Newer
Older
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
static char *cert = NULL;
static char *privkey = NULL;
#define LOG_BUFFER_SIZE 1024
static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
static int server_log_buffer_index = 0;
static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
static int client_log_buffer_index = 0;
static int error_writing_log = 0;
static const unsigned char orespder[] = "Dummy OCSP Response";
static int ocsp_server_called = 0;
static int ocsp_client_called = 0;
static int cdummyarg = 1;
static X509 *ocspcert = NULL;
/*
* This structure is used to validate that the correct number of log messages
* of various types are emitted when emitting secret logs.
*/
struct sslapitest_log_counts {
unsigned int rsa_key_exchange_count;
unsigned int master_secret_count;
unsigned int client_handshake_secret_count;
unsigned int server_handshake_secret_count;
unsigned int client_application_secret_count;
unsigned int server_application_secret_count;
};
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
static void client_keylog_callback(const SSL *ssl, const char *line) {
int line_length = strlen(line);
/* If the log doesn't fit, error out. */
if ((client_log_buffer_index + line_length) > LOG_BUFFER_SIZE) {
printf("No room in client log\n");
error_writing_log = 1;
return;
}
strcat(client_log_buffer, line);
client_log_buffer_index += line_length;
client_log_buffer[client_log_buffer_index] = '\n';
client_log_buffer_index += 1;
return;
}
static void server_keylog_callback(const SSL *ssl, const char *line) {
int line_length = strlen(line);
/* If the log doesn't fit, error out. */
if ((server_log_buffer_index + line_length) > LOG_BUFFER_SIZE) {
printf("No room in server log\n");
error_writing_log = 1;
return;
}
strcat(server_log_buffer, line);
server_log_buffer_index += line_length;
server_log_buffer[server_log_buffer_index] = '\n';
server_log_buffer_index += 1;
return;
}
static int compare_hex_encoded_buffer(const char *hex_encoded,
size_t hex_length,
const uint8_t *raw,
size_t raw_length) {
size_t i;
size_t j;
/* One byte too big, just to be safe. */
char hexed[3] = {0};
if ((raw_length * 2) != hex_length) {
printf("Inconsistent hex encoded lengths.\n");
return 1;
}
for (i = j = 0; (i < raw_length) && ((j + 1) < hex_length); i++) {
sprintf(hexed, "%02x", raw[i]);
if ((hexed[0] != hex_encoded[j]) || (hexed[1] != hex_encoded[j + 1])) {
printf("Hex output does not match.\n");
return 1;
}
j += 2;
}
return 0;
}
static int test_keylog_output(char *buffer, const SSL *ssl,
const SSL_SESSION *session,
struct sslapitest_log_counts *expected) {
char *token = NULL;
unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
size_t client_random_size = SSL3_RANDOM_SIZE;
unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
unsigned int rsa_key_exchange_count = 0;
unsigned int master_secret_count = 0;
unsigned int client_handshake_secret_count = 0;
unsigned int server_handshake_secret_count = 0;
unsigned int client_application_secret_count = 0;
unsigned int server_application_secret_count = 0;
token = strtok(buffer, " \n");
while (token) {
if (strcmp(token, "RSA") == 0) {
/*
* Premaster secret. Tokens should be: 16 ASCII bytes of
* hex-encoded encrypted secret, then the hex-encoded pre-master
* secret.
*/
token = strtok(NULL, " \n");
if (!token) {
printf("Unexpectedly short premaster secret log.\n");
}
if (strlen(token) != 16) {
printf("Bad value for encrypted secret: %s\n", token);
}
token = strtok(NULL, " \n");
if (!token) {
printf("Unexpectedly short premaster secret log.\n");
/*
* We can't sensibly check the log because the premaster secret is
* transient, and OpenSSL doesn't keep hold of it once the master
* secret is generated.
*/
rsa_key_exchange_count++;
} else if (strcmp(token, "CLIENT_RANDOM") == 0) {
/*
* Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
* client random, then the hex-encoded master secret.
*/
client_random_size = SSL_get_client_random(ssl,
actual_client_random,
SSL3_RANDOM_SIZE);
if (client_random_size != SSL3_RANDOM_SIZE) {
printf("Unexpected short client random.\n");
}
token = strtok(NULL, " \n");
if (!token) {
printf("Unexpected short master secret log.\n");
}
if (strlen(token) != 64) {
printf("Bad value for client random: %s\n", token);
}
if (compare_hex_encoded_buffer(token, 64, actual_client_random,
client_random_size)) {
printf("Bad value for client random: %s\n", token);
}
token = strtok(NULL, " \n");
if (!token) {
printf("Unexpectedly short master secret log.\n");
}
master_key_size = SSL_SESSION_get_master_key(session,
actual_master_key,
master_key_size);
if (!master_key_size) {
printf("Error getting master key to compare.\n");
Loading
Loading full blame…