Extend regress to include a peer certificate in the session.

1 files changed, 134 insertions, 58 deletions

diff --git a/regress/lib/libssl/asn1/asn1test.c b/regress/lib/libssl/asn1/asn1test.c
index 28cd3d827af..69be0867241 100644
--- a/regress/lib/libssl/asn1/asn1test.c
+++ b/regress/lib/libssl/asn1/asn1test.c
@@ -1,6 +1,6 @@
-/*	$OpenBSD: asn1test.c,v 1.5 2016/12/26 15:24:03 jsing Exp $	*/
+/*	$OpenBSD: asn1test.c,v 1.6 2016/12/26 15:31:38 jsing Exp $	*/
 /*
- * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -27,9 +27,24 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
     long length);
 
+X509 *peer_cert;
+
+unsigned char *peer_cert_pem =
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBcTCCARugAwIBAgIJAPYhaZJAvUuUMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV\n"
+    "BAoMCVRlc3QgUGVlcjAeFw0xNjEyMjYxNDQ3NDdaFw0yNjEyMjQxNDQ3NDdaMBQx\n"
+    "EjAQBgNVBAoMCVRlc3QgUGVlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCyhAdJ\n"
+    "wojHv/uKONh8MbmR2U2+VF1HQusnLfSfHPqkJfvDzLWJ41TG7QcXkx2rIJVtAFrO\n"
+    "U9yNdFYJLA/hsrbjAgMBAAGjUDBOMB0GA1UdDgQWBBS3bZOw7fvaortdsdE2TPMq\n"
+    "IRXFRzAfBgNVHSMEGDAWgBS3bZOw7fvaortdsdE2TPMqIRXFRzAMBgNVHRMEBTAD\n"
+    "AQH/MA0GCSqGSIb3DQEBBQUAA0EAHsxNS+rNUZbopeDMhVIviOfUmelDjJrT56Rc\n"
+    "VJoFN3Gc1cV8nQAHm9aJs71uksC+MN04Pzh0WqmYX9XXrnYPcg==\n"
+    "-----END CERTIFICATE-----\n";
+
 struct ssl_asn1_test {
 	SSL_SESSION session;
-	const unsigned char asn1[512];
+	int peer_cert;
+	const unsigned char asn1[1024];
 	int asn1_len;
 };
 
@@ -64,19 +79,19 @@ unsigned char tlsext_tick[] = {
 
 struct ssl_asn1_test ssl_asn1_tests[] = {
 	{
-		{
+		.session = {
 			.cipher_id = 0x03000000L | 1,
 			.ssl_version = TLS1_2_VERSION,
 		},
-		{
+		.asn1 = {
 			0x30, 0x13, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
 			0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x00, 0x04,
 			0x00, 0xa4, 0x02, 0x04, 0x00,
 		},
-		21,
+		.asn1_len = 21,
 	},
 	{
-		{
+		.session = {
 			.cipher_id = 0x03000000L | 1,
 			.ssl_version = TLS1_2_VERSION,
 			.master_key_length = 26,
@@ -85,7 +100,7 @@ struct ssl_asn1_test ssl_asn1_tests[] = {
 			.sid_ctx = "abcdefghijklmnopqrstuvwxyz",
 			.sid_ctx_length = 26,
 		},
-		{
+		.asn1 = {
 			0x30, 0x51, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
 			0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x0a, 0x30,
 			0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
@@ -98,10 +113,10 @@ struct ssl_asn1_test ssl_asn1_tests[] = {
 			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
 			0x78, 0x79, 0x7a,
 		},
-		83,
+		.asn1_len = 83,
 	},
 	{
-		{
+		.session = {
 			.cipher_id = 0x03000000L | 1,
 			.ssl_version = TLS1_2_VERSION,
 			.master_key_length = 26,
@@ -115,10 +130,11 @@ struct ssl_asn1_test ssl_asn1_tests[] = {
 			.tlsext_hostname = "libressl.openbsd.org",
 			.tlsext_tick_lifetime_hint = 0x7abbccdd,
 			.tlsext_tick = tlsext_tick,
-			.tlsext_ticklen = 207,
+			.tlsext_ticklen = sizeof(tlsext_tick),
 		},
-		{
-			0x30, 0x82, 0x01, 0x58, 0x02, 0x01, 0x01, 0x02,
+		.peer_cert = 1,
+		.asn1 = {
+			0x30, 0x82, 0x02, 0xd1, 0x02, 0x01, 0x01, 0x02,
 			0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04,
 			0x0a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
 			0x37, 0x38, 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00,
@@ -126,66 +142,113 @@ struct ssl_asn1_test ssl_asn1_tests[] = {
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa1,
 			0x06, 0x02, 0x04, 0x53, 0xc2, 0xa8, 0x95, 0xa2,
-			0x03, 0x02, 0x01, 0x05, 0xa4, 0x1c, 0x04, 0x1a,
-			0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68,
-			0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
-			0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
-			0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a, 0xa6,
-			0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72, 0x65,
-			0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
-			0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67, 0xa9,
-			0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd, 0xaa,
-			0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56, 0x45,
-			0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31,
-			0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68, 0x20,
-			0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30,
-			0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
-			0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39, 0x38,
-			0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41, 0x70,
+			0x03, 0x02, 0x01, 0x05, 0xa3, 0x82, 0x01, 0x75,
+			0x30, 0x82, 0x01, 0x71, 0x30, 0x82, 0x01, 0x1b,
+			0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
+			0xf6, 0x21, 0x69, 0x92, 0x40, 0xbd, 0x4b, 0x94,
+			0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+			0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
+			0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
+			0x04, 0x0a, 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74,
+			0x20, 0x50, 0x65, 0x65, 0x72, 0x30, 0x1e, 0x17,
+			0x0d, 0x31, 0x36, 0x31, 0x32, 0x32, 0x36, 0x31,
+			0x34, 0x34, 0x37, 0x34, 0x37, 0x5a, 0x17, 0x0d,
+			0x32, 0x36, 0x31, 0x32, 0x32, 0x34, 0x31, 0x34,
+			0x34, 0x37, 0x34, 0x37, 0x5a, 0x30, 0x14, 0x31,
+			0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
+			0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50,
+			0x65, 0x65, 0x72, 0x30, 0x5c, 0x30, 0x0d, 0x06,
+			0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+			0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30,
+			0x48, 0x02, 0x41, 0x00, 0xb2, 0x84, 0x07, 0x49,
+			0xc2, 0x88, 0xc7, 0xbf, 0xfb, 0x8a, 0x38, 0xd8,
+			0x7c, 0x31, 0xb9, 0x91, 0xd9, 0x4d, 0xbe, 0x54,
+			0x5d, 0x47, 0x42, 0xeb, 0x27, 0x2d, 0xf4, 0x9f,
+			0x1c, 0xfa, 0xa4, 0x25, 0xfb, 0xc3, 0xcc, 0xb5,
+			0x89, 0xe3, 0x54, 0xc6, 0xed, 0x07, 0x17, 0x93,
+			0x1d, 0xab, 0x20, 0x95, 0x6d, 0x00, 0x5a, 0xce,
+			0x53, 0xdc, 0x8d, 0x74, 0x56, 0x09, 0x2c, 0x0f,
+			0xe1, 0xb2, 0xb6, 0xe3, 0x02, 0x03, 0x01, 0x00,
+			0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06,
+			0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+			0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda, 0xa2,
+			0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3, 0x2a,
+			0x21, 0x15, 0xc5, 0x47, 0x30, 0x1f, 0x06, 0x03,
+			0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
+			0x14, 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda,
+			0xa2, 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3,
+			0x2a, 0x21, 0x15, 0xc5, 0x47, 0x30, 0x0c, 0x06,
+			0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
+			0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+			0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+			0x05, 0x00, 0x03, 0x41, 0x00, 0x1e, 0xcc, 0x4d,
+			0x4b, 0xea, 0xcd, 0x51, 0x96, 0xe8, 0xa5, 0xe0,
+			0xcc, 0x85, 0x52, 0x2f, 0x88, 0xe7, 0xd4, 0x99,
+			0xe9, 0x43, 0x8c, 0x9a, 0xd3, 0xe7, 0xa4, 0x5c,
+			0x54, 0x9a, 0x05, 0x37, 0x71, 0x9c, 0xd5, 0xc5,
+			0x7c, 0x9d, 0x00, 0x07, 0x9b, 0xd6, 0x89, 0xb3,
+			0xbd, 0x6e, 0x92, 0xc0, 0xbe, 0x30, 0xdd, 0x38,
+			0x3f, 0x38, 0x74, 0x5a, 0xa9, 0x98, 0x5f, 0xd5,
+			0xd7, 0xae, 0x76, 0x0f, 0x72, 0xa4, 0x1c, 0x04,
+			0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+			0x78, 0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a,
+			0xa6, 0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72,
+			0x65, 0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65,
+			0x6e, 0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67,
+			0xa9, 0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd,
+			0xaa, 0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56,
+			0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
+			0x31, 0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68,
+			0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32,
+			0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d,
+			0x32, 0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39,
+			0x38, 0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41,
+			0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31,
+			0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
+			0x31, 0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a,
+			0x20, 0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70,
 			0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34,
 			0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31,
-			0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a, 0x20,
-			0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70, 0x72,
-			0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
+			0x34, 0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20,
+			0x33, 0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79,
+			0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56,
+			0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
+			0x31, 0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68,
+			0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30,
+			0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
+			0x30, 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31,
+			0x3a, 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75,
+			0x6e, 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
 			0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
-			0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20, 0x33,
-			0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79, 0x20,
-			0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45,
-			0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31,
-			0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20,
-			0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31,
-			0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
-			0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31, 0x3a,
-			0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e,
-			0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43,
-			0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d,
-			0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35, 0x74,
-			0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32,
-			0x30, 0x31, 0x34, 0x0a,
+			0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35,
+			0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20,
+			0x32, 0x30, 0x31, 0x34, 0x0a,
 		},
-		348,
+		.asn1_len = 725,
 	},
 	{
-		{
+		.session = {
 			.cipher_id = 0x03000000L | 1,
 			.ssl_version = TLS1_2_VERSION,
 			.timeout = -1,
 		},
-		{
+		.asn1 = {
 			0x0,
 		},
-		-1,
+		.asn1_len = -1,
 	},
 	{
-		{
+		.session = {
 			.cipher_id = 0x03000000L | 1,
 			.ssl_version = TLS1_2_VERSION,
 			.time = -1,
 		},
-		{
+		.asn1 = {
 			0x0,
 		},
-		-1,
+		.asn1_len = -1,
 	},
 };
 
@@ -266,7 +329,8 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
 
 	/* Ensure that a certificate is or is not present in both. */
 	if ((s1->peer != NULL || s2->peer != NULL) &&
-	    (s1->peer == NULL || s2->peer == NULL)) {
+	    (s1->peer == NULL || s2->peer == NULL ||
+	     X509_cmp(s1->peer, s2->peer) != 0)) {
 		fprintf(stderr, "peer differs\n");
 		return (1);
 	}
@@ -310,6 +374,9 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
 	const unsigned char *pp;
 	int i, len, rv = 1;
 
+	if (sat->peer_cert)
+		sat->session.peer = peer_cert;
+
 	len = i2d_SSL_SESSION(&sat->session, NULL);
 	if (len != sat->asn1_len) {
 		fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
@@ -327,10 +394,7 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
 	ap = asn1;
 	len = i2d_SSL_SESSION(&sat->session, &ap);
 
-	/*
-	 * Length *should* be the same, but check it again since the code
-	 * path is different.
-	 */
+	/* Check the length again since the code path is different. */
 	if (len != sat->asn1_len) {
 		fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
 		    "want %i\n", test_no, len, sat->asn1_len);
@@ -389,14 +453,26 @@ failed:
 int
 main(int argc, char **argv)
 {
+	BIO *bio = NULL;
 	int failed = 0;
 	size_t i;
 
 	SSL_library_init();
 	SSL_load_error_strings();
 
+	bio = BIO_new_mem_buf(peer_cert_pem, -1);
+	if (bio == NULL)
+		errx(1, "failed to create bio");
+
+	peer_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+	if (peer_cert == NULL)
+		errx(1, "failed to read peer cert");
+
 	for (i = 0; i < N_SSL_ASN1_TESTS; i++)
 		failed += do_ssl_asn1_test(i, &ssl_asn1_tests[i]);
 
+	X509_free(peer_cert);
+	BIO_free(bio);
+
 	return (failed);
 }