diff options
Diffstat (limited to 'src/ssl/test/bssl_shim.cc')
-rw-r--r-- | src/ssl/test/bssl_shim.cc | 83 |
1 files changed, 60 insertions, 23 deletions
diff --git a/src/ssl/test/bssl_shim.cc b/src/ssl/test/bssl_shim.cc index 07ba9f5..74674a4 100644 --- a/src/ssl/test/bssl_shim.cc +++ b/src/ssl/test/bssl_shim.cc @@ -12,6 +12,10 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#if !defined(__STDC_FORMAT_MACROS) +#define __STDC_FORMAT_MACROS +#endif + #include <openssl/base.h> #if !defined(OPENSSL_WINDOWS) @@ -20,7 +24,7 @@ #include <netinet/tcp.h> #include <signal.h> #include <sys/socket.h> -#include <sys/types.h> +#include <sys/time.h> #include <unistd.h> #else #include <io.h> @@ -32,8 +36,8 @@ #pragma comment(lib, "Ws2_32.lib") #endif +#include <inttypes.h> #include <string.h> -#include <sys/types.h> #include <openssl/bio.h> #include <openssl/buf.h> @@ -42,6 +46,7 @@ #include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/hmac.h> +#include <openssl/obj.h> #include <openssl/rand.h> #include <openssl/ssl.h> @@ -120,9 +125,10 @@ static const TestConfig *GetConfigPtr(const SSL *ssl) { return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index); } -static bool SetTestState(SSL *ssl, std::unique_ptr<TestState> async) { - if (SSL_set_ex_data(ssl, g_state_index, (void *)async.get()) == 1) { - async.release(); +static bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) { + // |SSL_set_ex_data| takes ownership of |state| only on success. + if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) { + state.release(); return true; } return false; @@ -172,8 +178,8 @@ static ssl_private_key_result_t AsyncPrivateKeySign( return ssl_private_key_failure; } test_state->private_key_result.resize(len); - if (!EVP_PKEY_sign(ctx.get(), bssl::vector_data( - &test_state->private_key_result), &len, in, in_len)) { + if (!EVP_PKEY_sign(ctx.get(), test_state->private_key_result.data(), &len, in, + in_len)) { return ssl_private_key_failure; } test_state->private_key_result.resize(len); @@ -202,7 +208,7 @@ static ssl_private_key_result_t AsyncPrivateKeySignComplete( fprintf(stderr, "Output buffer too small.\n"); return ssl_private_key_failure; } - memcpy(out, bssl::vector_data(&test_state->private_key_result), + memcpy(out, test_state->private_key_result.data(), test_state->private_key_result.size()); *out_len = test_state->private_key_result.size(); @@ -221,16 +227,14 @@ static ssl_private_key_result_t AsyncPrivateKeyDecrypt( abort(); } - EVP_PKEY *pkey = test_state->private_key.get(); - if (pkey->type != EVP_PKEY_RSA || pkey->pkey.rsa == NULL) { + RSA *rsa = EVP_PKEY_get0_RSA(test_state->private_key.get()); + if (rsa == NULL) { fprintf(stderr, "AsyncPrivateKeyDecrypt called with incorrect key type.\n"); abort(); } - RSA *rsa = pkey->pkey.rsa; test_state->private_key_result.resize(RSA_size(rsa)); - if (!RSA_decrypt(rsa, out_len, - bssl::vector_data(&test_state->private_key_result), + if (!RSA_decrypt(rsa, out_len, test_state->private_key_result.data(), RSA_size(rsa), in, in_len, RSA_NO_PADDING)) { return ssl_private_key_failure; } @@ -262,7 +266,7 @@ static ssl_private_key_result_t AsyncPrivateKeyDecryptComplete( fprintf(stderr, "Output buffer too small.\n"); return ssl_private_key_failure; } - memcpy(out, bssl::vector_data(&test_state->private_key_result), + memcpy(out, test_state->private_key_result.data(), test_state->private_key_result.size()); *out_len = test_state->private_key_result.size(); @@ -728,6 +732,24 @@ static ScopedSSL_CTX SetupCtx(const TestConfig *config) { } ScopedDH dh(DH_get_2048_256(NULL)); + + if (config->use_sparse_dh_prime) { + // This prime number is 2^1024 + 643 – a value just above a power of two. + // Because of its form, values modulo it are essentially certain to be one + // byte shorter. This is used to test padding of these values. + if (BN_hex2bn( + &dh->p, + "1000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000028" + "3") == 0 || + !BN_set_word(dh->g, 2)) { + return nullptr; + } + dh->priv_length = 0; + } + if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) { return nullptr; } @@ -1070,6 +1092,15 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { return false; } + if (config->expect_key_exchange_info != 0) { + uint32_t info = SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl)); + if (static_cast<uint32_t>(config->expect_key_exchange_info) != info) { + fprintf(stderr, "key_exchange_info was %" PRIu32 ", wanted %" PRIu32 "\n", + info, static_cast<uint32_t>(config->expect_key_exchange_info)); + return false; + } + } + if (!config->is_server) { /* Clients should expect a peer certificate chain iff this was not a PSK * cipher suite. */ @@ -1143,15 +1174,6 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, if (config->no_ssl3) { SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3); } - if (config->tls_d5_bug) { - SSL_set_options(ssl.get(), SSL_OP_TLS_D5_BUG); - } - if (config->microsoft_big_sslv3_buffer) { - SSL_set_options(ssl.get(), SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); - } - if (config->no_legacy_server_connect) { - SSL_clear_options(ssl.get(), SSL_OP_LEGACY_SERVER_CONNECT); - } if (!config->expected_channel_id.empty()) { SSL_enable_tls_channel_id(ssl.get()); } @@ -1223,6 +1245,21 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, if (config->disable_npn) { SSL_set_options(ssl.get(), SSL_OP_DISABLE_NPN); } + if (config->p384_only) { + int nid = NID_secp384r1; + if (!SSL_set1_curves(ssl.get(), &nid, 1)) { + return false; + } + } + if (config->enable_all_curves) { + static const int kAllCurves[] = { + NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_x25519, + }; + if (!SSL_set1_curves(ssl.get(), kAllCurves, + sizeof(kAllCurves) / sizeof(kAllCurves[0]))) { + return false; + } + } int sock = Connect(config->port); if (sock == -1) { |