test_tls_extensions: removed unused test

The test has not been used for a long time. The initial idea of the test was testing GnuTLS for some bugs. Let's leave GnuTLS testing for GnuTLS test-suite.
author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-10-06 20:12:23 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-10-10 11:54:32 +0300
commit: a781ffa5834f0ed4a496cf854d374a0e958e293f (patch)
tree: 245b96982c86636d4d08be306d9f27a36be3ba7c
parent: 3330f10e6242d4ef542a67e0d5af31a0251127ab (diff)
download: libmicrohttpd-a781ffa5834f0ed4a496cf854d374a0e958e293f.tar.gz
libmicrohttpd-a781ffa5834f0ed4a496cf854d374a0e958e293f.zip
1 files changed, 0 insertions, 297 deletions
diff --git a/src/testcurl/https/test_tls_extensions.c b/src/testcurl/https/test_tls_extensions.c
deleted file mode 100644
index 6cad17e8..00000000
--- a/src/testcurl/https/test_tls_extensions.c
+++ /dev/null
@@ -1,297 +0,0 @@
-/*
- This file is part of libmicrohttpd
- Copyright (C) 2007 Christian Grothoff
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING.  If not, write to the
- Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA.
- */
-/**
- * @file tls_extension_test.c
- * @brief: test daemon response to TLS client hello requests containing extensions
- *
- * @author Sagie Amir
- */
-#include "platform.h"
-#include "microhttpd.h"
-#include "tls_test_common.h"
-#include "mhd_sockets.h" /* only macros used */
-#ifdef MHD_HTTPS_REQUIRE_GCRYPT
-#include <gcrypt.h>
-#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
-#include "tls_test_keys.h"
-#define MAX_EXT_DATA_LENGTH 256
-/**
- * Test daemon response to TLS client hello requests containing extensions
- *
- * @param session
- * @param port
- * @param exten_t - the type of extension being appended to client hello request
- * @param ext_count - the number of consecutive extension replicas inserted into request
- * @param ext_length - the length of each appended extension
- * @return 0 on successful test completion, -1 otherwise
- */
-static int
-test_hello_extension (gnutls_session_t session, uint16_t port,
-                      extensions_t exten_t,
-                      int ext_count, int ext_length)
-{
-  int i, ret = 0, pos = 0;
-  MHD_socket sd;
-  int exten_data_len, ciphersuite_len, datalen;
-  struct sockaddr_in sa;
-  char url[255];
-  opaque *data = NULL;
-  uint8_t session_id_len = 0;
-  opaque rnd[TLS_RANDOM_SIZE];
-  opaque extdata[MAX_EXT_DATA_LENGTH];
-  /* single, null compression */
-  unsigned char comp[] = { 0x01, 0x00 };
-  struct CBC cbc;
-  sd = -1;
-  memset (&cbc, 0, sizeof (struct CBC));
-  if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
-  {
-    fprintf (stderr, MHD_E_MEM);
-    ret = -1;
-    goto cleanup;
-  }
-  cbc.size = 256;
-  sd = socket (AF_INET, SOCK_STREAM, 0);
-  if (sd == -1)
-  {
-    fprintf (stderr, "Failed to create socket: %s\n", strerror (errno));
-    free (cbc.buf);
-    return -1;
-  }
-  memset (&sa, '\0', sizeof (struct sockaddr_in));
-  sa.sin_family = AF_INET;
-  sa.sin_port = htons (port);
-  sa.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
-  enum MHD_GNUTLS_Protocol hver;
-  /* init hash functions */
-  session->internals.handshake_mac_handle_md5 =
-    MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
-  session->internals.handshake_mac_handle_sha =
-    MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
-  /* version = 2 , random = [4 for unix time + 28 for random bytes] */
-  datalen = 2 /* version */ + TLS_RANDOM_SIZE + (session_id_len + 1);
-  data = MHD_gnutls_malloc (datalen);
-  if (data == NULL)
-  {
-    free (cbc.buf);
-    return -1;
-  }
-  hver = MHD_gtls_version_max (session);
-  data[pos++] = MHD_gtls_version_get_major (hver);
-  data[pos++] = MHD_gtls_version_get_minor (hver);
-  /* Set the version we advertise as maximum (RSA uses it). */
-  set_adv_version (session, MHD_gtls_version_get_major (hver),
-                   MHD_gtls_version_get_minor (hver));
-  session->security_parameters.version = hver;
-  session->security_parameters.timestamp = time (NULL);
-  /* generate session client random */
-  memset (session->security_parameters.client_random, 0, TLS_RANDOM_SIZE);
-  gnutls_write_uint32 (time (NULL), rnd);
-  if (GC_OK != MHD_gc_nonce ((char *) &rnd[4], TLS_RANDOM_SIZE - 4))
-    abort ();
-  memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE);
-  memcpy (&data[pos], rnd, TLS_RANDOM_SIZE);
-  pos += TLS_RANDOM_SIZE;
-  /* Copy the Session ID       */
-  data[pos++] = session_id_len;
-  /*
-   * len = ciphersuite data + 2 bytes ciphersuite length \
-   *       1 byte compression length + 1 byte compression data + \
-   * 2 bytes extension length, extensions data
-   */ciphersuite_len = MHD__gnutls_copy_ciphersuites (session, extdata,
-                                                   sizeof (extdata));
-  exten_data_len = ext_count * (2 + 2 + ext_length);
-  datalen += ciphersuite_len + 2 + 2 + exten_data_len;
-  data = MHD_gtls_realloc_fast (data, datalen);
-  memcpy (&data[pos], extdata, sizeof (ciphersuite_len));
-  pos += ciphersuite_len;
-  /* set compression */
-  memcpy (&data[pos], comp, sizeof (comp));
-  pos += 2;
-  /* set extensions length = 2 type bytes + 2 length bytes + extension length */
-  gnutls_write_uint16 (exten_data_len, &data[pos]);
-  pos += 2;
-  for (i = 0; i < ext_count; ++i)
-  {
-    /* write extension type */
-    gnutls_write_uint16 (exten_t, &data[pos]);
-    pos += 2;
-    gnutls_write_uint16 (ext_length, &data[pos]);
-    pos += 2;
-    /* we might want to generate random data here */
-    memset (&data[pos], 0, ext_length);
-    pos += ext_length;
-  }
-  if (connect (sd, &sa, sizeof (struct sockaddr_in)) < 0)
-  {
-    fprintf (stderr, "%s\n", MHD_E_FAILED_TO_CONNECT);
-    ret = -1;
-    goto cleanup;
-  }
-  gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long) sd);
-  if (gen_test_file_url (url,
-                         sizeof (url),
-                         port))
-  {
-    ret = -1;
-    goto cleanup;
-  }
-  /* this should crash the server */
-  ret = gnutls_send_handshake (session, data, datalen,
-                               GNUTLS_HANDSHAKE_CLIENT_HELLO);
-  /* advance to STATE2 */
-  session->internals.handshake_state = STATE2;
-  ret = gnutls_handshake (session);
-  ret = gnutls_bye (session, GNUTLS_SHUT_WR);
-  gnutls_free (data);
-  /* make sure daemon is still functioning */
-  if (CURLE_OK != send_curl_req (url, &cbc, NULL,
-                                 MHD_GNUTLS_PROTOCOL_TLS1_2))
-  {
-    ret = -1;
-    goto cleanup;
-  }
-cleanup:
-  if (-1 != sd)
-    MHD_socket_close_chk_ (sd);
-  gnutls_free (cbc.buf);
-  return ret;
-}
-int
-main (int argc, char *const *argv)
-{
-  int i, errorCount = 0;
-  FILE *test_fd;
-  struct MHD_Daemon *d;
-  gnutls_session_t session;
-  gnutls_certificate_credentials_t xcred;
-  const int ext_arr[] = {
-    GNUTLS_EXTENSION_SERVER_NAME,
-    -1
-  };
-  uint16_t port;
-  if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
-    port = 0;
-  else
-    port = 3080;
-#ifdef MHD_HTTPS_REQUIRE_GCRYPT
-  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
-#ifdef GCRYCTL_INITIALIZATION_FINISHED
-  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-#endif
-#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
-  MHD_gtls_global_set_log_level (11);
-  if ((test_fd = setup_test_file ()) == NULL)
-  {
-    fprintf (stderr, MHD_E_TEST_FILE_CREAT);
-    return -1;
-  }
-  if (! testsuite_curl_global_init ())
-    return 99;
-  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
-                        | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
-                        | MHD_USE_ERROR_LOG, port,
-                        NULL, NULL, &http_ahc, NULL,
-                        MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
-                        MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
-                        MHD_OPTION_END);
-  if (d == NULL)
-  {
-    fprintf (stderr, "%s\n", MHD_E_SERVER_INIT);
-    return -1;
-  }
-  if (0 == port)
-  {
-    const union MHD_DaemonInfo *dinfo;
-    dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
-    if ((NULL == dinfo) || (0 == dinfo->port) )
-    {
-      MHD_stop_daemon (d); return -1;
-    }
-    port = dinfo->port;
-  }
-  i = 0;
-  setup_session (&session, &xcred);
-  errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
-  teardown_session (session, xcred);
-#if 1
-  i = 0;
-  while (ext_arr[i] != -1)
-  {
-    setup_session (&session, &xcred);
-    errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
-    teardown_session (session, xcred);
-    setup_session (&session, &xcred);
-    errorCount += test_hello_extension (session, port, ext_arr[i], 3, 8);
-    teardown_session (session, xcred);
-    /* this test specifically tests the issue raised in CVE-2008-1948 */
-    setup_session (&session, &xcred);
-    errorCount += test_hello_extension (session, port, ext_arr[i], 6, 0);
-    teardown_session (session, xcred);
-    i++;
-  }
-#endif
-  print_test_result (errorCount, argv[0]);
-  MHD_stop_daemon (d);
-  curl_global_cleanup ();
-  fclose (test_fd);
-  return (0 == errorCount) ? 0 : 1;       /* 0 == pass */
-}
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-10-06 20:12:23 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-10-10 11:54:32 +0300
commit	a781ffa5834f0ed4a496cf854d374a0e958e293f (patch)
tree	245b96982c86636d4d08be306d9f27a36be3ba7c
parent	3330f10e6242d4ef542a67e0d5af31a0251127ab (diff)
download	libmicrohttpd-a781ffa5834f0ed4a496cf854d374a0e958e293f.tar.gz libmicrohttpd-a781ffa5834f0ed4a496cf854d374a0e958e293f.zip

diff --git a/src/testcurl/https/test_tls_extensions.c b/src/testcurl/https/test_tls_extensions.c deleted file mode 100644 index 6cad17e8..00000000 --- a/src/testcurl/https/test_tls_extensions.c +++ /dev/null
@@ -1,297 +0,0 @@
1	/*
2	This file is part of libmicrohttpd
3	Copyright (C) 2007 Christian Grothoff
4
5	libmicrohttpd is free software; you can redistribute it and/or modify
6	it under the terms of the GNU General Public License as published
7	by the Free Software Foundation; either version 2, or (at your
8	option) any later version.
9
10	libmicrohttpd is distributed in the hope that it will be useful, but
11	WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13	General Public License for more details.
14
15	You should have received a copy of the GNU General Public License
16	along with libmicrohttpd; see the file COPYING. If not, write to the
17	Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18	Boston, MA 02110-1301, USA.
19	*/
20
21	/**
22	* @file tls_extension_test.c
23	* @brief: test daemon response to TLS client hello requests containing extensions
24	*
25	* @author Sagie Amir
26	*/
27
28	#include "platform.h"
29	#include "microhttpd.h"
30	#include "tls_test_common.h"
31	#include "mhd_sockets.h" /* only macros used */
32	#ifdef MHD_HTTPS_REQUIRE_GCRYPT
33	#include <gcrypt.h>
34	#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
35	#include "tls_test_keys.h"
36
37	#define MAX_EXT_DATA_LENGTH 256
38
39	/**
40	* Test daemon response to TLS client hello requests containing extensions
41	*
42	* @param session
43	* @param port
44	* @param exten_t - the type of extension being appended to client hello request
45	* @param ext_count - the number of consecutive extension replicas inserted into request
46	* @param ext_length - the length of each appended extension
47	* @return 0 on successful test completion, -1 otherwise
48	*/
49	static int
50	test_hello_extension (gnutls_session_t session, uint16_t port,
51	extensions_t exten_t,
52	int ext_count, int ext_length)
53	{
54	int i, ret = 0, pos = 0;
55	MHD_socket sd;
56	int exten_data_len, ciphersuite_len, datalen;
57	struct sockaddr_in sa;
58	char url[255];
59	opaque *data = NULL;
60	uint8_t session_id_len = 0;
61	opaque rnd[TLS_RANDOM_SIZE];
62	opaque extdata[MAX_EXT_DATA_LENGTH];
63
64	/* single, null compression */
65	unsigned char comp[] = { 0x01, 0x00 };
66	struct CBC cbc;
67
68	sd = -1;
69	memset (&cbc, 0, sizeof (struct CBC));
70	if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
71	{
72	fprintf (stderr, MHD_E_MEM);
73	ret = -1;
74	goto cleanup;
75	}
76	cbc.size = 256;
77
78	sd = socket (AF_INET, SOCK_STREAM, 0);
79	if (sd == -1)
80	{
81	fprintf (stderr, "Failed to create socket: %s\n", strerror (errno));
82	free (cbc.buf);
83	return -1;
84	}
85	memset (&sa, '\0', sizeof (struct sockaddr_in));
86	sa.sin_family = AF_INET;
87	sa.sin_port = htons (port);
88	sa.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
89
90	enum MHD_GNUTLS_Protocol hver;
91
92	/* init hash functions */
93	session->internals.handshake_mac_handle_md5 =
94	MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
95	session->internals.handshake_mac_handle_sha =
96	MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
97
98	/* version = 2 , random = [4 for unix time + 28 for random bytes] */
99	datalen = 2 /* version */ + TLS_RANDOM_SIZE + (session_id_len + 1);
100
101	data = MHD_gnutls_malloc (datalen);
102	if (data == NULL)
103	{
104	free (cbc.buf);
105	return -1;
106	}
107	hver = MHD_gtls_version_max (session);
108	data[pos++] = MHD_gtls_version_get_major (hver);
109	data[pos++] = MHD_gtls_version_get_minor (hver);
110
111	/* Set the version we advertise as maximum (RSA uses it). */
112	set_adv_version (session, MHD_gtls_version_get_major (hver),
113	MHD_gtls_version_get_minor (hver));
114
115	session->security_parameters.version = hver;
116	session->security_parameters.timestamp = time (NULL);
117
118	/* generate session client random */
119	memset (session->security_parameters.client_random, 0, TLS_RANDOM_SIZE);
120	gnutls_write_uint32 (time (NULL), rnd);
121	if (GC_OK != MHD_gc_nonce ((char *) &rnd[4], TLS_RANDOM_SIZE - 4))
122	abort ();
123	memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE);
124	memcpy (&data[pos], rnd, TLS_RANDOM_SIZE);
125	pos += TLS_RANDOM_SIZE;
126
127	/* Copy the Session ID */
128	data[pos++] = session_id_len;
129
130	/*
131	* len = ciphersuite data + 2 bytes ciphersuite length \
132	* 1 byte compression length + 1 byte compression data + \
133	* 2 bytes extension length, extensions data
134	*/ciphersuite_len = MHD__gnutls_copy_ciphersuites (session, extdata,
135	sizeof (extdata));
136	exten_data_len = ext_count * (2 + 2 + ext_length);
137	datalen += ciphersuite_len + 2 + 2 + exten_data_len;
138	data = MHD_gtls_realloc_fast (data, datalen);
139	memcpy (&data[pos], extdata, sizeof (ciphersuite_len));
140	pos += ciphersuite_len;
141
142	/* set compression */
143	memcpy (&data[pos], comp, sizeof (comp));
144	pos += 2;
145
146	/* set extensions length = 2 type bytes + 2 length bytes + extension length */
147	gnutls_write_uint16 (exten_data_len, &data[pos]);
148	pos += 2;
149	for (i = 0; i < ext_count; ++i)
150	{
151	/* write extension type */
152	gnutls_write_uint16 (exten_t, &data[pos]);
153	pos += 2;
154	gnutls_write_uint16 (ext_length, &data[pos]);
155	pos += 2;
156	/* we might want to generate random data here */
157	memset (&data[pos], 0, ext_length);
158	pos += ext_length;
159	}
160
161	if (connect (sd, &sa, sizeof (struct sockaddr_in)) < 0)
162	{
163	fprintf (stderr, "%s\n", MHD_E_FAILED_TO_CONNECT);
164	ret = -1;
165	goto cleanup;
166	}
167
168	gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long) sd);
169
170	if (gen_test_file_url (url,
171	sizeof (url),
172	port))
173	{
174	ret = -1;
175	goto cleanup;
176	}
177
178	/* this should crash the server */
179	ret = gnutls_send_handshake (session, data, datalen,
180	GNUTLS_HANDSHAKE_CLIENT_HELLO);
181
182	/* advance to STATE2 */
183	session->internals.handshake_state = STATE2;
184	ret = gnutls_handshake (session);
185	ret = gnutls_bye (session, GNUTLS_SHUT_WR);
186
187	gnutls_free (data);
188
189	/* make sure daemon is still functioning */
190	if (CURLE_OK != send_curl_req (url, &cbc, NULL,
191	MHD_GNUTLS_PROTOCOL_TLS1_2))
192	{
193	ret = -1;
194	goto cleanup;
195	}
196
197	cleanup:
198	if (-1 != sd)
199	MHD_socket_close_chk_ (sd);
200	gnutls_free (cbc.buf);
201	return ret;
202	}
203
204
205	int
206	main (int argc, char const argv)
207	{
208	int i, errorCount = 0;
209	FILE *test_fd;
210	struct MHD_Daemon *d;
211	gnutls_session_t session;
212	gnutls_certificate_credentials_t xcred;
213	const int ext_arr[] = {
214	GNUTLS_EXTENSION_SERVER_NAME,
215	-1
216	};
217	uint16_t port;
218
219	if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
220	port = 0;
221	else
222	port = 3080;
223
224	#ifdef MHD_HTTPS_REQUIRE_GCRYPT
225	gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
226	#ifdef GCRYCTL_INITIALIZATION_FINISHED
227	gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
228	#endif
229	#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
230	MHD_gtls_global_set_log_level (11);
231
232	if ((test_fd = setup_test_file ()) == NULL)
233	{
234	fprintf (stderr, MHD_E_TEST_FILE_CREAT);
235	return -1;
236	}
237
238	if (! testsuite_curl_global_init ())
239	return 99;
240
241	d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
242	\| MHD_USE_INTERNAL_POLLING_THREAD \| MHD_USE_TLS
243	\| MHD_USE_ERROR_LOG, port,
244	NULL, NULL, &http_ahc, NULL,
245	MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
246	MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
247	MHD_OPTION_END);
248
249	if (d == NULL)
250	{
251	fprintf (stderr, "%s\n", MHD_E_SERVER_INIT);
252	return -1;
253	}
254	if (0 == port)
255	{
256	const union MHD_DaemonInfo *dinfo;
257	dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
258	if ((NULL == dinfo) \|\| (0 == dinfo->port) )
259	{
260	MHD_stop_daemon (d); return -1;
261	}
262	port = dinfo->port;
263	}
264
265	i = 0;
266	setup_session (&session, &xcred);
267	errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
268	teardown_session (session, xcred);
269	#if 1
270	i = 0;
271	while (ext_arr[i] != -1)
272	{
273	setup_session (&session, &xcred);
274	errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
275	teardown_session (session, xcred);
276
277	setup_session (&session, &xcred);
278	errorCount += test_hello_extension (session, port, ext_arr[i], 3, 8);
279	teardown_session (session, xcred);
280
281	/* this test specifically tests the issue raised in CVE-2008-1948 */
282	setup_session (&session, &xcred);
283	errorCount += test_hello_extension (session, port, ext_arr[i], 6, 0);
284	teardown_session (session, xcred);
285	i++;
286	}
287	#endif
288
289	print_test_result (errorCount, argv[0]);
290
291	MHD_stop_daemon (d);
292
293	curl_global_cleanup ();
294	fclose (test_fd);
295
296	return (0 == errorCount) ? 0 : 1; /* 0 == pass */
297	}