test_tortls_openssl.c (48371B)
1 /* Copyright (c) 2010-2021, The Tor Project, Inc. */ 2 /* See LICENSE for licensing information */ 3 4 #define TORTLS_PRIVATE 5 #define TORTLS_OPENSSL_PRIVATE 6 #define TOR_X509_PRIVATE 7 #define LOG_PRIVATE 8 #include "orconfig.h" 9 10 #ifdef _WIN32 11 #include <winsock2.h> 12 #endif 13 #include <math.h> 14 15 #include "lib/cc/compat_compiler.h" 16 17 /* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in 18 * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */ 19 DISABLE_GCC_WARNING("-Wredundant-decls") 20 21 #include <openssl/opensslv.h> 22 23 #include <openssl/ssl.h> 24 #include <openssl/ssl3.h> 25 #include <openssl/err.h> 26 #include <openssl/asn1t.h> 27 #include <openssl/x509.h> 28 #include <openssl/rsa.h> 29 #include <openssl/evp.h> 30 #include <openssl/bn.h> 31 32 ENABLE_GCC_WARNING("-Wredundant-decls") 33 34 #include "core/or/or.h" 35 #include "lib/log/log.h" 36 #include "app/config/config.h" 37 #include "lib/crypt_ops/compat_openssl.h" 38 #include "lib/tls/x509.h" 39 #include "lib/tls/x509_internal.h" 40 #include "lib/tls/tortls.h" 41 #include "lib/tls/tortls_st.h" 42 #include "lib/tls/tortls_internal.h" 43 #include "app/config/or_state_st.h" 44 45 #include "test/test.h" 46 #include "test/log_test_helpers.h" 47 #include "test/test_tortls.h" 48 49 #define SSL_STATE_STR "before SSL initialization" 50 51 /* Every version and fork of OpenSSL we support now qualifies as "opaque", 52 * in that it hides the members of important structures. 53 * 54 * That's a good thing, but it means we can't run a number of older tests 55 * that require the ability to poke at OpenSSL's internals. 56 * 57 * We're retaining these tests here, rather than removing them, 58 * in case anybody wants to port them to modern OpenSSL. 59 * (Some of them are probably not worth saving, though.) 60 */ 61 #define OPENSSL_OPAQUE 62 63 #ifndef OPENSSL_OPAQUE 64 static SSL_METHOD * 65 give_me_a_test_method(void) 66 { 67 SSL_METHOD *method = tor_malloc_zero(sizeof(SSL_METHOD)); 68 memcpy(method, TLSv1_method(), sizeof(SSL_METHOD)); 69 return method; 70 } 71 72 static int 73 fake_num_ciphers(void) 74 { 75 return 0; 76 } 77 #endif /* !defined(OPENSSL_OPAQUE) */ 78 79 static int 80 mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert) 81 { 82 (void) tls; 83 (void) cert; // XXXX look at this. 84 return 1; 85 } 86 87 static void 88 test_tortls_tor_tls_new(void *data) 89 { 90 (void) data; 91 MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key); 92 crypto_pk_t *key1 = NULL, *key2 = NULL; 93 SSL_METHOD *method = NULL; 94 95 key1 = pk_generate(2); 96 key2 = pk_generate(3); 97 98 tor_tls_t *tls = NULL; 99 tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, 100 key1, key2, 86400), OP_EQ, 0); 101 tls = tor_tls_new(-1, 0); 102 tt_want(tls); 103 tor_tls_free(tls); tls = NULL; 104 105 SSL_CTX_free(client_tls_context->ctx); 106 client_tls_context->ctx = NULL; 107 tls = tor_tls_new(-1, 0); 108 tt_ptr_op(tls, OP_EQ, NULL); 109 110 #ifndef OPENSSL_OPAQUE 111 method = give_me_a_test_method(); 112 SSL_CTX *ctx = SSL_CTX_new(method); 113 method->num_ciphers = fake_num_ciphers; 114 client_tls_context->ctx = ctx; 115 tls = tor_tls_new(-1, 0); 116 tt_ptr_op(tls, OP_EQ, NULL); 117 #endif /* !defined(OPENSSL_OPAQUE) */ 118 119 done: 120 UNMOCK(tor_tls_cert_matches_key); 121 crypto_pk_free(key1); 122 crypto_pk_free(key2); 123 tor_tls_free(tls); 124 tor_free(method); 125 tor_tls_free_all(); 126 } 127 128 static void 129 library_init(void) 130 { 131 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); 132 } 133 134 static void 135 test_tortls_get_state_description(void *ignored) 136 { 137 (void)ignored; 138 tor_tls_t *tls; 139 char *buf; 140 SSL_CTX *ctx; 141 142 library_init(); 143 ctx = SSL_CTX_new(SSLv23_method()); 144 145 buf = tor_malloc_zero(1000); 146 tls = tor_malloc_zero(sizeof(tor_tls_t)); 147 148 tor_tls_get_state_description(NULL, buf, 20); 149 tt_str_op(buf, OP_EQ, "(No SSL object)"); 150 151 SSL_free(tls->ssl); 152 tls->ssl = NULL; 153 tor_tls_get_state_description(tls, buf, 20); 154 tt_str_op(buf, OP_EQ, "(No SSL object)"); 155 156 tls->ssl = SSL_new(ctx); 157 tor_tls_get_state_description(tls, buf, 200); 158 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in HANDSHAKE"); 159 160 tls->state = TOR_TLS_ST_OPEN; 161 tor_tls_get_state_description(tls, buf, 200); 162 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in OPEN"); 163 164 tls->state = TOR_TLS_ST_GOTCLOSE; 165 tor_tls_get_state_description(tls, buf, 200); 166 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in GOTCLOSE"); 167 168 tls->state = TOR_TLS_ST_SENTCLOSE; 169 tor_tls_get_state_description(tls, buf, 200); 170 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in SENTCLOSE"); 171 172 tls->state = TOR_TLS_ST_CLOSED; 173 tor_tls_get_state_description(tls, buf, 200); 174 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in CLOSED"); 175 176 tls->state = TOR_TLS_ST_RENEGOTIATE; 177 tor_tls_get_state_description(tls, buf, 200); 178 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in RENEGOTIATE"); 179 180 tls->state = TOR_TLS_ST_BUFFEREVENT; 181 tor_tls_get_state_description(tls, buf, 200); 182 tt_str_op(buf, OP_EQ, SSL_STATE_STR); 183 184 tls->state = 7; 185 tor_tls_get_state_description(tls, buf, 200); 186 tt_str_op(buf, OP_EQ, SSL_STATE_STR " in unknown TLS state"); 187 188 done: 189 SSL_CTX_free(ctx); 190 SSL_free(tls->ssl); 191 tor_free(buf); 192 tor_free(tls); 193 } 194 195 static void 196 test_tortls_get_by_ssl(void *ignored) 197 { 198 (void)ignored; 199 tor_tls_t *tls; 200 tor_tls_t *res; 201 SSL_CTX *ctx; 202 SSL *ssl; 203 204 library_init(); 205 tor_tls_allocate_tor_tls_object_ex_data_index(); 206 207 ctx = SSL_CTX_new(SSLv23_method()); 208 tls = tor_malloc_zero(sizeof(tor_tls_t)); 209 tls->magic = TOR_TLS_MAGIC; 210 211 ssl = SSL_new(ctx); 212 213 res = tor_tls_get_by_ssl(ssl); 214 tt_assert(!res); 215 216 SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls); 217 218 res = tor_tls_get_by_ssl(ssl); 219 tt_assert(res == tls); 220 221 done: 222 SSL_free(ssl); 223 SSL_CTX_free(ctx); 224 tor_free(tls); 225 } 226 227 static void 228 test_tortls_allocate_tor_tls_object_ex_data_index(void *ignored) 229 { 230 (void)ignored; 231 int first; 232 233 tor_tls_allocate_tor_tls_object_ex_data_index(); 234 235 first = tor_tls_object_ex_data_index; 236 tor_tls_allocate_tor_tls_object_ex_data_index(); 237 tt_int_op(first, OP_EQ, tor_tls_object_ex_data_index); 238 239 done: 240 (void)0; 241 } 242 243 static void 244 test_tortls_log_one_error(void *ignored) 245 { 246 (void)ignored; 247 tor_tls_t *tls; 248 SSL_CTX *ctx; 249 SSL *ssl = NULL; 250 251 library_init(); 252 253 ctx = SSL_CTX_new(SSLv23_method()); 254 tls = tor_malloc_zero(sizeof(tor_tls_t)); 255 setup_capture_of_logs(LOG_INFO); 256 257 tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something"); 258 expect_log_msg("TLS error while something: " 259 "(null) (in (null):(null):---)\n"); 260 261 mock_clean_saved_logs(); 262 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL); 263 expect_log_msg("TLS error: (null) " 264 "(in (null):(null):---)\n"); 265 266 mock_clean_saved_logs(); 267 tls->address = tor_strdup("127.hello"); 268 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL); 269 expect_log_msg("TLS error with 127.hello: " 270 "(null) (in (null):(null):---)\n"); 271 tor_free(tls->address); 272 273 mock_clean_saved_logs(); 274 tls->address = tor_strdup("127.hello"); 275 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg"); 276 expect_log_msg("TLS error while blarg with " 277 "127.hello: (null) (in (null):(null):---)\n"); 278 279 mock_clean_saved_logs(); 280 tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL); 281 expect_log_msg_containing("TLS error with 127.hello"); 282 283 mock_clean_saved_logs(); 284 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), 285 LOG_WARN, 0, NULL); 286 expect_log_severity(LOG_INFO); 287 288 mock_clean_saved_logs(); 289 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST), 290 LOG_WARN, 0, NULL); 291 expect_log_severity(LOG_INFO); 292 293 mock_clean_saved_logs(); 294 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH), 295 LOG_WARN, 0, NULL); 296 expect_log_severity(LOG_INFO); 297 298 mock_clean_saved_logs(); 299 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL), 300 LOG_WARN, 0, NULL); 301 expect_log_severity(LOG_INFO); 302 303 mock_clean_saved_logs(); 304 tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL), 305 LOG_WARN, 0, NULL); 306 expect_log_severity(LOG_INFO); 307 308 tls->ssl = SSL_new(ctx); 309 310 mock_clean_saved_logs(); 311 tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL); 312 expect_log_msg("TLS error with 127.hello: (null)" 313 " (in (null):(null):" SSL_STATE_STR ")\n"); 314 315 done: 316 teardown_capture_of_logs(); 317 SSL_free(ssl); 318 SSL_CTX_free(ctx); 319 if (tls && tls->ssl) 320 SSL_free(tls->ssl); 321 if (tls) 322 tor_free(tls->address); 323 tor_free(tls); 324 } 325 326 #ifndef OPENSSL_OPAQUE 327 static void 328 test_tortls_get_error(void *ignored) 329 { 330 (void)ignored; 331 tor_tls_t *tls; 332 int ret; 333 SSL_CTX *ctx; 334 335 library_init(); 336 337 ctx = SSL_CTX_new(SSLv23_method()); 338 setup_capture_of_logs(LOG_INFO); 339 tls = tor_malloc_zero(sizeof(tor_tls_t)); 340 tls->ssl = SSL_new(ctx); 341 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL); 342 343 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0); 344 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO); 345 expect_log_msg("TLS error: unexpected close while" 346 " something (before/accept initialization)\n"); 347 348 mock_clean_saved_logs(); 349 ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0); 350 tt_int_op(ret, OP_EQ, 0); 351 expect_no_log_entry(); 352 353 mock_clean_saved_logs(); 354 ret = tor_tls_get_error(tls, 0, 1, "something", LOG_WARN, 0); 355 tt_int_op(ret, OP_EQ, -11); 356 expect_no_log_entry(); 357 358 mock_clean_saved_logs(); 359 ERR_clear_error(); 360 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99); 361 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0); 362 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC); 363 expect_log_msg("TLS error while something: (null)" 364 " (in bignum routines:(null):before/accept initialization)\n"); 365 366 mock_clean_saved_logs(); 367 ERR_clear_error(); 368 tls->ssl->rwstate = SSL_READING; 369 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ; 370 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0); 371 tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD); 372 expect_no_log_entry(); 373 374 mock_clean_saved_logs(); 375 ERR_clear_error(); 376 tls->ssl->rwstate = SSL_READING; 377 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE; 378 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0); 379 tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE); 380 expect_no_log_entry(); 381 382 mock_clean_saved_logs(); 383 ERR_clear_error(); 384 tls->ssl->rwstate = 0; 385 tls->ssl->shutdown = SSL_RECEIVED_SHUTDOWN; 386 tls->ssl->s3->warn_alert =SSL_AD_CLOSE_NOTIFY; 387 ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0); 388 tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE); 389 expect_log_entry(); 390 391 mock_clean_saved_logs(); 392 ret = tor_tls_get_error(tls, 0, 2, "something", LOG_WARN, 0); 393 tt_int_op(ret, OP_EQ, -10); 394 expect_no_log_entry(); 395 396 mock_clean_saved_logs(); 397 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99); 398 ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0); 399 tt_int_op(ret, OP_EQ, -9); 400 expect_log_msg("TLS error while something: (null) (in system library:" 401 "connect:before/accept initialization)\n"); 402 403 done: 404 teardown_capture_of_logs(); 405 SSL_free(tls->ssl); 406 tor_free(tls); 407 SSL_CTX_free(ctx); 408 } 409 #endif /* !defined(OPENSSL_OPAQUE) */ 410 411 static void 412 test_tortls_always_accept_verify_cb(void *ignored) 413 { 414 (void)ignored; 415 int ret; 416 417 ret = always_accept_verify_cb(0, NULL); 418 tt_int_op(ret, OP_EQ, 1); 419 420 done: 421 (void)0; 422 } 423 424 #ifndef OPENSSL_OPAQUE 425 static void 426 test_tortls_x509_cert_free(void *ignored) 427 { 428 (void)ignored; 429 tor_x509_cert_t *cert; 430 431 cert = tor_malloc_zero(sizeof(tor_x509_cert_t)); 432 tor_x509_cert_free(cert); 433 434 cert = tor_malloc_zero(sizeof(tor_x509_cert_t)); 435 cert->cert = X509_new(); 436 cert->encoded = tor_malloc_zero(1); 437 tor_x509_cert_free(cert); 438 } 439 #endif /* !defined(OPENSSL_OPAQUE) */ 440 441 #ifndef OPENSSL_OPAQUE 442 /* 443 * Use only for the matching fake_x509_free() call 444 */ 445 static X509 * 446 fake_x509_malloc(void) 447 { 448 return tor_malloc_zero(sizeof(X509)); 449 } 450 451 static void 452 fake_x509_free(X509 *cert) 453 { 454 if (cert) { 455 if (cert->cert_info) { 456 if (cert->cert_info->key) { 457 if (cert->cert_info->key->pkey) { 458 tor_free(cert->cert_info->key->pkey); 459 } 460 tor_free(cert->cert_info->key); 461 } 462 tor_free(cert->cert_info); 463 } 464 tor_free(cert); 465 } 466 } 467 #endif /* !defined(OPENSSL_OPAQUE) */ 468 469 #ifndef OPENSSL_OPAQUE 470 static void 471 test_tortls_cert_get_key(void *ignored) 472 { 473 (void)ignored; 474 tor_x509_cert_t *cert = NULL; 475 crypto_pk_t *res = NULL; 476 cert = tor_malloc_zero(sizeof(tor_x509_cert_t)); 477 X509 *key = NULL; 478 key = fake_x509_malloc(); 479 key->references = 1; 480 481 res = tor_tls_cert_get_key(cert); 482 tt_assert(!res); 483 484 cert->cert = key; 485 key->cert_info = tor_malloc_zero(sizeof(X509_CINF)); 486 key->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY)); 487 key->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY)); 488 key->cert_info->key->pkey->references = 1; 489 key->cert_info->key->pkey->type = 2; 490 res = tor_tls_cert_get_key(cert); 491 tt_assert(!res); 492 493 done: 494 fake_x509_free(key); 495 tor_free(cert); 496 crypto_pk_free(res); 497 } 498 #endif /* !defined(OPENSSL_OPAQUE) */ 499 500 #ifndef OPENSSL_OPAQUE 501 static int fixed_ssl_pending_result = 0; 502 503 static int 504 fixed_ssl_pending(const SSL *ignored) 505 { 506 (void)ignored; 507 return fixed_ssl_pending_result; 508 } 509 510 static void 511 test_tortls_get_pending_bytes(void *ignored) 512 { 513 (void)ignored; 514 int ret; 515 tor_tls_t *tls; 516 SSL_METHOD *method; 517 518 tls = tor_malloc_zero(sizeof(tor_tls_t)); 519 tls->ssl = tor_malloc_zero(sizeof(SSL)); 520 method = tor_malloc_zero(sizeof(SSL_METHOD)); 521 method->ssl_pending = fixed_ssl_pending; 522 tls->ssl->method = method; 523 524 fixed_ssl_pending_result = 42; 525 ret = tor_tls_get_pending_bytes(tls); 526 tt_int_op(ret, OP_EQ, 42); 527 528 done: 529 tor_free(method); 530 tor_free(tls->ssl); 531 tor_free(tls); 532 } 533 #endif /* !defined(OPENSSL_OPAQUE) */ 534 535 #ifndef OPENSSL_OPAQUE 536 static void 537 test_tortls_get_buffer_sizes(void *ignored) 538 { 539 (void)ignored; 540 int ret; 541 tor_tls_t *tls; 542 size_t rbuf_c=-1, rbuf_b=-1, wbuf_c=-1, wbuf_b=-1; 543 544 tls = tor_malloc_zero(sizeof(tor_tls_t)); 545 tls->ssl = tor_malloc_zero(sizeof(SSL)); 546 tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE)); 547 548 tls->ssl->s3->rbuf.buf = NULL; 549 tls->ssl->s3->rbuf.len = 1; 550 tls->ssl->s3->rbuf.offset = 0; 551 tls->ssl->s3->rbuf.left = 42; 552 553 tls->ssl->s3->wbuf.buf = NULL; 554 tls->ssl->s3->wbuf.len = 2; 555 tls->ssl->s3->wbuf.offset = 0; 556 tls->ssl->s3->wbuf.left = 43; 557 558 ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b); 559 tt_int_op(ret, OP_EQ, -1); 560 561 done: 562 tor_free(tls->ssl->s3->rbuf.buf); 563 tor_free(tls->ssl->s3->wbuf.buf); 564 tor_free(tls->ssl->s3); 565 tor_free(tls->ssl); 566 tor_free(tls); 567 } 568 #endif /* !defined(OPENSSL_OPAQUE) */ 569 570 #ifndef OPENSSL_OPAQUE 571 static void 572 test_tortls_get_peer_cert(void *ignored) 573 { 574 (void)ignored; 575 tor_x509_cert_t *ret; 576 tor_tls_t *tls; 577 X509 *cert = NULL; 578 579 cert = read_cert_from(validCertString); 580 581 tls = tor_malloc_zero(sizeof(tor_tls_t)); 582 tls->ssl = tor_malloc_zero(sizeof(SSL)); 583 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION)); 584 585 ret = tor_tls_get_peer_cert(tls); 586 tt_assert(!ret); 587 588 tls->ssl->session->peer = cert; 589 ret = tor_tls_get_peer_cert(tls); 590 tt_assert(ret); 591 tt_assert(ret->cert == cert); 592 593 done: 594 tor_x509_cert_free(ret); 595 tor_free(tls->ssl->session); 596 tor_free(tls->ssl); 597 tor_free(tls); 598 X509_free(cert); 599 } 600 #endif /* !defined(OPENSSL_OPAQUE) */ 601 602 #ifndef OPENSSL_OPAQUE 603 static void 604 test_tortls_peer_has_cert(void *ignored) 605 { 606 (void)ignored; 607 int ret; 608 tor_tls_t *tls; 609 X509 *cert = NULL; 610 611 cert = read_cert_from(validCertString); 612 613 tls = tor_malloc_zero(sizeof(tor_tls_t)); 614 tls->ssl = tor_malloc_zero(sizeof(SSL)); 615 tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION)); 616 617 ret = tor_tls_peer_has_cert(tls); 618 tt_assert(!ret); 619 620 tls->ssl->session->peer = cert; 621 ret = tor_tls_peer_has_cert(tls); 622 tt_assert(ret); 623 624 done: 625 tor_free(tls->ssl->session); 626 tor_free(tls->ssl); 627 tor_free(tls); 628 X509_free(cert); 629 } 630 #endif /* !defined(OPENSSL_OPAQUE) */ 631 632 static void 633 test_tortls_get_write_overhead_ratio(void *ignored) 634 { 635 (void)ignored; 636 double ret; 637 638 total_bytes_written_over_tls = 0; 639 ret = tls_get_write_overhead_ratio(); 640 tt_double_op(fabs(ret - 1.0), OP_LT, 1E-12); 641 642 total_bytes_written_by_tls = 10; 643 total_bytes_written_over_tls = 1; 644 ret = tls_get_write_overhead_ratio(); 645 tt_double_op(fabs(ret - 10.0), OP_LT, 1E-12); 646 647 total_bytes_written_by_tls = 10; 648 total_bytes_written_over_tls = 2; 649 ret = tls_get_write_overhead_ratio(); 650 tt_double_op(fabs(ret - 5.0), OP_LT, 1E-12); 651 652 done: 653 (void)0; 654 } 655 656 static void 657 test_tortls_is_server(void *ignored) 658 { 659 (void)ignored; 660 tor_tls_t *tls; 661 int ret; 662 663 tls = tor_malloc_zero(sizeof(tor_tls_t)); 664 tls->isServer = 1; 665 ret = tor_tls_is_server(tls); 666 tt_int_op(ret, OP_EQ, 1); 667 668 done: 669 tor_free(tls); 670 } 671 672 #ifndef OPENSSL_OPAQUE 673 static void 674 test_tortls_session_secret_cb(void *ignored) 675 { 676 (void)ignored; 677 tor_tls_t *tls; 678 SSL_CTX *ctx; 679 STACK_OF(SSL_CIPHER) *ciphers = NULL; 680 SSL_CIPHER *one; 681 682 library_init(); 683 684 tor_tls_allocate_tor_tls_object_ex_data_index(); 685 686 tls = tor_malloc_zero(sizeof(tor_tls_t)); 687 688 tls->magic = TOR_TLS_MAGIC; 689 690 ctx = SSL_CTX_new(TLSv1_method()); 691 tls->ssl = SSL_new(ctx); 692 SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls); 693 694 SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL); 695 696 tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL); 697 tt_assert(!tls->ssl->tls_session_secret_cb); 698 699 one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384"); 700 one->id = 0x00ff; 701 ciphers = sk_SSL_CIPHER_new_null(); 702 sk_SSL_CIPHER_push(ciphers, one); 703 704 tls->client_cipher_list_type = 0; 705 tor_tls_session_secret_cb(tls->ssl, NULL, NULL, ciphers, NULL, NULL); 706 tt_assert(!tls->ssl->tls_session_secret_cb); 707 708 done: 709 sk_SSL_CIPHER_free(ciphers); 710 SSL_free(tls->ssl); 711 SSL_CTX_free(ctx); 712 tor_free(tls); 713 } 714 #endif /* !defined(OPENSSL_OPAQUE) */ 715 716 #ifndef OPENSSL_OPAQUE 717 /* TODO: It seems block_renegotiation and unblock_renegotiation and 718 * using different blags. This might not be correct */ 719 static void 720 test_tortls_block_renegotiation(void *ignored) 721 { 722 (void)ignored; 723 tor_tls_t *tls; 724 725 tls = tor_malloc_zero(sizeof(tor_tls_t)); 726 tls->ssl = tor_malloc_zero(sizeof(SSL)); 727 tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE)); 728 #ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG 729 #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0 730 #endif 731 732 tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; 733 734 tor_tls_block_renegotiation(tls); 735 736 done: 737 tor_free(tls->ssl->s3); 738 tor_free(tls->ssl); 739 tor_free(tls); 740 } 741 742 static void 743 test_tortls_unblock_renegotiation(void *ignored) 744 { 745 (void)ignored; 746 tor_tls_t *tls; 747 748 tls = tor_malloc_zero(sizeof(tor_tls_t)); 749 tls->ssl = tor_malloc_zero(sizeof(SSL)); 750 tor_tls_unblock_renegotiation(tls); 751 752 tt_uint_op(SSL_get_options(tls->ssl) & 753 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ, 754 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); 755 756 done: 757 tor_free(tls->ssl); 758 tor_free(tls); 759 } 760 #endif /* !defined(OPENSSL_OPAQUE) */ 761 762 static void 763 test_tortls_set_logged_address(void *ignored) 764 { 765 (void)ignored; 766 tor_tls_t *tls; 767 768 tls = tor_malloc_zero(sizeof(tor_tls_t)); 769 770 tor_tls_set_logged_address(tls, "foo bar"); 771 772 tt_str_op(tls->address, OP_EQ, "foo bar"); 773 774 tor_tls_set_logged_address(tls, "foo bar 2"); 775 tt_str_op(tls->address, OP_EQ, "foo bar 2"); 776 777 done: 778 tor_free(tls->address); 779 tor_free(tls); 780 } 781 782 #ifndef OPENSSL_OPAQUE 783 static void 784 example_cb(tor_tls_t *t, void *arg) 785 { 786 (void)t; 787 (void)arg; 788 } 789 790 static void 791 test_tortls_set_renegotiate_callback(void *ignored) 792 { 793 (void)ignored; 794 tor_tls_t *tls; 795 const char *arg = "hello"; 796 797 tls = tor_malloc_zero(sizeof(tor_tls_t)); 798 tls->ssl = tor_malloc_zero(sizeof(SSL)); 799 800 tor_tls_set_renegotiate_callback(tls, example_cb, (void*)arg); 801 tt_assert(tls->negotiated_callback == example_cb); 802 tt_assert(tls->callback_arg == arg); 803 tt_assert(!tls->got_renegotiate); 804 805 /* Assumes V2_HANDSHAKE_SERVER */ 806 tt_assert(tls->ssl->info_callback == tor_tls_server_info_callback); 807 808 tor_tls_set_renegotiate_callback(tls, NULL, (void*)arg); 809 tt_assert(tls->ssl->info_callback == tor_tls_debug_state_callback); 810 811 done: 812 tor_free(tls->ssl); 813 tor_free(tls); 814 } 815 #endif /* !defined(OPENSSL_OPAQUE) */ 816 817 #ifndef OPENSSL_OPAQUE 818 static void 819 test_tortls_debug_state_callback(void *ignored) 820 { 821 (void)ignored; 822 SSL *ssl; 823 char *buf = tor_malloc_zero(1000); 824 int n; 825 826 setup_capture_of_logs(LOG_DEBUG); 827 828 ssl = tor_malloc_zero(sizeof(SSL)); 829 830 tor_tls_debug_state_callback(ssl, 32, 45); 831 832 n = tor_snprintf(buf, 1000, "SSL %p is now in state unknown" 833 " state [type=32,val=45].\n", ssl); 834 /* tor's snprintf returns -1 on error */ 835 tt_int_op(n, OP_NE, -1); 836 expect_log_msg(buf); 837 838 done: 839 teardown_capture_of_logs(); 840 tor_free(buf); 841 tor_free(ssl); 842 } 843 #endif /* !defined(OPENSSL_OPAQUE) */ 844 845 #ifndef OPENSSL_OPAQUE 846 static void 847 test_tortls_server_info_callback(void *ignored) 848 { 849 (void)ignored; 850 tor_tls_t *tls; 851 SSL_CTX *ctx; 852 SSL *ssl; 853 854 library_init(); 855 856 ctx = SSL_CTX_new(TLSv1_method()); 857 ssl = SSL_new(ctx); 858 859 tor_tls_allocate_tor_tls_object_ex_data_index(); 860 861 tls = tor_malloc_zero(sizeof(tor_tls_t)); 862 tls->magic = TOR_TLS_MAGIC; 863 tls->ssl = ssl; 864 865 setup_full_capture_of_logs(LOG_WARN); 866 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_A); 867 mock_clean_saved_logs(); 868 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0); 869 expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n"); 870 871 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B); 872 mock_clean_saved_logs(); 873 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0); 874 expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n"); 875 876 SSL_set_state(ssl, 99); 877 mock_clean_saved_logs(); 878 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0); 879 expect_no_log_entry(); 880 teardown_capture_of_logs(); 881 882 SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls); 883 SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B); 884 tls->negotiated_callback = 0; 885 //tls->server_handshake_count = 120; 886 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0); 887 //tt_int_op(tls->server_handshake_count, OP_EQ, 121); 888 889 //tls->server_handshake_count = 127; 890 tls->negotiated_callback = (void *)1; 891 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0); 892 //tt_int_op(tls->server_handshake_count, OP_EQ, 127); 893 tt_int_op(tls->got_renegotiate, OP_EQ, 1); 894 895 tls->ssl->session = SSL_SESSION_new(); 896 tls->wasV2Handshake = 0; 897 tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0); 898 tt_int_op(tls->wasV2Handshake, OP_EQ, 0); 899 900 done: 901 teardown_capture_of_logs(); 902 SSL_free(ssl); 903 SSL_CTX_free(ctx); 904 tor_free(tls); 905 } 906 #endif /* !defined(OPENSSL_OPAQUE) */ 907 908 #ifndef OPENSSL_OPAQUE 909 static int fixed_ssl_read_result_index; 910 static int fixed_ssl_read_result[5]; 911 912 static int 913 fixed_ssl_read(SSL *s, void *buf, int len) 914 { 915 (void)s; 916 (void)buf; 917 (void)len; 918 return fixed_ssl_read_result[fixed_ssl_read_result_index++]; 919 } 920 921 static int 922 dummy_handshake_func(SSL *s) 923 { 924 (void)s; 925 return 1; 926 } 927 928 static int negotiated_callback_called; 929 930 static void 931 negotiated_callback_setter(tor_tls_t *t, void *arg) 932 { 933 (void)t; 934 (void)arg; 935 negotiated_callback_called++; 936 } 937 938 static void 939 test_tortls_read(void *ignored) 940 { 941 (void)ignored; 942 int ret; 943 tor_tls_t *tls; 944 char buf[100]; 945 SSL_METHOD *method = give_me_a_test_method(); 946 setup_capture_of_logs(LOG_WARN); 947 948 tls = tor_malloc_zero(sizeof(tor_tls_t)); 949 tls->ssl = tor_malloc_zero(sizeof(SSL)); 950 tls->state = TOR_TLS_ST_OPEN; 951 952 ret = tor_tls_read(tls, buf, 10); 953 tt_int_op(ret, OP_EQ, -9); 954 955 /* These tests assume that V2_HANDSHAKE_SERVER is set */ 956 tls->ssl->handshake_func = dummy_handshake_func; 957 tls->ssl->method = method; 958 method->ssl_read = fixed_ssl_read; 959 fixed_ssl_read_result_index = 0; 960 fixed_ssl_read_result[0] = 42; 961 tls->state = TOR_TLS_ST_OPEN; 962 ERR_clear_error(); 963 ret = tor_tls_read(tls, buf, 10); 964 tt_int_op(ret, OP_EQ, 42); 965 966 tls->state = TOR_TLS_ST_OPEN; 967 tls->got_renegotiate = 1; 968 fixed_ssl_read_result_index = 0; 969 ERR_clear_error(); 970 ret = tor_tls_read(tls, buf, 10); 971 tt_int_op(tls->got_renegotiate, OP_EQ, 0); 972 973 tls->state = TOR_TLS_ST_OPEN; 974 tls->got_renegotiate = 1; 975 negotiated_callback_called = 0; 976 tls->negotiated_callback = negotiated_callback_setter; 977 fixed_ssl_read_result_index = 0; 978 ERR_clear_error(); 979 ret = tor_tls_read(tls, buf, 10); 980 tt_int_op(negotiated_callback_called, OP_EQ, 1); 981 982 #ifndef LIBRESSL_VERSION_NUMBER 983 fixed_ssl_read_result_index = 0; 984 fixed_ssl_read_result[0] = 0; 985 tls->ssl->version = SSL2_VERSION; 986 ERR_clear_error(); 987 ret = tor_tls_read(tls, buf, 10); 988 tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE); 989 tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED); 990 #endif /* !defined(LIBRESSL_VERSION_NUMBER) */ 991 // TODO: fill up 992 993 done: 994 teardown_capture_of_logs(); 995 tor_free(tls->ssl); 996 tor_free(tls); 997 tor_free(method); 998 } 999 1000 static int fixed_ssl_write_result; 1001 1002 static int 1003 fixed_ssl_write(SSL *s, const void *buf, int len) 1004 { 1005 (void)s; 1006 (void)buf; 1007 (void)len; 1008 return fixed_ssl_write_result; 1009 } 1010 1011 static void 1012 test_tortls_write(void *ignored) 1013 { 1014 (void)ignored; 1015 int ret; 1016 tor_tls_t *tls; 1017 SSL_METHOD *method = give_me_a_test_method(); 1018 char buf[100]; 1019 setup_capture_of_logs(LOG_WARN); 1020 1021 tls = tor_malloc_zero(sizeof(tor_tls_t)); 1022 tls->ssl = tor_malloc_zero(sizeof(SSL)); 1023 tls->state = TOR_TLS_ST_OPEN; 1024 1025 ret = tor_tls_write(tls, buf, 0); 1026 tt_int_op(ret, OP_EQ, 0); 1027 1028 ret = tor_tls_write(tls, buf, 10); 1029 tt_int_op(ret, OP_EQ, -9); 1030 1031 tls->ssl->method = method; 1032 tls->wantwrite_n = 1; 1033 ret = tor_tls_write(tls, buf, 10); 1034 tt_int_op(tls->wantwrite_n, OP_EQ, 0); 1035 1036 method->ssl_write = fixed_ssl_write; 1037 tls->ssl->handshake_func = dummy_handshake_func; 1038 fixed_ssl_write_result = 1; 1039 ERR_clear_error(); 1040 ret = tor_tls_write(tls, buf, 10); 1041 tt_int_op(ret, OP_EQ, 1); 1042 1043 fixed_ssl_write_result = -1; 1044 ERR_clear_error(); 1045 tls->ssl->rwstate = SSL_READING; 1046 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL); 1047 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ; 1048 ret = tor_tls_write(tls, buf, 10); 1049 tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD); 1050 1051 ERR_clear_error(); 1052 tls->ssl->rwstate = SSL_READING; 1053 SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL); 1054 SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE; 1055 ret = tor_tls_write(tls, buf, 10); 1056 tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE); 1057 1058 done: 1059 teardown_capture_of_logs(); 1060 BIO_free(tls->ssl->rbio); 1061 tor_free(tls->ssl); 1062 tor_free(tls); 1063 tor_free(method); 1064 } 1065 #endif /* !defined(OPENSSL_OPAQUE) */ 1066 1067 #ifndef OPENSSL_OPAQUE 1068 static int fixed_ssl_accept_result; 1069 static int fixed_ssl_connect_result; 1070 1071 static int 1072 setting_error_ssl_accept(SSL *ssl) 1073 { 1074 (void)ssl; 1075 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99); 1076 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99); 1077 return fixed_ssl_accept_result; 1078 } 1079 1080 static int 1081 setting_error_ssl_connect(SSL *ssl) 1082 { 1083 (void)ssl; 1084 ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99); 1085 ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99); 1086 return fixed_ssl_connect_result; 1087 } 1088 1089 static int 1090 fixed_ssl_accept(SSL *ssl) 1091 { 1092 (void) ssl; 1093 return fixed_ssl_accept_result; 1094 } 1095 1096 static void 1097 test_tortls_handshake(void *ignored) 1098 { 1099 (void)ignored; 1100 int ret; 1101 tor_tls_t *tls; 1102 SSL_CTX *ctx; 1103 SSL_METHOD *method = give_me_a_test_method(); 1104 setup_capture_of_logs(LOG_INFO); 1105 1106 SSL_library_init(); 1107 SSL_load_error_strings(); 1108 1109 ctx = SSL_CTX_new(TLSv1_method()); 1110 1111 tls = tor_malloc_zero(sizeof(tor_tls_t)); 1112 tls->ssl = SSL_new(ctx); 1113 tls->state = TOR_TLS_ST_HANDSHAKE; 1114 1115 ret = tor_tls_handshake(tls); 1116 tt_int_op(ret, OP_EQ, -9); 1117 1118 tls->isServer = 1; 1119 tls->state = TOR_TLS_ST_HANDSHAKE; 1120 ret = tor_tls_handshake(tls); 1121 tt_int_op(ret, OP_EQ, -9); 1122 1123 tls->ssl->method = method; 1124 method->ssl_accept = fixed_ssl_accept; 1125 fixed_ssl_accept_result = 2; 1126 ERR_clear_error(); 1127 tls->state = TOR_TLS_ST_HANDSHAKE; 1128 ret = tor_tls_handshake(tls); 1129 tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_OPEN); 1130 1131 method->ssl_accept = setting_error_ssl_accept; 1132 fixed_ssl_accept_result = 1; 1133 ERR_clear_error(); 1134 mock_clean_saved_logs(); 1135 tls->state = TOR_TLS_ST_HANDSHAKE; 1136 ret = tor_tls_handshake(tls); 1137 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC); 1138 expect_log_entry(); 1139 /* This fails on jessie. Investigate why! */ 1140 #if 0 1141 expect_log_msg("TLS error while handshaking: (null) (in bignum routines:" 1142 "(null):SSLv3 write client hello B)\n"); 1143 expect_log_msg("TLS error while handshaking: (null) (in system library:" 1144 "connect:SSLv3 write client hello B)\n"); 1145 #endif /* 0 */ 1146 expect_log_severity(LOG_INFO); 1147 1148 tls->isServer = 0; 1149 method->ssl_connect = setting_error_ssl_connect; 1150 fixed_ssl_connect_result = 1; 1151 ERR_clear_error(); 1152 mock_clean_saved_logs(); 1153 tls->state = TOR_TLS_ST_HANDSHAKE; 1154 ret = tor_tls_handshake(tls); 1155 tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC); 1156 expect_log_entry(); 1157 #if 0 1158 /* See above */ 1159 expect_log_msg("TLS error while handshaking: " 1160 "(null) (in bignum routines:(null):SSLv3 write client hello B)\n"); 1161 expect_log_msg("TLS error while handshaking: " 1162 "(null) (in system library:connect:SSLv3 write client hello B)\n"); 1163 #endif /* 0 */ 1164 expect_log_severity(LOG_WARN); 1165 1166 done: 1167 teardown_capture_of_logs(); 1168 SSL_free(tls->ssl); 1169 SSL_CTX_free(ctx); 1170 tor_free(tls); 1171 tor_free(method); 1172 } 1173 #endif /* !defined(OPENSSL_OPAQUE) */ 1174 1175 #ifndef OPENSSL_OPAQUE 1176 static void 1177 test_tortls_finish_handshake(void *ignored) 1178 { 1179 (void)ignored; 1180 int ret; 1181 tor_tls_t *tls; 1182 SSL_CTX *ctx; 1183 SSL_METHOD *method = give_me_a_test_method(); 1184 SSL_library_init(); 1185 SSL_load_error_strings(); 1186 1187 X509 *c1 = read_cert_from(validCertString); 1188 SESS_CERT_local *sess = NULL; 1189 1190 ctx = SSL_CTX_new(method); 1191 1192 tls = tor_malloc_zero(sizeof(tor_tls_t)); 1193 tls->ssl = SSL_new(ctx); 1194 tls->state = TOR_TLS_ST_OPEN; 1195 1196 ret = tor_tls_finish_handshake(tls); 1197 tt_int_op(ret, OP_EQ, 0); 1198 1199 tls->isServer = 1; 1200 tls->wasV2Handshake = 0; 1201 setup_full_capture_of_logs(LOG_WARN); 1202 ret = tor_tls_finish_handshake(tls); 1203 tt_int_op(ret, OP_EQ, 0); 1204 tt_int_op(tls->wasV2Handshake, OP_EQ, 1); 1205 expect_single_log_msg_containing("For some reason, wasV2Handshake didn't " 1206 "get set."); 1207 teardown_capture_of_logs(); 1208 1209 tls->wasV2Handshake = 1; 1210 ret = tor_tls_finish_handshake(tls); 1211 tt_int_op(ret, OP_EQ, 0); 1212 tt_int_op(tls->wasV2Handshake, OP_EQ, 1); 1213 1214 tls->wasV2Handshake = 1; 1215 tls->ssl->session = SSL_SESSION_new(); 1216 ret = tor_tls_finish_handshake(tls); 1217 tt_int_op(ret, OP_EQ, 0); 1218 tt_int_op(tls->wasV2Handshake, OP_EQ, 0); 1219 1220 tls->isServer = 0; 1221 1222 sess = tor_malloc_zero(sizeof(SESS_CERT_local)); 1223 tls->ssl->session->sess_cert = (void *)sess; 1224 sess->cert_chain = sk_X509_new_null(); 1225 sk_X509_push(sess->cert_chain, c1); 1226 tls->ssl->session->peer = c1; 1227 tls->wasV2Handshake = 0; 1228 ret = tor_tls_finish_handshake(tls); 1229 tt_int_op(ret, OP_EQ, 0); 1230 tt_int_op(tls->wasV2Handshake, OP_EQ, 1); 1231 1232 method->num_ciphers = fake_num_ciphers; 1233 ret = tor_tls_finish_handshake(tls); 1234 tt_int_op(ret, OP_EQ, -9); 1235 1236 done: 1237 if (sess) 1238 sk_X509_free(sess->cert_chain); 1239 if (tls->ssl && tls->ssl->session) { 1240 tor_free(tls->ssl->session->sess_cert); 1241 } 1242 SSL_free(tls->ssl); 1243 tor_free(tls); 1244 SSL_CTX_free(ctx); 1245 tor_free(method); 1246 teardown_capture_of_logs(); 1247 } 1248 #endif /* !defined(OPENSSL_OPAQUE) */ 1249 1250 static int fixed_crypto_pk_new_result_index; 1251 static crypto_pk_t *fixed_crypto_pk_new_result[5]; 1252 1253 static crypto_pk_t * 1254 fixed_crypto_pk_new(void) 1255 { 1256 return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++]; 1257 } 1258 1259 #ifndef OPENSSL_OPAQUE 1260 static int fixed_crypto_pk_generate_key_with_bits_result_index; 1261 static int fixed_crypto_pk_generate_key_with_bits_result[5]; 1262 static int fixed_tor_tls_create_certificate_result_index; 1263 static X509 *fixed_tor_tls_create_certificate_result[5]; 1264 static int fixed_tor_x509_cert_new_result_index; 1265 static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5]; 1266 1267 static int 1268 fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) 1269 { 1270 (void)env; 1271 (void)bits; 1272 return fixed_crypto_pk_generate_key_with_bits_result[ 1273 fixed_crypto_pk_generate_key_with_bits_result_index++]; 1274 } 1275 1276 static X509 * 1277 fixed_tor_tls_create_certificate(crypto_pk_t *rsa, 1278 crypto_pk_t *rsa_sign, 1279 const char *cname, 1280 const char *cname_sign, 1281 unsigned int cert_lifetime) 1282 { 1283 (void)rsa; 1284 (void)rsa_sign; 1285 (void)cname; 1286 (void)cname_sign; 1287 (void)cert_lifetime; 1288 X509 *result = fixed_tor_tls_create_certificate_result[ 1289 fixed_tor_tls_create_certificate_result_index++]; 1290 if (result) 1291 return X509_dup(result); 1292 else 1293 return NULL; 1294 } 1295 1296 static void 1297 fixed_tor_tls_create_certificate_results_free(void) 1298 { 1299 unsigned i; 1300 for (i = 0; i < ARRAY_LENGTH(fixed_tor_tls_create_certificate_result); ++i) { 1301 X509 *cert = fixed_tor_tls_create_certificate_result[i]; 1302 if (cert) 1303 X509_free(cert); 1304 fixed_tor_tls_create_certificate_result[i] = NULL; 1305 } 1306 } 1307 1308 static void 1309 fixed_tor_x509_cert_new_results_free(void) 1310 { 1311 unsigned i; 1312 for (i = 0; i < ARRAY_LENGTH(fixed_tor_x509_cert_new_result); ++i) { 1313 tor_x509_cert_free(fixed_tor_x509_cert_new_result[i]); 1314 } 1315 } 1316 1317 static tor_x509_cert_t * 1318 fixed_tor_x509_cert_new(tor_x509_cert_impl_t *x509_cert) 1319 { 1320 (void) x509_cert; 1321 tor_x509_cert_t **certp = 1322 &fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++]; 1323 tor_x509_cert_t *cert = *certp; 1324 *certp = NULL; 1325 return cert; 1326 } 1327 1328 static void 1329 test_tortls_context_new(void *ignored) 1330 { 1331 (void)ignored; 1332 tor_tls_context_t *ret; 1333 crypto_pk_t *pk1, *pk2, *pk3, *pk4, *pk5, *pk6, *pk7, *pk8, *pk9, *pk10, 1334 *pk11, *pk12, *pk13, *pk14, *pk15, *pk16, *pk17, *pk18; 1335 1336 pk1 = crypto_pk_new(); 1337 pk2 = crypto_pk_new(); 1338 pk3 = crypto_pk_new(); 1339 pk4 = crypto_pk_new(); 1340 pk5 = crypto_pk_new(); 1341 pk6 = crypto_pk_new(); 1342 pk7 = crypto_pk_new(); 1343 pk8 = crypto_pk_new(); 1344 pk9 = crypto_pk_new(); 1345 pk10 = crypto_pk_new(); 1346 pk11 = crypto_pk_new(); 1347 pk12 = crypto_pk_new(); 1348 pk13 = crypto_pk_new(); 1349 pk14 = crypto_pk_new(); 1350 pk15 = crypto_pk_new(); 1351 pk16 = crypto_pk_new(); 1352 pk17 = crypto_pk_new(); 1353 pk18 = crypto_pk_new(); 1354 1355 fixed_crypto_pk_new_result_index = 0; 1356 fixed_crypto_pk_new_result[0] = NULL; 1357 MOCK(crypto_pk_new, fixed_crypto_pk_new); 1358 ret = tor_tls_context_new(NULL, 0, 0, 0); 1359 tt_assert(!ret); 1360 1361 /* note: we already override this in testing_common.c, so we 1362 * run this unit test in a subprocess. */ 1363 MOCK(crypto_pk_generate_key_with_bits, 1364 fixed_crypto_pk_generate_key_with_bits); 1365 fixed_crypto_pk_new_result_index = 0; 1366 fixed_crypto_pk_new_result[0] = pk1; 1367 fixed_crypto_pk_new_result[1] = NULL; 1368 fixed_crypto_pk_generate_key_with_bits_result[0] = -1; 1369 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1370 ret = tor_tls_context_new(NULL, 0, 0, 0); 1371 tt_assert(!ret); 1372 1373 fixed_crypto_pk_new_result_index = 0; 1374 fixed_crypto_pk_new_result[0] = pk2; 1375 fixed_crypto_pk_new_result[1] = NULL; 1376 fixed_crypto_pk_generate_key_with_bits_result[0] = 0; 1377 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1378 ret = tor_tls_context_new(NULL, 0, 0, 0); 1379 tt_assert(!ret); 1380 1381 fixed_crypto_pk_new_result_index = 0; 1382 fixed_crypto_pk_new_result[0] = pk3; 1383 fixed_crypto_pk_new_result[1] = pk4; 1384 fixed_crypto_pk_new_result[2] = NULL; 1385 fixed_crypto_pk_generate_key_with_bits_result[0] = 0; 1386 fixed_crypto_pk_generate_key_with_bits_result[1] = -1; 1387 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1388 ret = tor_tls_context_new(NULL, 0, 0, 0); 1389 tt_assert(!ret); 1390 1391 MOCK(tor_tls_create_certificate, fixed_tor_tls_create_certificate); 1392 1393 fixed_crypto_pk_new_result_index = 0; 1394 fixed_crypto_pk_new_result[0] = pk5; 1395 fixed_crypto_pk_new_result[1] = pk6; 1396 fixed_crypto_pk_new_result[2] = NULL; 1397 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1398 fixed_crypto_pk_generate_key_with_bits_result[1] = 0; 1399 fixed_tor_tls_create_certificate_result_index = 0; 1400 fixed_tor_tls_create_certificate_result[0] = NULL; 1401 fixed_tor_tls_create_certificate_result[1] = X509_new(); 1402 fixed_tor_tls_create_certificate_result[2] = X509_new(); 1403 ret = tor_tls_context_new(NULL, 0, 0, 0); 1404 tt_assert(!ret); 1405 fixed_tor_tls_create_certificate_results_free(); 1406 1407 fixed_crypto_pk_new_result_index = 0; 1408 fixed_crypto_pk_new_result[0] = pk7; 1409 fixed_crypto_pk_new_result[1] = pk8; 1410 fixed_crypto_pk_new_result[2] = NULL; 1411 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1412 fixed_tor_tls_create_certificate_result_index = 0; 1413 fixed_tor_tls_create_certificate_result[0] = X509_new(); 1414 fixed_tor_tls_create_certificate_result[1] = NULL; 1415 fixed_tor_tls_create_certificate_result[2] = X509_new(); 1416 ret = tor_tls_context_new(NULL, 0, 0, 0); 1417 tt_assert(!ret); 1418 fixed_tor_tls_create_certificate_results_free(); 1419 1420 fixed_crypto_pk_new_result_index = 0; 1421 fixed_crypto_pk_new_result[0] = pk9; 1422 fixed_crypto_pk_new_result[1] = pk10; 1423 fixed_crypto_pk_new_result[2] = NULL; 1424 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1425 fixed_tor_tls_create_certificate_result_index = 0; 1426 fixed_tor_tls_create_certificate_result[0] = X509_new(); 1427 fixed_tor_tls_create_certificate_result[1] = X509_new(); 1428 fixed_tor_tls_create_certificate_result[2] = NULL; 1429 ret = tor_tls_context_new(NULL, 0, 0, 0); 1430 tt_assert(!ret); 1431 fixed_tor_tls_create_certificate_results_free(); 1432 1433 MOCK(tor_x509_cert_new, fixed_tor_x509_cert_new); 1434 fixed_crypto_pk_new_result_index = 0; 1435 fixed_crypto_pk_new_result[0] = pk11; 1436 fixed_crypto_pk_new_result[1] = pk12; 1437 fixed_crypto_pk_new_result[2] = NULL; 1438 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1439 fixed_tor_tls_create_certificate_result_index = 0; 1440 fixed_tor_tls_create_certificate_result[0] = X509_new(); 1441 fixed_tor_tls_create_certificate_result[1] = X509_new(); 1442 fixed_tor_tls_create_certificate_result[2] = X509_new(); 1443 fixed_tor_x509_cert_new_result_index = 0; 1444 fixed_tor_x509_cert_new_result[0] = NULL; 1445 fixed_tor_x509_cert_new_result[1] = NULL; 1446 fixed_tor_x509_cert_new_result[2] = NULL; 1447 ret = tor_tls_context_new(NULL, 0, 0, 0); 1448 tt_assert(!ret); 1449 fixed_tor_tls_create_certificate_results_free(); 1450 1451 fixed_crypto_pk_new_result_index = 0; 1452 fixed_crypto_pk_new_result[0] = pk13; 1453 fixed_crypto_pk_new_result[1] = pk14; 1454 fixed_crypto_pk_new_result[2] = NULL; 1455 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1456 fixed_tor_tls_create_certificate_result_index = 0; 1457 fixed_tor_tls_create_certificate_result[0] = X509_new(); 1458 fixed_tor_tls_create_certificate_result[1] = X509_new(); 1459 fixed_tor_tls_create_certificate_result[2] = X509_new(); 1460 fixed_tor_x509_cert_new_result_index = 0; 1461 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t)); 1462 fixed_tor_x509_cert_new_result[1] = NULL; 1463 fixed_tor_x509_cert_new_result[2] = NULL; 1464 ret = tor_tls_context_new(NULL, 0, 0, 0); 1465 tt_assert(!ret); 1466 fixed_tor_tls_create_certificate_results_free(); 1467 fixed_tor_x509_cert_new_results_free(); 1468 1469 fixed_crypto_pk_new_result_index = 0; 1470 fixed_crypto_pk_new_result[0] = pk15; 1471 fixed_crypto_pk_new_result[1] = pk16; 1472 fixed_crypto_pk_new_result[2] = NULL; 1473 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1474 fixed_tor_tls_create_certificate_result_index = 0; 1475 fixed_tor_tls_create_certificate_result[0] = X509_new(); 1476 fixed_tor_tls_create_certificate_result[1] = X509_new(); 1477 fixed_tor_tls_create_certificate_result[2] = X509_new(); 1478 fixed_tor_x509_cert_new_result_index = 0; 1479 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t)); 1480 fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t)); 1481 fixed_tor_x509_cert_new_result[2] = NULL; 1482 ret = tor_tls_context_new(NULL, 0, 0, 0); 1483 tt_assert(!ret); 1484 fixed_tor_tls_create_certificate_results_free(); 1485 fixed_tor_x509_cert_new_results_free(); 1486 1487 fixed_crypto_pk_new_result_index = 0; 1488 fixed_crypto_pk_new_result[0] = pk17; 1489 fixed_crypto_pk_new_result[1] = pk18; 1490 fixed_crypto_pk_new_result[2] = NULL; 1491 fixed_crypto_pk_generate_key_with_bits_result_index = 0; 1492 fixed_tor_tls_create_certificate_result_index = 0; 1493 fixed_tor_tls_create_certificate_result[0] = X509_new(); 1494 fixed_tor_tls_create_certificate_result[1] = X509_new(); 1495 fixed_tor_tls_create_certificate_result[2] = X509_new(); 1496 fixed_tor_x509_cert_new_result_index = 0; 1497 fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t)); 1498 fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t)); 1499 fixed_tor_x509_cert_new_result[2] = tor_malloc_zero(sizeof(tor_x509_cert_t)); 1500 ret = tor_tls_context_new(NULL, 0, 0, 0); 1501 tt_assert(!ret); 1502 1503 done: 1504 fixed_tor_tls_create_certificate_results_free(); 1505 fixed_tor_x509_cert_new_results_free(); 1506 UNMOCK(tor_x509_cert_new); 1507 UNMOCK(tor_tls_create_certificate); 1508 UNMOCK(crypto_pk_generate_key_with_bits); 1509 UNMOCK(crypto_pk_new); 1510 } 1511 #endif /* !defined(OPENSSL_OPAQUE) */ 1512 1513 static int fixed_crypto_pk_get_evp_pkey_result_index = 0; 1514 static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5]; 1515 1516 static EVP_PKEY * 1517 fixed_crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private) 1518 { 1519 (void) env; 1520 (void) private; 1521 return fixed_crypto_pk_get_evp_pkey_result[ 1522 fixed_crypto_pk_get_evp_pkey_result_index++]; 1523 } 1524 1525 static void 1526 test_tortls_create_certificate(void *ignored) 1527 { 1528 (void)ignored; 1529 X509 *ret; 1530 crypto_pk_t *pk1, *pk2; 1531 1532 pk1 = crypto_pk_new(); 1533 pk2 = crypto_pk_new(); 1534 1535 MOCK(crypto_pk_get_openssl_evp_pkey_, fixed_crypto_pk_get_evp_pkey_); 1536 fixed_crypto_pk_get_evp_pkey_result_index = 0; 1537 fixed_crypto_pk_get_evp_pkey_result[0] = NULL; 1538 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1); 1539 tt_assert(!ret); 1540 1541 fixed_crypto_pk_get_evp_pkey_result_index = 0; 1542 fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new(); 1543 fixed_crypto_pk_get_evp_pkey_result[1] = NULL; 1544 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1); 1545 tt_assert(!ret); 1546 1547 fixed_crypto_pk_get_evp_pkey_result_index = 0; 1548 fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new(); 1549 fixed_crypto_pk_get_evp_pkey_result[1] = EVP_PKEY_new(); 1550 ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1); 1551 tt_assert(!ret); 1552 1553 done: 1554 UNMOCK(crypto_pk_get_openssl_evp_pkey_); 1555 crypto_pk_free(pk1); 1556 crypto_pk_free(pk2); 1557 } 1558 1559 static void 1560 test_tortls_cert_new(void *ignored) 1561 { 1562 (void)ignored; 1563 tor_x509_cert_t *ret; 1564 X509 *cert = read_cert_from(validCertString); 1565 1566 ret = tor_x509_cert_new(NULL); 1567 tt_assert(!ret); 1568 1569 ret = tor_x509_cert_new(cert); 1570 tt_assert(ret); 1571 tor_x509_cert_free(ret); 1572 ret = NULL; 1573 1574 #if 0 1575 cert = read_cert_from(validCertString); 1576 /* XXX this doesn't do what you think: it alters a copy of the pubkey. */ 1577 X509_get_pubkey(cert)->type = EVP_PKEY_DSA; 1578 ret = tor_x509_cert_new(cert); 1579 tt_assert(ret); 1580 #endif /* 0 */ 1581 1582 #ifndef OPENSSL_OPAQUE 1583 cert = read_cert_from(validCertString); 1584 X509_CINF_free(cert->cert_info); 1585 cert->cert_info = NULL; 1586 ret = tor_x509_cert_new(cert); 1587 tt_assert(ret); 1588 #endif /* !defined(OPENSSL_OPAQUE) */ 1589 1590 done: 1591 tor_x509_cert_free(ret); 1592 } 1593 1594 static void 1595 test_tortls_cert_is_valid(void *ignored) 1596 { 1597 (void)ignored; 1598 int ret; 1599 tor_x509_cert_t *cert = NULL, *scert = NULL; 1600 time_t now = cert_strings_valid_at; 1601 1602 scert = tor_malloc_zero(sizeof(tor_x509_cert_t)); 1603 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0); 1604 tt_int_op(ret, OP_EQ, 0); 1605 1606 cert = tor_malloc_zero(sizeof(tor_x509_cert_t)); 1607 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0); 1608 tt_int_op(ret, OP_EQ, 0); 1609 tor_free(scert); 1610 tor_free(cert); 1611 1612 cert = tor_x509_cert_new(read_cert_from(validCertString)); 1613 scert = tor_x509_cert_new(read_cert_from(caCertString)); 1614 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0); 1615 tt_int_op(ret, OP_EQ, 1); 1616 1617 #ifndef OPENSSL_OPAQUE 1618 tor_x509_cert_free(cert); 1619 tor_x509_cert_free(scert); 1620 cert = tor_x509_cert_new(read_cert_from(validCertString)); 1621 scert = tor_x509_cert_new(read_cert_from(caCertString)); 1622 ASN1_TIME_free(cert->cert->cert_info->validity->notAfter); 1623 cert->cert->cert_info->validity->notAfter = 1624 ASN1_TIME_set(NULL, time(NULL)-1000000); 1625 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0); 1626 tt_int_op(ret, OP_EQ, 0); 1627 1628 tor_x509_cert_free(cert); 1629 tor_x509_cert_free(scert); 1630 cert = tor_x509_cert_new(read_cert_from(validCertString)); 1631 scert = tor_x509_cert_new(read_cert_from(caCertString)); 1632 X509_PUBKEY_free(cert->cert->cert_info->key); 1633 cert->cert->cert_info->key = NULL; 1634 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 1); 1635 tt_int_op(ret, OP_EQ, 0); 1636 #endif /* !defined(OPENSSL_OPAQUE) */ 1637 1638 #if 0 1639 tor_x509_cert_free(cert); 1640 tor_x509_cert_free(scert); 1641 cert = tor_x509_cert_new(read_cert_from(validCertString)); 1642 scert = tor_x509_cert_new(read_cert_from(caCertString)); 1643 /* This doesn't actually change the key in the cert. XXXXXX */ 1644 BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n); 1645 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 1); 1646 tt_int_op(ret, OP_EQ, 0); 1647 1648 tor_x509_cert_free(cert); 1649 tor_x509_cert_free(scert); 1650 cert = tor_x509_cert_new(read_cert_from(validCertString)); 1651 scert = tor_x509_cert_new(read_cert_from(caCertString)); 1652 /* This doesn't actually change the key in the cert. XXXXXX */ 1653 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC; 1654 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 1); 1655 tt_int_op(ret, OP_EQ, 0); 1656 1657 tor_x509_cert_free(cert); 1658 tor_x509_cert_free(scert); 1659 cert = tor_x509_cert_new(read_cert_from(validCertString)); 1660 scert = tor_x509_cert_new(read_cert_from(caCertString)); 1661 /* This doesn't actually change the key in the cert. XXXXXX */ 1662 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC; 1663 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0); 1664 tt_int_op(ret, OP_EQ, 1); 1665 1666 tor_x509_cert_free(cert); 1667 tor_x509_cert_free(scert); 1668 cert = tor_x509_cert_new(read_cert_from(validCertString)); 1669 scert = tor_x509_cert_new(read_cert_from(caCertString)); 1670 /* This doesn't actually change the key in the cert. XXXXXX */ 1671 X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC; 1672 X509_get_pubkey(cert->cert)->ameth = NULL; 1673 ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, now, 0); 1674 tt_int_op(ret, OP_EQ, 0); 1675 #endif /* 0 */ 1676 1677 done: 1678 tor_x509_cert_free(cert); 1679 tor_x509_cert_free(scert); 1680 } 1681 1682 static void 1683 test_tortls_context_init_one(void *ignored) 1684 { 1685 (void)ignored; 1686 int ret; 1687 tor_tls_context_t *old = NULL; 1688 1689 MOCK(crypto_pk_new, fixed_crypto_pk_new); 1690 1691 fixed_crypto_pk_new_result_index = 0; 1692 fixed_crypto_pk_new_result[0] = NULL; 1693 ret = tor_tls_context_init_one(&old, NULL, 0, 0, 0); 1694 tt_int_op(ret, OP_EQ, -1); 1695 1696 done: 1697 UNMOCK(crypto_pk_new); 1698 } 1699 1700 #define LOCAL_TEST_CASE(name, flags) \ 1701 { #name, test_tortls_##name, (flags|TT_FORK), NULL, NULL } 1702 1703 #ifdef OPENSSL_OPAQUE 1704 #define INTRUSIVE_TEST_CASE(name, flags) \ 1705 { #name, NULL, TT_SKIP, NULL, NULL } 1706 #else 1707 #define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags) 1708 #endif /* defined(OPENSSL_OPAQUE) */ 1709 1710 struct testcase_t tortls_openssl_tests[] = { 1711 LOCAL_TEST_CASE(tor_tls_new, TT_FORK), 1712 LOCAL_TEST_CASE(get_state_description, TT_FORK), 1713 LOCAL_TEST_CASE(get_by_ssl, TT_FORK), 1714 LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK), 1715 LOCAL_TEST_CASE(log_one_error, TT_FORK), 1716 INTRUSIVE_TEST_CASE(get_error, TT_FORK), 1717 LOCAL_TEST_CASE(always_accept_verify_cb, 0), 1718 INTRUSIVE_TEST_CASE(x509_cert_free, 0), 1719 INTRUSIVE_TEST_CASE(cert_get_key, 0), 1720 INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0), 1721 INTRUSIVE_TEST_CASE(classify_client_ciphers, 0), 1722 INTRUSIVE_TEST_CASE(get_pending_bytes, 0), 1723 INTRUSIVE_TEST_CASE(get_buffer_sizes, 0), 1724 INTRUSIVE_TEST_CASE(get_peer_cert, 0), 1725 INTRUSIVE_TEST_CASE(peer_has_cert, 0), 1726 INTRUSIVE_TEST_CASE(finish_handshake, 0), 1727 INTRUSIVE_TEST_CASE(handshake, 0), 1728 INTRUSIVE_TEST_CASE(write, 0), 1729 INTRUSIVE_TEST_CASE(read, 0), 1730 INTRUSIVE_TEST_CASE(server_info_callback, 0), 1731 LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK), 1732 LOCAL_TEST_CASE(is_server, 0), 1733 INTRUSIVE_TEST_CASE(block_renegotiation, 0), 1734 INTRUSIVE_TEST_CASE(unblock_renegotiation, 0), 1735 INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0), 1736 LOCAL_TEST_CASE(set_logged_address, 0), 1737 INTRUSIVE_TEST_CASE(session_secret_cb, 0), 1738 INTRUSIVE_TEST_CASE(debug_state_callback, 0), 1739 INTRUSIVE_TEST_CASE(context_new, TT_FORK /* redundant */), 1740 LOCAL_TEST_CASE(create_certificate, 0), 1741 LOCAL_TEST_CASE(cert_new, 0), 1742 LOCAL_TEST_CASE(cert_is_valid, 0), 1743 LOCAL_TEST_CASE(context_init_one, 0), 1744 END_OF_TESTCASES 1745 };