/*
* call-seq:
* session.time=(Time) -> Time
* session.time=(integer) -> Time
*
* Sets start time of the session. Time resolution is in seconds.
*
*/
static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v)
{
SSL_SESSION *ctx;
long t;
GetSSLSession(self, ctx);
if (rb_obj_is_instance_of(time_v, rb_cTime)) {
time_v = rb_funcall(time_v, rb_intern("to_i"), 0);
}
t = NUM2LONG(time_v);
SSL_SESSION_set_time(ctx, t);
return ossl_ssl_session_get_time(self);
}
static SSL_SESSION *
ssl_session_from_file(const char *filename)
{
SSL_SESSION *sess;
FILE *f;
f = fopen(filename, "r");
if (!f)
return NULL;
sess = PEM_read_SSL_SESSION(f, NULL, NULL, NULL);
fclose(f);
/* to avoid having to regenerate the session, just bump its time */
SSL_SESSION_set_time(sess, time(NULL) - 1);
return sess;
}
static int openssl_ssl_session_time(lua_State*L)
{
SSL_SESSION* session = CHECK_OBJECT(1, SSL_SESSION, "openssl.ssl_session");
int time;
if (!lua_isnoneornil(L, 2))
{
time = lua_tointeger(L, 2);
time = SSL_SESSION_set_time(session, time);
lua_pushinteger(L, time);
return 1;
}
time = SSL_SESSION_get_time(session);
lua_pushinteger(L, time);
return 1;
}
static int test_client_hello(int currtest)
{
SSL_CTX *ctx;
SSL *con = NULL;
BIO *rbio;
BIO *wbio;
long len;
unsigned char *data;
PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0};
char *dummytick = "Hello World!";
unsigned int type = 0;
int testresult = 0;
size_t msglen;
BIO *sessbio = NULL;
SSL_SESSION *sess = NULL;
#ifdef OPENSSL_NO_TLS1_3
if (currtest == TEST_ADD_PADDING_AND_PSK)
return 1;
#endif
/*
* For each test set up an SSL_CTX and SSL and see what ClientHello gets
* produced when we try to connect
*/
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx))
goto end;
switch(currtest) {
case TEST_SET_SESSION_TICK_DATA_VER_NEG:
/* Testing for session tickets <= TLS1.2; not relevant for 1.3 */
if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)))
goto end;
break;
case TEST_ADD_PADDING_AND_PSK:
case TEST_ADD_PADDING:
case TEST_PADDING_NOT_NEEDED:
SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING);
/*
* Add lots of ciphersuites so that the ClientHello is at least
* F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be
* needed. Also add some dummy ALPN protocols in case we still don't
* have enough.
*/
if (currtest == TEST_ADD_PADDING
&& (!TEST_true(SSL_CTX_set_cipher_list(ctx, "ALL"))
|| !TEST_false(SSL_CTX_set_alpn_protos(ctx,
(unsigned char *)alpn_prots,
sizeof(alpn_prots) - 1))))
goto end;
break;
default:
goto end;
}
con = SSL_new(ctx);
if (!TEST_ptr(con))
goto end;
if (currtest == TEST_ADD_PADDING_AND_PSK) {
sessbio = BIO_new_file(sessionfile, "r");
if (!TEST_ptr(sessbio)) {
TEST_info("Unable to open session.pem");
goto end;
}
sess = PEM_read_bio_SSL_SESSION(sessbio, NULL, NULL, NULL);
if (!TEST_ptr(sess)) {
TEST_info("Unable to load SSL_SESSION");
goto end;
}
/*
* We reset the creation time so that we don't discard the session as
* too old.
*/
if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL)))
|| !TEST_true(SSL_set_session(con, sess)))
goto end;
}
rbio = BIO_new(BIO_s_mem());
wbio = BIO_new(BIO_s_mem());
if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
BIO_free(rbio);
BIO_free(wbio);
goto end;
}
SSL_set_bio(con, rbio, wbio);
SSL_set_connect_state(con);
if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
if (!TEST_true(SSL_set_session_ticket_ext(con, dummytick,
strlen(dummytick))))
goto end;
}
if (!TEST_int_le(SSL_connect(con), 0)) {
/* This shouldn't succeed because we don't have a server! */
goto end;
}
len = BIO_get_mem_data(wbio, (char **)&data);
if (!TEST_true(PACKET_buf_init(&pkt, data, len))
/* Skip the record header */
|| !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH))
goto end;
msglen = PACKET_remaining(&pkt);
/* Skip the handshake message header */
if (!TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
/* Skip client version and random */
|| !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN
+ SSL3_RANDOM_SIZE))
/* Skip session id */
|| !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
/* Skip ciphers */
|| !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2))
/* Skip compression */
|| !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
/* Extensions len */
|| !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2)))
goto end;
/* Loop through all extensions */
while (PACKET_remaining(&pkt2)) {
if (!TEST_true(PACKET_get_net_2(&pkt2, &type))
|| !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3)))
goto end;
if (type == TLSEXT_TYPE_session_ticket) {
if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
if (TEST_true(PACKET_equal(&pkt3, dummytick,
strlen(dummytick)))) {
/* Ticket data is as we expected */
testresult = 1;
}
goto end;
}
}
if (type == TLSEXT_TYPE_padding) {
if (!TEST_false(currtest == TEST_PADDING_NOT_NEEDED))
goto end;
else if (TEST_true(currtest == TEST_ADD_PADDING
|| currtest == TEST_ADD_PADDING_AND_PSK))
testresult = TEST_true(msglen == F5_WORKAROUND_MAX_MSG_LEN);
}
}
if (currtest == TEST_PADDING_NOT_NEEDED)
testresult = 1;
end:
SSL_free(con);
SSL_CTX_free(ctx);
SSL_SESSION_free(sess);
BIO_free(sessbio);
return testresult;
}
