mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
9d75dce3e1
Add SSL_verify_client_post_handshake() for servers to initiate PHA Add SSL_force_post_handshake_auth() for clients that don't have certificates initially configured, but use a certificate callback. Update SSL_CTX_set_verify()/SSL_set_verify() mode: * Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after the initial handshake. * Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless of when the certificate authentication takes place; either initial handshake, re-negotiation, or post-handshake authentication. Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options Add support to s_client: * Enabled automatically when cert is configured * Can be forced enabled via -force_pha Add support to s_server: * Use 'c' to invoke PHA in s_server * Remove some dead code Update documentation Update unit tests: * Illegal use of PHA extension * TLSv1.3 certificate tests DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is implemented, it's PHA support state machine may need to be different. Add a TODO and a #error Update handshake context to deal with PHA. The handshake context for TLSv1.3 post-handshake auth is up through the ClientFinish message, plus the CertificateRequest message. Subsequent Certificate, CertificateVerify, and Finish messages are based on this handshake context (not the Certificate message per se, but it's included after the hash). KeyUpdate, NewSessionTicket, and prior Certificate Request messages are not included in post-handshake authentication. After the ClientFinished message is processed, save off the digest state for future post-handshake authentication. When post-handshake auth occurs, copy over the saved handshake context into the "main" handshake digest. This effectively discards the any KeyUpdate or NewSessionTicket messages and any prior post-handshake authentication. This, of course, assumes that the ID-22 did not mean to include any previous post-handshake authentication into the new handshake transcript. This is implied by section 4.4.1 that lists messages only up to the first ClientFinished. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4964) |
||
---|---|---|
.. | ||
certs | ||
ct | ||
d2i-tests | ||
ocsp-tests | ||
ossl_shim | ||
recipes | ||
smime-certs | ||
ssl-tests | ||
testutil | ||
aborttest.c | ||
afalgtest.c | ||
asn1_encode_test.c | ||
asn1_internal_test.c | ||
asn1_string_table_test.c | ||
asn1_time_test.c | ||
asynciotest.c | ||
asynctest.c | ||
bad_dtls_test.c | ||
bftest.c | ||
bio_enc_test.c | ||
bioprinttest.c | ||
bntest.c | ||
bntests.pl | ||
build.info | ||
CAss.cnf | ||
CAssdh.cnf | ||
CAssdsa.cnf | ||
CAssrsa.cnf | ||
casttest.c | ||
CAtsa.cnf | ||
chacha_internal_test.c | ||
cipher_overhead_test.c | ||
cipherbytes_test.c | ||
cipherlist_test.c | ||
ciphername_test.c | ||
clienthellotest.c | ||
cms-examples.pl | ||
constant_time_test.c | ||
crltest.c | ||
ct_test.c | ||
ctype_internal_test.c | ||
d2i_test.c | ||
danetest.c | ||
danetest.in | ||
danetest.pem | ||
destest.c | ||
dhtest.c | ||
drbgtest.c | ||
drbgtest.h | ||
dsatest.c | ||
dtls_mtu_test.c | ||
dtlstest.c | ||
dtlsv1listentest.c | ||
ecdsatest.c | ||
ecstresstest.c | ||
ectest.c | ||
enginetest.c | ||
evp_extra_test.c | ||
evp_test.c | ||
evp_test.h | ||
exdatatest.c | ||
exptest.c | ||
fatalerrtest.c | ||
generate_buildtest.pl | ||
generate_ssl_tests.pl | ||
gmdifftest.c | ||
handshake_helper.c | ||
handshake_helper.h | ||
hmactest.c | ||
ideatest.c | ||
igetest.c | ||
lhash_test.c | ||
md2test.c | ||
mdc2_internal_test.c | ||
mdc2test.c | ||
memleaktest.c | ||
modes_internal_test.c | ||
ocspapitest.c | ||
P1ss.cnf | ||
P2ss.cnf | ||
packettest.c | ||
pbelutest.c | ||
pemtest.c | ||
pkcs7-1.pem | ||
pkcs7.pem | ||
pkey_meth_kdf_test.c | ||
pkey_meth_test.c | ||
pkits-test.pl | ||
poly1305_internal_test.c | ||
rc2test.c | ||
rc4test.c | ||
rc5test.c | ||
README | ||
README.external | ||
README.ssltest.md | ||
recordlentest.c | ||
rsa_mp_test.c | ||
rsa_test.c | ||
run_tests.pl | ||
sanitytest.c | ||
secmemtest.c | ||
serverinfo2.pem | ||
serverinfo.pem | ||
servername_test.c | ||
session.pem | ||
shibboleth.pfx | ||
shlibloadtest.c | ||
siphash_internal_test.c | ||
sm4_internal_test.c | ||
smcont.txt | ||
srptest.c | ||
ssl_cert_table_internal_test.c | ||
ssl_test_ctx_test.c | ||
ssl_test_ctx_test.conf | ||
ssl_test_ctx.c | ||
ssl_test_ctx.h | ||
ssl_test.c | ||
ssl_test.tmpl | ||
sslapitest.c | ||
sslbuffertest.c | ||
sslcorrupttest.c | ||
ssltest_old.c | ||
ssltestlib.c | ||
ssltestlib.h | ||
Sssdsa.cnf | ||
Sssrsa.cnf | ||
stack_test.c | ||
test_test.c | ||
test.cnf | ||
testcrl.pem | ||
testdsa.pem | ||
testdsapub.pem | ||
testec-p256.pem | ||
testecpub-p256.pem | ||
testp7.pem | ||
testreq2.pem | ||
testrsa.pem | ||
testrsapub.pem | ||
testsid.pem | ||
testutil.h | ||
testx509.pem | ||
threadstest.c | ||
time_offset_test.c | ||
tls13ccstest.c | ||
tls13encryptiontest.c | ||
tls13secretstest.c | ||
uitest.c | ||
Uss.cnf | ||
v3-cert1.pem | ||
v3-cert2.pem | ||
v3ext.c | ||
v3nametest.c | ||
verify_extra_test.c | ||
wpackettest.c | ||
x509_check_cert_pkey_test.c | ||
x509_dup_cert_test.c | ||
x509_internal_test.c | ||
x509_time_test.c | ||
x509aux.c |
How to add recipes ================== For any test that you want to perform, you write a script located in test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and {name} is a unique name of your choice. Please note that if a test involves a new testing executable, you will need to do some additions in test/Makefile. More on this later. Naming conventions ================= A test executable is named test/{name}test.c A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two digit number and {name} is a unique name of your choice. The number {nn} is (somewhat loosely) grouped as follows: 00-04 sanity, internal and essential API tests 05-09 individual symmetric cipher algorithms 10-14 math (bignum) 15-19 individual asymmetric cipher algorithms 20-24 openssl commands (some otherwise not tested) 25-29 certificate forms, generation and verification 30-35 engine and evp 60-79 APIs 70 PACKET layer 80-89 "larger" protocols (CA, CMS, OCSP, SSL, TSA) 90-98 misc 99 most time consuming tests [such as test_fuzz] A recipe that just runs a test executable ========================================= A script that just runs a program looks like this: #! /usr/bin/perl use OpenSSL::Test::Simple; simple_test("test_{name}", "{name}test", "{name}"); {name} is the unique name you have chosen for your test. The second argument to `simple_test' is the test executable, and `simple_test' expects it to be located in test/ For documentation on OpenSSL::Test::Simple, do `perldoc util/perl/OpenSSL/Test/Simple.pm'. A recipe that runs a more complex test ====================================== For more complex tests, you will need to read up on Test::More and OpenSSL::Test. Test::More is normally preinstalled, do `man Test::More' for documentation. For OpenSSL::Test, do `perldoc util/perl/OpenSSL/Test.pm'. A script to start from could be this: #! /usr/bin/perl use strict; use warnings; use OpenSSL::Test; setup("test_{name}"); plan tests => 2; # The number of tests being performed ok(test1, "test1"); ok(test2, "test1"); sub test1 { # test feature 1 } sub test2 { # test feature 2 } Changes to test/build.info ========================== Whenever a new test involves a new test executable you need to do the following (at all times, replace {NAME} and {name} with the name of your test): * add {name} to the list of programs under PROGRAMS_NO_INST * create a three line description of how to build the test, you will have to modify the include paths and source files if you don't want to use the basic test framework: SOURCE[{name}]={name}.c INCLUDE[{name}]=.. ../include DEPEND[{name}]=../libcrypto libtestutil.a Generic form of C test executables ================================== #include "testutil.h" static int my_test(void) { int testresult = 0; /* Assume the test will fail */ int observed; observed = function(); /* Call the code under test */ if (!TEST_int_equal(observed, 2)) /* Check the result is correct */ goto end; /* Exit on failure - optional */ testresult = 1; /* Mark the test case a success */ end: cleanup(); /* Any cleanup you require */ return testresult; } int setup_tests(void) { ADD_TEST(my_test); /* Add each test separately */ return 1; /* Indicate success */ } You should use the TEST_xxx macros provided by testutil.h to test all failure conditions. These macros produce an error message in a standard format if the condition is not met (and nothing if the condition is met). Additional information can be presented with the TEST_info macro that takes a printf format string and arguments. TEST_error is useful for complicated conditions, it also takes a printf format string and argument. In all cases the TEST_xxx macros are guaranteed to evaluate their arguments exactly once. This means that expressions with side effects are allowed as parameters. Thus, if (!TEST_ptr(ptr = OPENSSL_malloc(..))) works fine and can be used in place of: ptr = OPENSSL_malloc(..); if (!TEST_ptr(ptr)) The former produces a more meaningful message on failure than the latter.