diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-10-06 20:12:23 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-10-10 11:54:32 +0300 |
commit | a781ffa5834f0ed4a496cf854d374a0e958e293f (patch) | |
tree | 245b96982c86636d4d08be306d9f27a36be3ba7c | |
parent | 3330f10e6242d4ef542a67e0d5af31a0251127ab (diff) | |
download | libmicrohttpd-a781ffa5834f0ed4a496cf854d374a0e958e293f.tar.gz libmicrohttpd-a781ffa5834f0ed4a496cf854d374a0e958e293f.zip |
test_tls_extensions: removed unused test
The test has not been used for a long time.
The initial idea of the test was testing GnuTLS for some bugs. Let's
leave GnuTLS testing for GnuTLS test-suite.
-rw-r--r-- | src/testcurl/https/test_tls_extensions.c | 297 |
1 files changed, 0 insertions, 297 deletions
diff --git a/src/testcurl/https/test_tls_extensions.c b/src/testcurl/https/test_tls_extensions.c deleted file mode 100644 index 6cad17e8..00000000 --- a/src/testcurl/https/test_tls_extensions.c +++ /dev/null | |||
@@ -1,297 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of libmicrohttpd | ||
3 | Copyright (C) 2007 Christian Grothoff | ||
4 | |||
5 | libmicrohttpd is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 2, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | libmicrohttpd is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with libmicrohttpd; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file tls_extension_test.c | ||
23 | * @brief: test daemon response to TLS client hello requests containing extensions | ||
24 | * | ||
25 | * @author Sagie Amir | ||
26 | */ | ||
27 | |||
28 | #include "platform.h" | ||
29 | #include "microhttpd.h" | ||
30 | #include "tls_test_common.h" | ||
31 | #include "mhd_sockets.h" /* only macros used */ | ||
32 | #ifdef MHD_HTTPS_REQUIRE_GCRYPT | ||
33 | #include <gcrypt.h> | ||
34 | #endif /* MHD_HTTPS_REQUIRE_GCRYPT */ | ||
35 | #include "tls_test_keys.h" | ||
36 | |||
37 | #define MAX_EXT_DATA_LENGTH 256 | ||
38 | |||
39 | /** | ||
40 | * Test daemon response to TLS client hello requests containing extensions | ||
41 | * | ||
42 | * @param session | ||
43 | * @param port | ||
44 | * @param exten_t - the type of extension being appended to client hello request | ||
45 | * @param ext_count - the number of consecutive extension replicas inserted into request | ||
46 | * @param ext_length - the length of each appended extension | ||
47 | * @return 0 on successful test completion, -1 otherwise | ||
48 | */ | ||
49 | static int | ||
50 | test_hello_extension (gnutls_session_t session, uint16_t port, | ||
51 | extensions_t exten_t, | ||
52 | int ext_count, int ext_length) | ||
53 | { | ||
54 | int i, ret = 0, pos = 0; | ||
55 | MHD_socket sd; | ||
56 | int exten_data_len, ciphersuite_len, datalen; | ||
57 | struct sockaddr_in sa; | ||
58 | char url[255]; | ||
59 | opaque *data = NULL; | ||
60 | uint8_t session_id_len = 0; | ||
61 | opaque rnd[TLS_RANDOM_SIZE]; | ||
62 | opaque extdata[MAX_EXT_DATA_LENGTH]; | ||
63 | |||
64 | /* single, null compression */ | ||
65 | unsigned char comp[] = { 0x01, 0x00 }; | ||
66 | struct CBC cbc; | ||
67 | |||
68 | sd = -1; | ||
69 | memset (&cbc, 0, sizeof (struct CBC)); | ||
70 | if (NULL == (cbc.buf = malloc (sizeof (char) * 256))) | ||
71 | { | ||
72 | fprintf (stderr, MHD_E_MEM); | ||
73 | ret = -1; | ||
74 | goto cleanup; | ||
75 | } | ||
76 | cbc.size = 256; | ||
77 | |||
78 | sd = socket (AF_INET, SOCK_STREAM, 0); | ||
79 | if (sd == -1) | ||
80 | { | ||
81 | fprintf (stderr, "Failed to create socket: %s\n", strerror (errno)); | ||
82 | free (cbc.buf); | ||
83 | return -1; | ||
84 | } | ||
85 | memset (&sa, '\0', sizeof (struct sockaddr_in)); | ||
86 | sa.sin_family = AF_INET; | ||
87 | sa.sin_port = htons (port); | ||
88 | sa.sin_addr.s_addr = htonl (INADDR_LOOPBACK); | ||
89 | |||
90 | enum MHD_GNUTLS_Protocol hver; | ||
91 | |||
92 | /* init hash functions */ | ||
93 | session->internals.handshake_mac_handle_md5 = | ||
94 | MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); | ||
95 | session->internals.handshake_mac_handle_sha = | ||
96 | MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); | ||
97 | |||
98 | /* version = 2 , random = [4 for unix time + 28 for random bytes] */ | ||
99 | datalen = 2 /* version */ + TLS_RANDOM_SIZE + (session_id_len + 1); | ||
100 | |||
101 | data = MHD_gnutls_malloc (datalen); | ||
102 | if (data == NULL) | ||
103 | { | ||
104 | free (cbc.buf); | ||
105 | return -1; | ||
106 | } | ||
107 | hver = MHD_gtls_version_max (session); | ||
108 | data[pos++] = MHD_gtls_version_get_major (hver); | ||
109 | data[pos++] = MHD_gtls_version_get_minor (hver); | ||
110 | |||
111 | /* Set the version we advertise as maximum (RSA uses it). */ | ||
112 | set_adv_version (session, MHD_gtls_version_get_major (hver), | ||
113 | MHD_gtls_version_get_minor (hver)); | ||
114 | |||
115 | session->security_parameters.version = hver; | ||
116 | session->security_parameters.timestamp = time (NULL); | ||
117 | |||
118 | /* generate session client random */ | ||
119 | memset (session->security_parameters.client_random, 0, TLS_RANDOM_SIZE); | ||
120 | gnutls_write_uint32 (time (NULL), rnd); | ||
121 | if (GC_OK != MHD_gc_nonce ((char *) &rnd[4], TLS_RANDOM_SIZE - 4)) | ||
122 | abort (); | ||
123 | memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); | ||
124 | memcpy (&data[pos], rnd, TLS_RANDOM_SIZE); | ||
125 | pos += TLS_RANDOM_SIZE; | ||
126 | |||
127 | /* Copy the Session ID */ | ||
128 | data[pos++] = session_id_len; | ||
129 | |||
130 | /* | ||
131 | * len = ciphersuite data + 2 bytes ciphersuite length \ | ||
132 | * 1 byte compression length + 1 byte compression data + \ | ||
133 | * 2 bytes extension length, extensions data | ||
134 | */ciphersuite_len = MHD__gnutls_copy_ciphersuites (session, extdata, | ||
135 | sizeof (extdata)); | ||
136 | exten_data_len = ext_count * (2 + 2 + ext_length); | ||
137 | datalen += ciphersuite_len + 2 + 2 + exten_data_len; | ||
138 | data = MHD_gtls_realloc_fast (data, datalen); | ||
139 | memcpy (&data[pos], extdata, sizeof (ciphersuite_len)); | ||
140 | pos += ciphersuite_len; | ||
141 | |||
142 | /* set compression */ | ||
143 | memcpy (&data[pos], comp, sizeof (comp)); | ||
144 | pos += 2; | ||
145 | |||
146 | /* set extensions length = 2 type bytes + 2 length bytes + extension length */ | ||
147 | gnutls_write_uint16 (exten_data_len, &data[pos]); | ||
148 | pos += 2; | ||
149 | for (i = 0; i < ext_count; ++i) | ||
150 | { | ||
151 | /* write extension type */ | ||
152 | gnutls_write_uint16 (exten_t, &data[pos]); | ||
153 | pos += 2; | ||
154 | gnutls_write_uint16 (ext_length, &data[pos]); | ||
155 | pos += 2; | ||
156 | /* we might want to generate random data here */ | ||
157 | memset (&data[pos], 0, ext_length); | ||
158 | pos += ext_length; | ||
159 | } | ||
160 | |||
161 | if (connect (sd, &sa, sizeof (struct sockaddr_in)) < 0) | ||
162 | { | ||
163 | fprintf (stderr, "%s\n", MHD_E_FAILED_TO_CONNECT); | ||
164 | ret = -1; | ||
165 | goto cleanup; | ||
166 | } | ||
167 | |||
168 | gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long) sd); | ||
169 | |||
170 | if (gen_test_file_url (url, | ||
171 | sizeof (url), | ||
172 | port)) | ||
173 | { | ||
174 | ret = -1; | ||
175 | goto cleanup; | ||
176 | } | ||
177 | |||
178 | /* this should crash the server */ | ||
179 | ret = gnutls_send_handshake (session, data, datalen, | ||
180 | GNUTLS_HANDSHAKE_CLIENT_HELLO); | ||
181 | |||
182 | /* advance to STATE2 */ | ||
183 | session->internals.handshake_state = STATE2; | ||
184 | ret = gnutls_handshake (session); | ||
185 | ret = gnutls_bye (session, GNUTLS_SHUT_WR); | ||
186 | |||
187 | gnutls_free (data); | ||
188 | |||
189 | /* make sure daemon is still functioning */ | ||
190 | if (CURLE_OK != send_curl_req (url, &cbc, NULL, | ||
191 | MHD_GNUTLS_PROTOCOL_TLS1_2)) | ||
192 | { | ||
193 | ret = -1; | ||
194 | goto cleanup; | ||
195 | } | ||
196 | |||
197 | cleanup: | ||
198 | if (-1 != sd) | ||
199 | MHD_socket_close_chk_ (sd); | ||
200 | gnutls_free (cbc.buf); | ||
201 | return ret; | ||
202 | } | ||
203 | |||
204 | |||
205 | int | ||
206 | main (int argc, char *const *argv) | ||
207 | { | ||
208 | int i, errorCount = 0; | ||
209 | FILE *test_fd; | ||
210 | struct MHD_Daemon *d; | ||
211 | gnutls_session_t session; | ||
212 | gnutls_certificate_credentials_t xcred; | ||
213 | const int ext_arr[] = { | ||
214 | GNUTLS_EXTENSION_SERVER_NAME, | ||
215 | -1 | ||
216 | }; | ||
217 | uint16_t port; | ||
218 | |||
219 | if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT)) | ||
220 | port = 0; | ||
221 | else | ||
222 | port = 3080; | ||
223 | |||
224 | #ifdef MHD_HTTPS_REQUIRE_GCRYPT | ||
225 | gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); | ||
226 | #ifdef GCRYCTL_INITIALIZATION_FINISHED | ||
227 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); | ||
228 | #endif | ||
229 | #endif /* MHD_HTTPS_REQUIRE_GCRYPT */ | ||
230 | MHD_gtls_global_set_log_level (11); | ||
231 | |||
232 | if ((test_fd = setup_test_file ()) == NULL) | ||
233 | { | ||
234 | fprintf (stderr, MHD_E_TEST_FILE_CREAT); | ||
235 | return -1; | ||
236 | } | ||
237 | |||
238 | if (! testsuite_curl_global_init ()) | ||
239 | return 99; | ||
240 | |||
241 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | ||
242 | | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS | ||
243 | | MHD_USE_ERROR_LOG, port, | ||
244 | NULL, NULL, &http_ahc, NULL, | ||
245 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
246 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
247 | MHD_OPTION_END); | ||
248 | |||
249 | if (d == NULL) | ||
250 | { | ||
251 | fprintf (stderr, "%s\n", MHD_E_SERVER_INIT); | ||
252 | return -1; | ||
253 | } | ||
254 | if (0 == port) | ||
255 | { | ||
256 | const union MHD_DaemonInfo *dinfo; | ||
257 | dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT); | ||
258 | if ((NULL == dinfo) || (0 == dinfo->port) ) | ||
259 | { | ||
260 | MHD_stop_daemon (d); return -1; | ||
261 | } | ||
262 | port = dinfo->port; | ||
263 | } | ||
264 | |||
265 | i = 0; | ||
266 | setup_session (&session, &xcred); | ||
267 | errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16); | ||
268 | teardown_session (session, xcred); | ||
269 | #if 1 | ||
270 | i = 0; | ||
271 | while (ext_arr[i] != -1) | ||
272 | { | ||
273 | setup_session (&session, &xcred); | ||
274 | errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16); | ||
275 | teardown_session (session, xcred); | ||
276 | |||
277 | setup_session (&session, &xcred); | ||
278 | errorCount += test_hello_extension (session, port, ext_arr[i], 3, 8); | ||
279 | teardown_session (session, xcred); | ||
280 | |||
281 | /* this test specifically tests the issue raised in CVE-2008-1948 */ | ||
282 | setup_session (&session, &xcred); | ||
283 | errorCount += test_hello_extension (session, port, ext_arr[i], 6, 0); | ||
284 | teardown_session (session, xcred); | ||
285 | i++; | ||
286 | } | ||
287 | #endif | ||
288 | |||
289 | print_test_result (errorCount, argv[0]); | ||
290 | |||
291 | MHD_stop_daemon (d); | ||
292 | |||
293 | curl_global_cleanup (); | ||
294 | fclose (test_fd); | ||
295 | |||
296 | return (0 == errorCount) ? 0 : 1; /* 0 == pass */ | ||
297 | } | ||