bio = NULL; int failed = 0; size_t i; SSL_library_init(); SSL_load_error_strings(); + bio = BIO_new_mem_buf(peer_cert_pem, -1); + if (bio == NULL) + errx(1, "failed to create bio"); + + peer_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); + if (peer_cert == NULL) + errx(1, "failed to read peer cert"); + for (i = 0; i < N_SSL_ASN1_TESTS; i++) failed += do_ssl_asn1_test(i, &ssl_asn1_tests[i]); + X509_free(peer_cert); + BIO_free(bio); + return (failed); } |