summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/test/test_tortls.c161
1 files changed, 122 insertions, 39 deletions
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index be7dd9b92e..2e53293373 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -28,6 +28,10 @@
#include <openssl/ssl3.h>
#include <openssl/err.h>
#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
#if __GNUC__ && GCC_VERSION >= 402
#if GCC_VERSION >= 406
@@ -49,6 +53,11 @@
extern tor_tls_context_t *server_tls_context;
extern tor_tls_context_t *client_tls_context;
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+#define OPENSSL_OPAQUE
+#endif
+
+#ifndef OPENSSL_OPAQUE
static SSL_METHOD *
give_me_a_test_method(void)
{
@@ -62,6 +71,7 @@ fake_num_ciphers(void)
{
return 0;
}
+#endif
static void
test_tortls_errno_to_tls_error(void *data)
@@ -132,12 +142,14 @@ test_tortls_tor_tls_new(void *data)
tls = tor_tls_new(-1, 0);
tt_assert(!tls);
+#ifndef OPENSSL_OPAQUE
SSL_METHOD *method = give_me_a_test_method();
SSL_CTX *ctx = SSL_CTX_new(method);
method->num_ciphers = fake_num_ciphers;
client_tls_context->ctx = ctx;
tls = tor_tls_new(-1, 0);
tt_assert(!tls);
+#endif
done:
UNMOCK(tor_tls_cert_matches_key);
@@ -399,6 +411,7 @@ test_tortls_log_one_error(void *ignored)
tor_free(tls);
}
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_get_error(void *ignored)
{
@@ -484,6 +497,7 @@ test_tortls_get_error(void *ignored)
teardown_capture_of_logs(previous_log);
tor_free(tls);
}
+#endif
static void
test_tortls_always_accept_verify_cb(void *ignored)
@@ -498,6 +512,7 @@ test_tortls_always_accept_verify_cb(void *ignored)
(void)0;
}
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_x509_cert_free(void *ignored)
{
@@ -512,6 +527,7 @@ test_tortls_x509_cert_free(void *ignored)
cert->encoded = tor_malloc_zero(1);
tor_x509_cert_free(cert);
}
+#endif
static void
test_tortls_x509_cert_get_id_digests(void *ignored)
@@ -536,6 +552,7 @@ test_tortls_x509_cert_get_id_digests(void *ignored)
(void)0;
}
+#ifndef OPENSSL_OPAQUE
static int
fixed_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
@@ -628,6 +645,7 @@ test_tortls_cert_get_key(void *ignored)
done:
(void)0;
}
+#endif
static void
test_tortls_get_my_client_auth_key(void *ignored)
@@ -691,6 +709,7 @@ test_tortls_get_my_certs(void *ignored)
(void)1;
}
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_get_ciphersuite_name(void *ignored)
{
@@ -838,11 +857,17 @@ test_tortls_classify_client_ciphers(void *ignored)
done:
(void)1;
}
+#endif
static void
test_tortls_client_is_using_v2_ciphers(void *ignored)
{
(void)ignored;
+
+#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
+ tt_skip();
+#else
+
int ret;
SSL_CTX *ctx;
SSL *ssl;
@@ -856,8 +881,6 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
ssl = SSL_new(ctx);
sess = SSL_SESSION_new();
-#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
-#else
ret = tor_tls_client_is_using_v2_ciphers(ssl);
tt_int_op(ret, OP_EQ, -1);
@@ -878,6 +901,7 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
(void)1;
}
+#ifndef OPENSSL_OPAQUE
static X509 *fixed_try_to_extract_certs_from_tls_cert_out_result = NULL;
static X509 *fixed_try_to_extract_certs_from_tls_id_cert_out_result = NULL;
@@ -890,7 +914,9 @@ fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
*cert_out = fixed_try_to_extract_certs_from_tls_cert_out_result;
*id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result;
}
+#endif
+#ifndef OPENSSL_OPAQUE
static const char* notCompletelyValidCertString =
"-----BEGIN CERTIFICATE-----\n"
"MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
@@ -907,6 +933,7 @@ static const char* notCompletelyValidCertString =
"jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr\n"
"evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
"-----END CERTIFICATE-----\n";
+#endif
static const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
"MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
@@ -974,6 +1001,7 @@ read_cert_from(const char *str)
return res;
}
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_verify(void *ignored)
{
@@ -1028,7 +1056,9 @@ test_tortls_verify(void *ignored)
tor_free(tls);
tor_free(k);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_check_lifetime(void *ignored)
{
@@ -1062,7 +1092,9 @@ test_tortls_check_lifetime(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static int fixed_ssl_pending_result = 0;
static int
@@ -1095,6 +1127,7 @@ test_tortls_get_pending_bytes(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
static void
test_tortls_get_forced_write_size(void *ignored)
@@ -1215,6 +1248,7 @@ test_tortls_dn_indicates_v3_cert(void *ignored)
X509_NAME_free(name);
}
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_received_v3_certificate(void *ignored)
{
@@ -1295,6 +1329,7 @@ test_tortls_received_v3_certificate(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
static void
test_tortls_get_num_server_handshakes(void *ignored)
@@ -1330,6 +1365,7 @@ test_tortls_server_got_renegotiate(void *ignored)
tor_free(tls);
}
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_SSL_SESSION_get_master_key(void *ignored)
{
@@ -1360,7 +1396,9 @@ test_tortls_SSL_SESSION_get_master_key(void *ignored)
tor_free(tls);
tor_free(out);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_get_tlssecrets(void *ignored)
{
@@ -1384,7 +1422,9 @@ test_tortls_get_tlssecrets(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_get_buffer_sizes(void *ignored)
{
@@ -1434,6 +1474,7 @@ test_tortls_get_buffer_sizes(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
static void
test_tortls_evaluate_ecgroup_for_tls(void *ignored)
@@ -1457,6 +1498,7 @@ test_tortls_evaluate_ecgroup_for_tls(void *ignored)
(void)0;
}
+#ifndef OPENSSL_OPAQUE
typedef struct cert_pkey_st_local
{
X509 *x509;
@@ -1516,7 +1558,9 @@ test_tortls_try_to_extract_certs_from_tls(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_get_peer_cert(void *ignored)
{
@@ -1545,7 +1589,9 @@ test_tortls_get_peer_cert(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_peer_has_cert(void *ignored)
{
@@ -1572,6 +1618,7 @@ test_tortls_peer_has_cert(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
static void
test_tortls_is_server(void *ignored)
@@ -1589,6 +1636,7 @@ test_tortls_is_server(void *ignored)
tor_free(tls);
}
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_session_secret_cb(void *ignored)
{
@@ -1630,7 +1678,9 @@ test_tortls_session_secret_cb(void *ignored)
SSL_CTX_free(ctx);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
/* TODO: It seems block_renegotiation and unblock_renegotiation and
* using different blags. This might not be correct */
static void
@@ -1669,7 +1719,9 @@ test_tortls_unblock_renegotiation(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_assert_renegotiation_unblocked(void *ignored)
{
@@ -1685,6 +1737,7 @@ test_tortls_assert_renegotiation_unblocked(void *ignored)
tor_free(tls);
}
+#endif
static void
test_tortls_set_logged_address(void *ignored)
@@ -1705,6 +1758,7 @@ test_tortls_set_logged_address(void *ignored)
tor_free(tls);
}
+#ifndef OPENSSL_OPAQUE
static void
example_cb(tor_tls_t *t, void *arg)
{
@@ -1737,7 +1791,9 @@ test_tortls_set_renegotiate_callback(void *ignored)
tor_free(tls->ssl);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static const SSL_CIPHER *
fake_get_cipher(unsigned ncipher)
{
@@ -1753,7 +1809,9 @@ fake_get_cipher(unsigned ncipher)
return NULL;
}
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_find_cipher_by_id(void *ignored)
{
@@ -1816,7 +1874,9 @@ test_tortls_find_cipher_by_id(void *ignored)
SSL_free(ssl);
SSL_CTX_free(ctx);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_debug_state_callback(void *ignored)
{
@@ -1840,7 +1900,9 @@ test_tortls_debug_state_callback(void *ignored)
done:
teardown_capture_of_logs(previous_log);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_server_info_callback(void *ignored)
{
@@ -1905,7 +1967,9 @@ test_tortls_server_info_callback(void *ignored)
teardown_capture_of_logs(previous_log);
tor_free(ssl);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static int fixed_ssl_read_result_index;
static int fixed_ssl_read_result[5];
static int fixed_ssl_shutdown_result;
@@ -2235,7 +2299,9 @@ test_tortls_renegotiate(void *ignored)
SSL_CTX_free(ctx);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static int fixed_ssl_accept_result;
static int fixed_ssl_connect_result;
@@ -2344,7 +2410,9 @@ test_tortls_handshake(void *ignored)
SSL_CTX_free(ctx);
tor_free(tls);
}
+#endif
+#ifndef OPENSSL_OPAQUE
static void
test_tortls_finish_handshake(void *ignored)
{
@@ -2417,15 +2485,10 @@ test_tortls_finish_handshake(void *ignored)
SSL_CTX_free(ctx);
tor_free(tls);
}
+#endif
static int fixed_crypto_pk_new_result_index;
static crypto_pk_t *fixed_crypto_pk_new_result[5];
-static int fixed_crypto_pk_generate_key_with_bits_result_index;
-static int fixed_crypto_pk_generate_key_with_bits_result[5];
-static int fixed_tor_tls_create_certificate_result_index;
-static X509 *fixed_tor_tls_create_certificate_result[5];
-static int fixed_tor_x509_cert_new_result_index;
-static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5];
static crypto_pk_t *
fixed_crypto_pk_new(void)
@@ -2433,6 +2496,14 @@ fixed_crypto_pk_new(void)
return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++];
}
+#ifndef OPENSSL_OPAQUE
+static int fixed_crypto_pk_generate_key_with_bits_result_index;
+static int fixed_crypto_pk_generate_key_with_bits_result[5];
+static int fixed_tor_tls_create_certificate_result_index;
+static X509 *fixed_tor_tls_create_certificate_result[5];
+static int fixed_tor_x509_cert_new_result_index;
+static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5];
+
static int
fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
{
@@ -2637,6 +2708,7 @@ test_tortls_context_new(void *ignored)
UNMOCK(crypto_pk_generate_key_with_bits);
UNMOCK(crypto_pk_new);
}
+#endif
static int fixed_crypto_pk_get_evp_pkey_result_index = 0;
static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5];
@@ -2717,9 +2789,11 @@ test_tortls_cert_new(void *ignored)
ret = tor_x509_cert_new(cert);
tt_assert(ret);
+#ifndef OPENSSL_OPAQUE
cert->cert_info = NULL;
ret = tor_x509_cert_new(cert);
tt_assert(ret);
+#endif
done:
(void)0;
@@ -2741,6 +2815,7 @@ test_tortls_cert_is_valid(void *ignored)
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
tt_int_op(ret, OP_EQ, 1);
+#ifndef OPENSSL_OPAQUE
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
cert->cert->cert_info->validity->notAfter =
@@ -2753,6 +2828,7 @@ test_tortls_cert_is_valid(void *ignored)
cert->cert->cert_info->key = NULL;
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
tt_int_op(ret, OP_EQ, 0);
+#endif
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
@@ -2804,6 +2880,13 @@ test_tortls_context_init_one(void *ignored)
#define LOCAL_TEST_CASE(name, flags) \
{ #name, test_tortls_##name, (flags), NULL, NULL }
+#ifdef OPENSSL_OPAQUE
+#define INTRUSIVE_TEST_CASE(name, flags) \
+ { #name, NULL, TT_SKIP, NULL, NULL }
+#else
+#define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags)
+#endif
+
struct testcase_t tortls_tests[] = {
LOCAL_TEST_CASE(errno_to_tls_error, 0),
LOCAL_TEST_CASE(err_to_string, 0),
@@ -2813,51 +2896,51 @@ struct testcase_t tortls_tests[] = {
LOCAL_TEST_CASE(get_by_ssl, TT_FORK),
LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK),
LOCAL_TEST_CASE(log_one_error, TT_FORK),
- LOCAL_TEST_CASE(get_error, TT_FORK),
+ INTRUSIVE_TEST_CASE(get_error, TT_FORK),
LOCAL_TEST_CASE(always_accept_verify_cb, 0),
- LOCAL_TEST_CASE(x509_cert_free, 0),
+ INTRUSIVE_TEST_CASE(x509_cert_free, 0),
LOCAL_TEST_CASE(x509_cert_get_id_digests, 0),
- LOCAL_TEST_CASE(cert_matches_key, 0),
- LOCAL_TEST_CASE(cert_get_key, 0),
+ INTRUSIVE_TEST_CASE(cert_matches_key, 0),
+ INTRUSIVE_TEST_CASE(cert_get_key, 0),
LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK),
LOCAL_TEST_CASE(get_my_certs, TT_FORK),
- LOCAL_TEST_CASE(get_ciphersuite_name, 0),
- LOCAL_TEST_CASE(classify_client_ciphers, 0),
+ INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0),
+ INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
- LOCAL_TEST_CASE(verify, 0),
- LOCAL_TEST_CASE(check_lifetime, 0),
- LOCAL_TEST_CASE(get_pending_bytes, 0),
+ INTRUSIVE_TEST_CASE(verify, 0),
+ INTRUSIVE_TEST_CASE(check_lifetime, 0),
+ INTRUSIVE_TEST_CASE(get_pending_bytes, 0),
LOCAL_TEST_CASE(get_forced_write_size, 0),
LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
LOCAL_TEST_CASE(used_v1_handshake, TT_FORK),
LOCAL_TEST_CASE(dn_indicates_v3_cert, 0),
- LOCAL_TEST_CASE(received_v3_certificate, 0),
+ INTRUSIVE_TEST_CASE(received_v3_certificate, 0),
LOCAL_TEST_CASE(get_num_server_handshakes, 0),
LOCAL_TEST_CASE(server_got_renegotiate, 0),
- LOCAL_TEST_CASE(SSL_SESSION_get_master_key, 0),
- LOCAL_TEST_CASE(get_tlssecrets, 0),
- LOCAL_TEST_CASE(get_buffer_sizes, 0),
+ INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0),
+ INTRUSIVE_TEST_CASE(get_tlssecrets, 0),
+ INTRUSIVE_TEST_CASE(get_buffer_sizes, 0),
LOCAL_TEST_CASE(evaluate_ecgroup_for_tls, 0),
- LOCAL_TEST_CASE(try_to_extract_certs_from_tls, 0),
- LOCAL_TEST_CASE(get_peer_cert, 0),
- LOCAL_TEST_CASE(peer_has_cert, 0),
- LOCAL_TEST_CASE(shutdown, 0),
- LOCAL_TEST_CASE(renegotiate, 0),
- LOCAL_TEST_CASE(finish_handshake, 0),
- LOCAL_TEST_CASE(handshake, 0),
- LOCAL_TEST_CASE(write, 0),
- LOCAL_TEST_CASE(read, 0),
- LOCAL_TEST_CASE(server_info_callback, 0),
+ INTRUSIVE_TEST_CASE(try_to_extract_certs_from_tls, 0),
+ INTRUSIVE_TEST_CASE(get_peer_cert, 0),
+ INTRUSIVE_TEST_CASE(peer_has_cert, 0),
+ INTRUSIVE_TEST_CASE(shutdown, 0),
+ INTRUSIVE_TEST_CASE(renegotiate, 0),
+ INTRUSIVE_TEST_CASE(finish_handshake, 0),
+ INTRUSIVE_TEST_CASE(handshake, 0),
+ INTRUSIVE_TEST_CASE(write, 0),
+ INTRUSIVE_TEST_CASE(read, 0),
+ INTRUSIVE_TEST_CASE(server_info_callback, 0),
LOCAL_TEST_CASE(is_server, 0),
- LOCAL_TEST_CASE(assert_renegotiation_unblocked, 0),
- LOCAL_TEST_CASE(block_renegotiation, 0),
- LOCAL_TEST_CASE(unblock_renegotiation, 0),
- LOCAL_TEST_CASE(set_renegotiate_callback, 0),
+ INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
+ INTRUSIVE_TEST_CASE(block_renegotiation, 0),
+ INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
+ INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),
LOCAL_TEST_CASE(set_logged_address, 0),
- LOCAL_TEST_CASE(find_cipher_by_id, 0),
- LOCAL_TEST_CASE(session_secret_cb, 0),
- LOCAL_TEST_CASE(debug_state_callback, 0),
- LOCAL_TEST_CASE(context_new, 0),
+ INTRUSIVE_TEST_CASE(find_cipher_by_id, 0),
+ INTRUSIVE_TEST_CASE(session_secret_cb, 0),
+ INTRUSIVE_TEST_CASE(debug_state_callback, 0),
+ INTRUSIVE_TEST_CASE(context_new, 0),
LOCAL_TEST_CASE(create_certificate, 0),
LOCAL_TEST_CASE(cert_new, 0),
LOCAL_TEST_CASE(cert_is_valid, 0),