Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / f64c373784370ad4f9f4fadf171dff8f5547097c / . / ssl / ssl_test.cc
blob: 4a1497c48e9c538ddd401a6b2c365da8344c2ebd [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]43// Windows defines struct timeval in winsock2.h.
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]52namespace bssl {
53
54namespace {
55
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]56#define TRACED_CALL(code) \
57 do { \
58 SCOPED_TRACE("<- called from here"); \
59 code; \
60 if (::testing::Test::HasFatalFailure()) { \
61 return; \
62 } \
63 } while (false)
64
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]65struct VersionParam {
66 uint16_t version;
67 enum { is_tls, is_dtls } ssl_method;
68 const char name[8];
69};
70
71static const size_t kTicketKeyLen = 48;
72
73static const VersionParam kAllVersions[] = {
74 {SSL3_VERSION, VersionParam::is_tls, "SSL3"},
75 {TLS1_VERSION, VersionParam::is_tls, "TLS1"},
76 {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"},
77 {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"},
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]78 {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"},
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]79 {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"},
80 {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"},
81};
82
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]83struct ExpectedCipher {
84 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]85 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]86};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]87
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]88struct CipherTest {
89 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]90 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]91 // The list of expected ciphers, in order.
92 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]93 // True if this cipher list should fail in strict mode.
94 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]95};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]96
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]97struct CurveTest {
98 // The rule string to apply.
99 const char *rule;
100 // The list of expected curves, in order.
101 std::vector<uint16_t> expected;
102};
103
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]104static const CipherTest kCipherTests[] = {
105 // Selecting individual ciphers should work.
106 {
107 "ECDHE-ECDSA-CHACHA20-POLY1305:"
108 "ECDHE-RSA-CHACHA20-POLY1305:"
109 "ECDHE-ECDSA-AES128-GCM-SHA256:"
110 "ECDHE-RSA-AES128-GCM-SHA256",
111 {
112 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]113 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]114 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
115 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
116 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]117 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]118 },
119 // + reorders selected ciphers to the end, keeping their relative order.
120 {
121 "ECDHE-ECDSA-CHACHA20-POLY1305:"
122 "ECDHE-RSA-CHACHA20-POLY1305:"
123 "ECDHE-ECDSA-AES128-GCM-SHA256:"
124 "ECDHE-RSA-AES128-GCM-SHA256:"
125 "+aRSA",
126 {
127 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]128 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
129 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]130 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
131 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]132 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]133 },
134 // ! banishes ciphers from future selections.
135 {
136 "!aRSA:"
137 "ECDHE-ECDSA-CHACHA20-POLY1305:"
138 "ECDHE-RSA-CHACHA20-POLY1305:"
139 "ECDHE-ECDSA-AES128-GCM-SHA256:"
140 "ECDHE-RSA-AES128-GCM-SHA256",
141 {
142 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]143 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
144 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]145 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 },
147 // Multiple masks can be ANDed in a single rule.
148 {
149 "kRSA+AESGCM+AES128",
150 {
151 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
152 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]153 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]154 },
155 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]156 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]157 // ECDHE_RSA.
158 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]159 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]160 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 "AESGCM+AES128+aRSA",
162 {
163 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]164 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
165 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]166 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]167 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]168 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]169 {
170 "ECDHE-ECDSA-CHACHA20-POLY1305:"
171 "ECDHE-RSA-CHACHA20-POLY1305:"
172 "ECDHE-ECDSA-AES128-GCM-SHA256:"
173 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]174 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]175 {
176 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]177 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]178 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
179 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
180 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]181 true,
182 },
183 // Unknown selectors are no-ops, except in strict mode.
184 {
185 "ECDHE-ECDSA-CHACHA20-POLY1305:"
186 "ECDHE-RSA-CHACHA20-POLY1305:"
187 "ECDHE-ECDSA-AES128-GCM-SHA256:"
188 "ECDHE-RSA-AES128-GCM-SHA256:"
189 "-BOGUS2:+BOGUS3:!BOGUS4",
190 {
191 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
192 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
193 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
194 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
195 },
196 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]197 },
198 // Square brackets specify equi-preference groups.
199 {
200 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
201 "[ECDHE-RSA-CHACHA20-POLY1305]:"
202 "ECDHE-RSA-AES128-GCM-SHA256",
203 {
204 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]205 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]206 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]207 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
208 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]209 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]210 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]211 // Standard names may be used instead of OpenSSL names.
212 {
213 "[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]214 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]215 "[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
216 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
217 {
218 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
219 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
220 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
221 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
222 },
223 false,
224 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]225 // @STRENGTH performs a stable strength-sort of the selected ciphers and
226 // only the selected ciphers.
227 {
228 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]229 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]230 "!AESGCM:!3DES:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]231 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]232 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]233 // Select ECDHE ones and sort them by strength. Ties should resolve
234 // based on the order above.
235 "kECDHE:@STRENGTH:-ALL:"
236 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
237 // by strength. Then RSA, backwards by strength.
238 "aRSA",
239 {
240 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
241 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]242 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]243 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
244 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
245 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]246 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]247 },
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]248 // Additional masks after @STRENGTH get silently discarded.
249 //
250 // TODO(davidben): Make this an error. If not silently discarded, they get
251 // interpreted as + opcodes which are very different.
252 {
253 "ECDHE-RSA-AES128-GCM-SHA256:"
254 "ECDHE-RSA-AES256-GCM-SHA384:"
255 "@STRENGTH+AES256",
256 {
257 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
258 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
259 },
260 false,
261 },
262 {
263 "ECDHE-RSA-AES128-GCM-SHA256:"
264 "ECDHE-RSA-AES256-GCM-SHA384:"
265 "@STRENGTH+AES256:"
266 "ECDHE-RSA-CHACHA20-POLY1305",
267 {
268 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
269 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
270 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
271 },
272 false,
273 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]274 // Exact ciphers may not be used in multi-part rules; they are treated
275 // as unknown aliases.
276 {
277 "ECDHE-ECDSA-AES128-GCM-SHA256:"
278 "ECDHE-RSA-AES128-GCM-SHA256:"
279 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
280 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
281 {
282 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
283 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
284 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]285 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]286 },
287 // SSLv3 matches everything that existed before TLS 1.2.
288 {
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]289 "AES128-SHA:ECDHE-RSA-AES128-GCM-SHA256:!SSLv3",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]290 {
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]291 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]292 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]293 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]294 },
295 // TLSv1.2 matches everything added in TLS 1.2.
296 {
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]297 "AES128-SHA:ECDHE-RSA-AES128-GCM-SHA256:!TLSv1.2",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]298 {
299 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
300 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]301 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]302 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]303 // The two directives have no intersection. But each component is valid, so
304 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]305 {
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]306 "AES128-SHA:ECDHE-RSA-AES128-GCM-SHA256:!TLSv1.2+SSLv3",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]307 {
308 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]309 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]310 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]311 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]312 },
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]313 // Spaces, semi-colons and commas are separators.
314 {
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]315 "AES128-SHA: ECDHE-RSA-AES128-GCM-SHA256 AES256-SHA ,ECDHE-ECDSA-AES128-GCM-SHA256 ; AES128-GCM-SHA256",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]316 {
317 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]318 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]319 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]320 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]321 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
322 },
323 // …but not in strict mode.
324 true,
325 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]326};
327
328static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]329 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]330 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
331 "RSA]",
332 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]333 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]334 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]335 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]336 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]337 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]338 "",
339 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]340 // COMPLEMENTOFDEFAULT is empty.
341 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]342 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]343 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]344 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]345 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
346 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
347 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
348 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]349 // Opcode supplied, but missing selector.
350 "+",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]351 // Spaces are forbidden in equal-preference groups.
352 "[AES128-SHA | AES128-SHA256]",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]353};
354
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]355static const char *kMustNotIncludeNull[] = {
356 "ALL",
357 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]358 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]359 "FIPS",
360 "SHA",
361 "SHA1",
362 "RSA",
363 "SSLv3",
364 "TLSv1",
365 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]366};
367
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]368static const CurveTest kCurveTests[] = {
369 {
370 "P-256",
371 { SSL_CURVE_SECP256R1 },
372 },
373 {
374 "P-256:P-384:P-521:X25519",
375 {
376 SSL_CURVE_SECP256R1,
377 SSL_CURVE_SECP384R1,
378 SSL_CURVE_SECP521R1,
379 SSL_CURVE_X25519,
380 },
381 },
David Benjamin6dda1662017-11-02 20:44:26 -0400[diff] [blame]382 {
383 "prime256v1:secp384r1:secp521r1:x25519",
384 {
385 SSL_CURVE_SECP256R1,
386 SSL_CURVE_SECP384R1,
387 SSL_CURVE_SECP521R1,
388 SSL_CURVE_X25519,
389 },
390 },
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]391};
392
393static const char *kBadCurvesLists[] = {
394 "",
395 ":",
396 "::",
397 "P-256::X25519",
398 "RSA:P-256",
399 "P-256:RSA",
400 "X25519:P-256:",
401 ":X25519:P-256",
402};
403
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]404static std::string CipherListToString(SSL_CTX *ctx) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]405 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]406 std::string ret;
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]407 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
408 for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
409 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
410 if (!in_group && SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]411 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]412 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]413 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]414 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]415 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]416 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]417 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]418 ret += SSL_CIPHER_get_name(cipher);
419 ret += "\n";
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]420 if (in_group && !SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]421 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]422 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]423 }
424 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]425 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]426}
427
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]428static bool CipherListsEqual(SSL_CTX *ctx,
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]429 const std::vector<ExpectedCipher> &expected) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]430 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
431 if (sk_SSL_CIPHER_num(ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]432 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]433 }
434
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]435 for (size_t i = 0; i < expected.size(); i++) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]436 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]437 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]438 expected[i].in_group_flag != !!SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]439 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]440 }
441 }
442
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]443 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]444}
445
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]446TEST(SSLTest, CipherRules) {
447 for (const CipherTest &t : kCipherTests) {
448 SCOPED_TRACE(t.rule);
449 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
450 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]451
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]452 // Test lax mode.
453 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]454 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]455 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]456 << CipherListToString(ctx.get());
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]457
458 // Test strict mode.
459 if (t.strict_fail) {
460 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
461 } else {
462 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]463 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]464 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]465 << CipherListToString(ctx.get());
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]466 }
467 }
468
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]469 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]470 SCOPED_TRACE(rule);
471 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
472 ASSERT_TRUE(ctx);
473
474 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]475 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]476 }
477
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]478 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]479 SCOPED_TRACE(rule);
480 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
481 ASSERT_TRUE(ctx);
482
483 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]484 for (const SSL_CIPHER *cipher : SSL_CTX_get_ciphers(ctx.get())) {
David Benjamine3bb51c2017-08-22 23:16:02 -0700[diff] [blame]485 EXPECT_NE(NID_undef, SSL_CIPHER_get_cipher_nid(cipher));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]486 }
487 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]488}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]489
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]490TEST(SSLTest, CurveRules) {
491 for (const CurveTest &t : kCurveTests) {
492 SCOPED_TRACE(t.rule);
493 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
494 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]495
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]496 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
497 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
498 for (size_t i = 0; i < t.expected.size(); i++) {
499 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]500 }
501 }
502
503 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]504 SCOPED_TRACE(rule);
505 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
506 ASSERT_TRUE(ctx);
507
508 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]509 ERR_clear_error();
510 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]511}
512
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]513// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]514static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]515 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]516 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
517 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
518 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
519 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
520 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
521 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
522 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
523 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
524 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
525 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
526 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
527 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
528 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
529 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
530 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
531 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
532 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
533 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
534 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
535 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
536 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
537 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
538 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
539 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
540 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
541 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
542 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
543 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
544 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]545 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]546
547// kCustomSession is a custom serialized SSL_SESSION generated by
548// filling in missing fields from |kOpenSSLSession|. This includes
549// providing |peer_sha256|, so |peer| is not serialized.
550static const char kCustomSession[] =
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]551 "MIIBZAIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]552 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]553 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUqAcEBXdvcmxkqQUCAwGJwKqBpwSB"
554 "pBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38"
555 "VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd"
556 "3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hg"
557 "b+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYGBgYGBgYGBgYGBgYGBgYGBgYG"
558 "BgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]559
560// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
561static const char kBoringSSLSession[] =
562 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
563 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
564 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
565 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
566 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
567 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
568 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
569 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
570 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
571 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
572 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
573 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
574 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
575 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
576 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
577 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
578 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
579 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
580 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
581 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
582 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
583 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
584 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
585 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
586 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
587 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
588 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
589 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
590 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
591 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
592 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
593 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
594 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
595 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
596 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
597 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
598 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
599 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
600 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
601 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
602 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
603 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
604 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
605 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
606 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
607 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
608 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
609 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
610 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
611 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
612 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
613 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
614 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
615 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
616 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
617 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
618 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
619 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
620 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
621 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
622 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
623 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
624 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
625 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
626 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
627 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
628 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
629 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
630 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
631 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
632 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
633 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
634 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
635 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
636 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
637 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
638 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
639 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
640 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
641 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
642 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
643 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
644 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
645 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
646 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
647 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
648 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
649 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
650 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
651 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
652 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
653 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
654 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
655 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
656 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
657
658// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
659// the final (optional) element of |kCustomSession| with tag number 30.
660static const char kBadSessionExtraField[] =
661 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
662 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
663 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
664 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
665 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
666 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
667 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
668 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
669
670// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
671// the version of |kCustomSession| with 2.
672static const char kBadSessionVersion[] =
673 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
674 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
675 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
676 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
677 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
678 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
679 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
680 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
681
682// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
683// appended.
684static const char kBadSessionTrailingData[] =
685 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
686 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
687 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
688 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
689 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
690 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
691 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
692 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
693
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]695 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]696 if (!EVP_DecodedLength(&len, strlen(in))) {
697 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 }
700
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]701 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]702 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]703 strlen(in))) {
704 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]705 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]707 out->resize(len);
708 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]709}
710
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]711static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]712 const uint8_t *cptr;
713 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Decode the input.
716 std::vector<uint8_t> input;
717 if (!DecodeBase64(&input, input_b64)) {
718 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]719 }
720
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]722 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
723 if (!ssl_ctx) {
724 return false;
725 }
726 bssl::UniquePtr<SSL_SESSION> session(
727 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]728 if (!session) {
729 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]730 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]731 }
732
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]733 // Verify the SSL_SESSION encoding round-trips.
734 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]735 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]736 uint8_t *encoded_raw;
737 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]738 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]740 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]741 encoded.reset(encoded_raw);
742 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]743 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]744 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]745 hexdump(stderr, "Before: ", input.data(), input.size());
746 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]748 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]749
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]750 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]751 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]752 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]753 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]754 fprintf(stderr, "d2i_SSL_SESSION failed\n");
755 return false;
756 }
757
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]758 // Verify the SSL_SESSION encoding round-trips via the legacy API.
759 int len = i2d_SSL_SESSION(session.get(), NULL);
760 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]761 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]762 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]763 }
764
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]765 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
766 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]767 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]770
771 ptr = encoded.get();
772 len = i2d_SSL_SESSION(session.get(), &ptr);
773 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]774 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]775 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]776 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]777 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]778 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]779 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]780 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]781 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]782 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]783 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]784 }
785
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]786 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]787}
788
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]789static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
790 std::vector<uint8_t> input;
791 if (!DecodeBase64(&input, input_b64)) {
792 return false;
793 }
794
795 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]796 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
797 if (!ssl_ctx) {
798 return false;
799 }
800 bssl::UniquePtr<SSL_SESSION> session(
801 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]802 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]803 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]804 return false;
805 }
806 ERR_clear_error();
807 return true;
808}
809
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]810static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
811 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]812 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]813 ASSERT_TRUE(ctx);
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]814 EXPECT_EQ(min_version, ctx->conf_min_version);
815 EXPECT_EQ(max_version, ctx->conf_max_version);
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]816}
817
818TEST(SSLTest, DefaultVersion) {
819 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
820 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
821 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
822 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
823 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
824 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
825 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
826 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]827}
828
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]829TEST(SSLTest, CipherProperties) {
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]830 static const struct {
831 int id;
832 const char *standard_name;
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]833 int cipher_nid;
834 int digest_nid;
835 int kx_nid;
836 int auth_nid;
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]837 int prf_nid;
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]838 } kTests[] = {
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]839 {
840 SSL3_CK_RSA_DES_192_CBC3_SHA,
841 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
842 NID_des_ede3_cbc,
843 NID_sha1,
844 NID_kx_rsa,
845 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]846 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]847 },
848 {
849 TLS1_CK_RSA_WITH_AES_128_SHA,
850 "TLS_RSA_WITH_AES_128_CBC_SHA",
851 NID_aes_128_cbc,
852 NID_sha1,
853 NID_kx_rsa,
854 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]855 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]856 },
857 {
858 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
859 "TLS_PSK_WITH_AES_256_CBC_SHA",
860 NID_aes_256_cbc,
861 NID_sha1,
862 NID_kx_psk,
863 NID_auth_psk,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]864 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]865 },
866 {
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]867 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
868 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]869 NID_aes_128_cbc,
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]870 NID_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]871 NID_kx_ecdhe,
872 NID_auth_rsa,
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]873 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]874 },
875 {
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]876 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
877 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]878 NID_aes_256_cbc,
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]879 NID_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]880 NID_kx_ecdhe,
881 NID_auth_rsa,
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]882 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]883 },
884 {
885 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
886 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
887 NID_aes_128_gcm,
888 NID_undef,
889 NID_kx_ecdhe,
890 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]891 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]892 },
893 {
894 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
895 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
896 NID_aes_128_gcm,
897 NID_undef,
898 NID_kx_ecdhe,
899 NID_auth_ecdsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]900 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]901 },
902 {
903 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
904 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
905 NID_aes_256_gcm,
906 NID_undef,
907 NID_kx_ecdhe,
908 NID_auth_ecdsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]909 NID_sha384,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]910 },
911 {
912 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
913 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
914 NID_aes_128_cbc,
915 NID_sha1,
916 NID_kx_ecdhe,
917 NID_auth_psk,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]918 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]919 },
920 {
921 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
922 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
923 NID_chacha20_poly1305,
924 NID_undef,
925 NID_kx_ecdhe,
926 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]927 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]928 },
929 {
930 TLS1_CK_AES_256_GCM_SHA384,
931 "TLS_AES_256_GCM_SHA384",
932 NID_aes_256_gcm,
933 NID_undef,
934 NID_kx_any,
935 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]936 NID_sha384,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]937 },
938 {
939 TLS1_CK_AES_128_GCM_SHA256,
940 "TLS_AES_128_GCM_SHA256",
941 NID_aes_128_gcm,
942 NID_undef,
943 NID_kx_any,
944 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]945 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]946 },
947 {
948 TLS1_CK_CHACHA20_POLY1305_SHA256,
949 "TLS_CHACHA20_POLY1305_SHA256",
950 NID_chacha20_poly1305,
951 NID_undef,
952 NID_kx_any,
953 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]954 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]955 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]956 };
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]957
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]958 for (const auto &t : kTests) {
959 SCOPED_TRACE(t.standard_name);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]960
961 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
962 ASSERT_TRUE(cipher);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]963 EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));
964
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]965 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
966 ASSERT_TRUE(rfc_name);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]967 EXPECT_STREQ(t.standard_name, rfc_name.get());
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]968
969 EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher));
970 EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher));
971 EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher));
972 EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher));
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]973 EXPECT_EQ(t.prf_nid, SSL_CIPHER_get_prf_nid(cipher));
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]974 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]975}
976
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]977// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
978// version and ticket length or nullptr on failure.
979static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
980 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]981 std::vector<uint8_t> der;
982 if (!DecodeBase64(&der, kOpenSSLSession)) {
983 return nullptr;
984 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]985
986 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
987 if (!ssl_ctx) {
988 return nullptr;
989 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]990 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]991 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]992 if (!session) {
993 return nullptr;
994 }
995
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]996 session->ssl_version = version;
997
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]998 // Swap out the ticket for a garbage one.
999 OPENSSL_free(session->tlsext_tick);
1000 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
1001 if (session->tlsext_tick == nullptr) {
1002 return nullptr;
1003 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1004 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1005 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]1006
1007 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]1008#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
1009 session->time = 1234;
1010#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]1011 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]1012#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1013 return session;
1014}
1015
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1016static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1018 if (!bio) {
1019 return false;
1020 }
1021 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]1022 BIO_up_ref(bio.get());
1023 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1024 int ret = SSL_connect(ssl);
1025 if (ret > 0) {
1026 // SSL_connect should fail without a BIO to write to.
1027 return false;
1028 }
1029 ERR_clear_error();
1030
1031 const uint8_t *client_hello;
1032 size_t client_hello_len;
1033 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
1034 return false;
1035 }
1036 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
1037 return true;
1038}
1039
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1040// GetClientHelloLen creates a client SSL connection with the specified version
1041// and ticket length. It returns the length of the ClientHello, not including
1042// the record header, on success and zero on error.
1043static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
1044 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1045 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1046 bssl::UniquePtr<SSL_SESSION> session =
1047 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1048 if (!ctx || !session) {
1049 return 0;
1050 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1051
1052 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1053 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1054 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]1055 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1056 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1057 return 0;
1058 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1059
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1060 std::vector<uint8_t> client_hello;
1061 if (!GetClientHello(ssl.get(), &client_hello) ||
1062 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1063 return 0;
1064 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1065
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1066 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1067}
1068
1069struct PaddingTest {
1070 size_t input_len, padded_len;
1071};
1072
1073static const PaddingTest kPaddingTests[] = {
1074 // ClientHellos of length below 0x100 do not require padding.
1075 {0xfe, 0xfe},
1076 {0xff, 0xff},
1077 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
1078 {0x100, 0x200},
1079 {0x123, 0x200},
1080 {0x1fb, 0x200},
1081 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
1082 // padding extension takes a minimum of four bytes plus one required content
1083 // byte. (To work around yet more server bugs, we avoid empty final
1084 // extensions.)
1085 {0x1fc, 0x201},
1086 {0x1fd, 0x202},
1087 {0x1fe, 0x203},
1088 {0x1ff, 0x204},
1089 // Finally, larger ClientHellos need no padding.
1090 {0x200, 0x200},
1091 {0x201, 0x201},
1092};
1093
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1094static bool TestPaddingExtension(uint16_t max_version,
1095 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1096 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1097 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1098 if (base_len == 0) {
1099 return false;
1100 }
1101
1102 for (const PaddingTest &test : kPaddingTests) {
1103 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1104 fprintf(stderr,
1105 "Baseline ClientHello too long (max_version = %04x, "
1106 "session_version = %04x).\n",
1107 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1108 return false;
1109 }
1110
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1111 size_t padded_len = GetClientHelloLen(max_version, session_version,
1112 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1113 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1114 fprintf(stderr,
1115 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1116 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1117 static_cast<unsigned>(test.input_len),
1118 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1119 static_cast<unsigned>(test.padded_len), max_version,
1120 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1121 return false;
1122 }
1123 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1124
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1125 return true;
1126}
1127
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1128static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1129 static const char kCertPEM[] =
1130 "-----BEGIN CERTIFICATE-----\n"
1131 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1132 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1133 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1134 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1135 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1136 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1137 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1138 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1139 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1140 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1141 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1142 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1143 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1144 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1145 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1146 return bssl::UniquePtr<X509>(
1147 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1148}
1149
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1150static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1151 static const char kKeyPEM[] =
1152 "-----BEGIN RSA PRIVATE KEY-----\n"
1153 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1154 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1155 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1156 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1157 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1158 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1159 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1160 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1161 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1162 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1163 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1164 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1165 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1166 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1167 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1168 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1169 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1170}
1171
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1172static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1173 static const char kCertPEM[] =
1174 "-----BEGIN CERTIFICATE-----\n"
1175 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1176 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1177 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1178 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1179 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1180 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1181 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1182 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1183 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1184 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1185 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1186 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1187 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1188}
1189
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1190static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1191 static const char kKeyPEM[] =
1192 "-----BEGIN PRIVATE KEY-----\n"
1193 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1194 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1195 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1196 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1198 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1199 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1200}
1201
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1202static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1203 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1204 char *name, *header;
1205 uint8_t *data;
1206 long data_len;
1207 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1208 &data_len)) {
1209 return nullptr;
1210 }
1211 OPENSSL_free(name);
1212 OPENSSL_free(header);
1213
1214 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1215 CRYPTO_BUFFER_new(data, data_len, nullptr));
1216 OPENSSL_free(data);
1217 return ret;
1218}
1219
1220static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1221 static const char kCertPEM[] =
1222 "-----BEGIN CERTIFICATE-----\n"
1223 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1224 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1225 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1226 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1227 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1228 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1229 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1230 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1231 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1232 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1233 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1234 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1235 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1236 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1237 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1238 "1ngWZ7Ih\n"
1239 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1240 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1241}
1242
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1243static bssl::UniquePtr<X509> X509FromBuffer(
1244 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1245 if (!buffer) {
1246 return nullptr;
1247 }
1248 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1249 return bssl::UniquePtr<X509>(
1250 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1251}
1252
1253static bssl::UniquePtr<X509> GetChainTestCertificate() {
1254 return X509FromBuffer(GetChainTestCertificateBuffer());
1255}
1256
1257static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1258 static const char kCertPEM[] =
1259 "-----BEGIN CERTIFICATE-----\n"
1260 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1261 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1262 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1263 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1264 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1265 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1266 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1267 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1268 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1269 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1270 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1271 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1272 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1273 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1274 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1275 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1276 return BufferFromPEM(kCertPEM);
1277}
1278
1279static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1280 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1281}
1282
1283static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1284 static const char kKeyPEM[] =
1285 "-----BEGIN PRIVATE KEY-----\n"
1286 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1287 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1288 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1289 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1290 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1291 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1292 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1293 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1294 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1295 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1296 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1297 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1298 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1299 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1300 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1301 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1302 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1303 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1304 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1305 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1306 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1307 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1308 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1309 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1310 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1311 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1312 "-----END PRIVATE KEY-----\n";
1313 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1314 return bssl::UniquePtr<EVP_PKEY>(
1315 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1316}
1317
David Benjaminc79ae7a2017-08-29 16:09:44 -0400[diff] [blame]1318// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1319// before configuring as a server.
1320TEST(SSLTest, ClientCAList) {
1321 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1322 ASSERT_TRUE(ctx);
1323 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1324 ASSERT_TRUE(ssl);
1325
1326 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1327 ASSERT_TRUE(name);
1328
1329 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
1330 ASSERT_TRUE(name_dup);
1331
1332 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
1333 ASSERT_TRUE(stack);
1334
1335 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
1336 name_dup.release();
1337
1338 // |SSL_set_client_CA_list| takes ownership.
1339 SSL_set_client_CA_list(ssl.get(), stack.release());
1340
1341 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1342 ASSERT_TRUE(result);
1343 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1344 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
1345}
1346
1347TEST(SSLTest, AddClientCA) {
1348 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1349 ASSERT_TRUE(ctx);
1350 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1351 ASSERT_TRUE(ssl);
1352
1353 bssl::UniquePtr<X509> cert1 = GetTestCertificate();
1354 bssl::UniquePtr<X509> cert2 = GetChainTestCertificate();
1355 ASSERT_TRUE(cert1 && cert2);
1356 X509_NAME *name1 = X509_get_subject_name(cert1.get());
1357 X509_NAME *name2 = X509_get_subject_name(cert2.get());
1358
1359 EXPECT_EQ(0u, sk_X509_NAME_num(SSL_get_client_CA_list(ssl.get())));
1360
1361 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert1.get()));
1362 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert2.get()));
1363
1364 STACK_OF(X509_NAME) *list = SSL_get_client_CA_list(ssl.get());
1365 ASSERT_EQ(2u, sk_X509_NAME_num(list));
1366 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 0), name1));
1367 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 1), name2));
1368
1369 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert1.get()));
1370
1371 list = SSL_get_client_CA_list(ssl.get());
1372 ASSERT_EQ(3u, sk_X509_NAME_num(list));
1373 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 0), name1));
1374 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 1), name2));
1375 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 2), name1));
1376}
1377
1378static void AppendSession(SSL_SESSION *session, void *arg) {
1379 std::vector<SSL_SESSION*> *out =
1380 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1381 out->push_back(session);
1382}
1383
1384// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
1385// order.
1386static bool CacheEquals(SSL_CTX *ctx,
1387 const std::vector<SSL_SESSION*> &expected) {
1388 // Check the linked list.
1389 SSL_SESSION *ptr = ctx->session_cache_head;
1390 for (SSL_SESSION *session : expected) {
1391 if (ptr != session) {
1392 return false;
1393 }
1394 // TODO(davidben): This is an absurd way to denote the end of the list.
1395 if (ptr->next ==
1396 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1397 ptr = nullptr;
1398 } else {
1399 ptr = ptr->next;
1400 }
1401 }
1402 if (ptr != nullptr) {
1403 return false;
1404 }
1405
1406 // Check the hash table.
1407 std::vector<SSL_SESSION*> actual, expected_copy;
David Benjamin9eaa3bd2017-09-27 17:03:54 -0400[diff] [blame]1408 lh_SSL_SESSION_doall_arg(ctx->sessions, AppendSession, &actual);
David Benjaminc79ae7a2017-08-29 16:09:44 -0400[diff] [blame]1409 expected_copy = expected;
1410
1411 std::sort(actual.begin(), actual.end());
1412 std::sort(expected_copy.begin(), expected_copy.end());
1413
1414 return actual == expected_copy;
1415}
1416
1417static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
1418 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1419 if (!ssl_ctx) {
1420 return nullptr;
1421 }
1422 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
1423 if (!ret) {
1424 return nullptr;
1425 }
1426
1427 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
1428 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1429 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
1430 return ret;
1431}
1432
1433// Test that the internal session cache behaves as expected.
1434TEST(SSLTest, InternalSessionCache) {
1435 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1436 ASSERT_TRUE(ctx);
1437
1438 // Prepare 10 test sessions.
1439 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
1440 for (int i = 0; i < 10; i++) {
1441 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
1442 ASSERT_TRUE(session);
1443 sessions.push_back(std::move(session));
1444 }
1445
1446 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1447
1448 // Insert all the test sessions.
1449 for (const auto &session : sessions) {
1450 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
1451 }
1452
1453 // Only the last five should be in the list.
1454 ASSERT_TRUE(CacheEquals(
1455 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1456 sessions[6].get(), sessions[5].get()}));
1457
1458 // Inserting an element already in the cache should fail and leave the cache
1459 // unchanged.
1460 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1461 ASSERT_TRUE(CacheEquals(
1462 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1463 sessions[6].get(), sessions[5].get()}));
1464
1465 // Although collisions should be impossible (256-bit session IDs), the cache
1466 // must handle them gracefully.
1467 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
1468 ASSERT_TRUE(collision);
1469 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1470 ASSERT_TRUE(CacheEquals(
1471 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1472 sessions[6].get(), sessions[5].get()}));
1473
1474 // Removing sessions behaves correctly.
1475 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1476 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1477 sessions[8].get(), sessions[5].get()}));
1478
1479 // Removing sessions requires an exact match.
1480 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1481 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
1482
1483 // The cache remains unchanged.
1484 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1485 sessions[8].get(), sessions[5].get()}));
1486}
1487
1488static uint16_t EpochFromSequence(uint64_t seq) {
1489 return static_cast<uint16_t>(seq >> 48);
1490}
1491
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]1492static const uint8_t kTestName[] = {
1493 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
1494 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1495 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
1496 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
1497 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
1498 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64,
1499};
1500
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1501static bool CompleteHandshakes(SSL *client, SSL *server) {
1502 // Drive both their handshakes to completion.
1503 for (;;) {
1504 int client_ret = SSL_do_handshake(client);
1505 int client_err = SSL_get_error(client, client_ret);
1506 if (client_err != SSL_ERROR_NONE &&
1507 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1508 client_err != SSL_ERROR_WANT_WRITE &&
1509 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1510 fprintf(stderr, "Client error: %d\n", client_err);
1511 return false;
1512 }
1513
1514 int server_ret = SSL_do_handshake(server);
1515 int server_err = SSL_get_error(server, server_ret);
1516 if (server_err != SSL_ERROR_NONE &&
1517 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1518 server_err != SSL_ERROR_WANT_WRITE &&
1519 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1520 fprintf(stderr, "Server error: %d\n", server_err);
1521 return false;
1522 }
1523
1524 if (client_ret == 1 && server_ret == 1) {
1525 break;
1526 }
1527 }
1528
1529 return true;
1530}
1531
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1532struct ClientConfig {
1533 SSL_SESSION *session = nullptr;
1534 std::string servername;
1535};
1536
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1537static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1538 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1539 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame]1540 const ClientConfig &config = ClientConfig(),
Matthew Braithwaiteb7bc80a2018-04-13 15:51:30 -0700[diff] [blame]1541 bool do_handshake = true,
1542 bool shed_handshake_config = true) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1543 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1544 if (!client || !server) {
1545 return false;
1546 }
1547 SSL_set_connect_state(client.get());
1548 SSL_set_accept_state(server.get());
1549
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1550 if (config.session) {
1551 SSL_set_session(client.get(), config.session);
1552 }
1553 if (!config.servername.empty() &&
1554 !SSL_set_tlsext_host_name(client.get(), config.servername.c_str())) {
1555 return false;
1556 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1557
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1558 BIO *bio1, *bio2;
1559 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1560 return false;
1561 }
1562 // SSL_set_bio takes ownership.
1563 SSL_set_bio(client.get(), bio1, bio1);
1564 SSL_set_bio(server.get(), bio2, bio2);
1565
Matthew Braithwaiteb7bc80a2018-04-13 15:51:30 -0700[diff] [blame]1566 SSL_set_shed_handshake_config(client.get(), shed_handshake_config);
1567 SSL_set_shed_handshake_config(server.get(), shed_handshake_config);
1568
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame]1569 if (do_handshake && !CompleteHandshakes(client.get(), server.get())) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1570 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1571 }
1572
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1573 *out_client = std::move(client);
1574 *out_server = std::move(server);
1575 return true;
1576}
1577
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]1578// SSLVersionTest executes its test cases under all available protocol versions.
1579// Test cases call |Connect| to create a connection using context objects with
1580// the protocol version fixed to the current version under test.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1581class SSLVersionTest : public ::testing::TestWithParam<VersionParam> {
1582 protected:
1583 SSLVersionTest() : cert_(GetTestCertificate()), key_(GetTestKey()) {}
1584
1585 void SetUp() { ResetContexts(); }
1586
1587 bssl::UniquePtr<SSL_CTX> CreateContext() const {
1588 const SSL_METHOD *method = is_dtls() ? DTLS_method() : TLS_method();
1589 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1590 if (!ctx || !SSL_CTX_set_min_proto_version(ctx.get(), version()) ||
1591 !SSL_CTX_set_max_proto_version(ctx.get(), version())) {
1592 return nullptr;
1593 }
1594 return ctx;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1595 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1596
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1597 void ResetContexts() {
1598 ASSERT_TRUE(cert_);
1599 ASSERT_TRUE(key_);
1600 client_ctx_ = CreateContext();
1601 ASSERT_TRUE(client_ctx_);
1602 server_ctx_ = CreateContext();
1603 ASSERT_TRUE(server_ctx_);
1604 // Set up a server cert. Client certs can be set up explicitly.
1605 ASSERT_TRUE(UseCertAndKey(server_ctx_.get()));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1606 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1607
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1608 bool UseCertAndKey(SSL_CTX *ctx) const {
1609 return SSL_CTX_use_certificate(ctx, cert_.get()) &&
1610 SSL_CTX_use_PrivateKey(ctx, key_.get());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1611 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1612
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1613 bool Connect(const ClientConfig &config = ClientConfig()) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1614 return ConnectClientAndServer(&client_, &server_, client_ctx_.get(),
Matthew Braithwaiteb7bc80a2018-04-13 15:51:30 -0700[diff] [blame]1615 server_ctx_.get(), config, true,
1616 shed_handshake_config_);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1617 }
1618
1619 uint16_t version() const { return GetParam().version; }
1620
1621 bool is_dtls() const {
1622 return GetParam().ssl_method == VersionParam::is_dtls;
1623 }
1624
Matthew Braithwaiteb7bc80a2018-04-13 15:51:30 -0700[diff] [blame]1625 bool shed_handshake_config_ = true;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1626 bssl::UniquePtr<SSL> client_, server_;
1627 bssl::UniquePtr<SSL_CTX> server_ctx_, client_ctx_;
1628 bssl::UniquePtr<X509> cert_;
1629 bssl::UniquePtr<EVP_PKEY> key_;
1630};
1631
1632INSTANTIATE_TEST_CASE_P(WithVersion, SSLVersionTest,
1633 testing::ValuesIn(kAllVersions),
1634 [](const testing::TestParamInfo<VersionParam> &i) {
1635 return i.param.name;
1636 });
1637
1638TEST_P(SSLVersionTest, SequenceNumber) {
1639 ASSERT_TRUE(Connect());
1640
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1641 // Drain any post-handshake messages to ensure there are no unread records
1642 // on either end.
1643 uint8_t byte = 0;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1644 ASSERT_LE(SSL_read(client_.get(), &byte, 1), 0);
1645 ASSERT_LE(SSL_read(server_.get(), &byte, 1), 0);
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1646
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1647 uint64_t client_read_seq = SSL_get_read_sequence(client_.get());
1648 uint64_t client_write_seq = SSL_get_write_sequence(client_.get());
1649 uint64_t server_read_seq = SSL_get_read_sequence(server_.get());
1650 uint64_t server_write_seq = SSL_get_write_sequence(server_.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1651
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1652 if (is_dtls()) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1653 // Both client and server must be at epoch 1.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1654 EXPECT_EQ(EpochFromSequence(client_read_seq), 1);
1655 EXPECT_EQ(EpochFromSequence(client_write_seq), 1);
1656 EXPECT_EQ(EpochFromSequence(server_read_seq), 1);
1657 EXPECT_EQ(EpochFromSequence(server_write_seq), 1);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1658
1659 // The next record to be written should exceed the largest received.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1660 EXPECT_GT(client_write_seq, server_read_seq);
1661 EXPECT_GT(server_write_seq, client_read_seq);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1662 } else {
1663 // The next record to be written should equal the next to be received.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1664 EXPECT_EQ(client_write_seq, server_read_seq);
1665 EXPECT_EQ(server_write_seq, client_read_seq);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1666 }
1667
1668 // Send a record from client to server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1669 EXPECT_EQ(SSL_write(client_.get(), &byte, 1), 1);
1670 EXPECT_EQ(SSL_read(server_.get(), &byte, 1), 1);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1671
1672 // The client write and server read sequence numbers should have
1673 // incremented.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1674 EXPECT_EQ(client_write_seq + 1, SSL_get_write_sequence(client_.get()));
1675 EXPECT_EQ(server_read_seq + 1, SSL_get_read_sequence(server_.get()));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1676}
1677
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1678TEST_P(SSLVersionTest, OneSidedShutdown) {
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1679 // SSL_shutdown is a no-op in DTLS.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1680 if (is_dtls()) {
1681 return;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1682 }
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1683 ASSERT_TRUE(Connect());
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1684
1685 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1686 // one side has shut down.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1687 ASSERT_EQ(SSL_shutdown(client_.get()), 0);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1688
1689 // Reading from the server should consume the EOF.
1690 uint8_t byte;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1691 ASSERT_EQ(SSL_read(server_.get(), &byte, 1), 0);
1692 ASSERT_EQ(SSL_get_error(server_.get(), 0), SSL_ERROR_ZERO_RETURN);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1693
1694 // However, the server may continue to write data and then shut down the
1695 // connection.
1696 byte = 42;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1697 ASSERT_EQ(SSL_write(server_.get(), &byte, 1), 1);
1698 ASSERT_EQ(SSL_read(client_.get(), &byte, 1), 1);
1699 ASSERT_EQ(byte, 42);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1700
1701 // The server may then shutdown the connection.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1702 EXPECT_EQ(SSL_shutdown(server_.get()), 1);
1703 EXPECT_EQ(SSL_shutdown(client_.get()), 1);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1704}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1705
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1706TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1707 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1708 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1709 ASSERT_TRUE(client_ctx);
1710 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1711
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1712 bssl::UniquePtr<X509> cert = GetTestCertificate();
1713 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1714 ASSERT_TRUE(cert);
1715 ASSERT_TRUE(key);
1716 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1717 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1718
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1719 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1720 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1721 server_ctx.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1722
1723 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjamin31b0c9b2017-07-20 14:49:15 -0400[diff] [blame]1724 bssl::UniquePtr<SSL_SESSION> session1 =
1725 bssl::SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1726 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1727
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1728 session1->not_resumable = 0;
1729
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1730 uint8_t *s0_bytes, *s1_bytes;
1731 size_t s0_len, s1_len;
1732
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1733 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1734 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1735
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1736 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1737 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1738
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1739 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1740}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1741
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1742static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]1743 EXPECT_EQ(rfd, SSL_get_fd(ssl));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1744 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1745 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1746
1747 // The wrapper BIOs are always equal when fds are equal, even if set
1748 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1749 if (rfd == wfd) {
1750 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1751 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1752}
1753
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1754TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1755 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1756 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1757
1758 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1759 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1760 ASSERT_TRUE(ssl);
1761 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1762 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1763 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1764
1765 // Test setting the same FD.
1766 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1767 ASSERT_TRUE(ssl);
1768 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1769 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1770
1771 // Test setting the same FD one side at a time.
1772 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1773 ASSERT_TRUE(ssl);
1774 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1775 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1776 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1777
1778 // Test setting the same FD in the other order.
1779 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1780 ASSERT_TRUE(ssl);
1781 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1782 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1783 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1784
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1785 // Test changing the read FD partway through.
1786 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1787 ASSERT_TRUE(ssl);
1788 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1789 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1790 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1791
1792 // Test changing the write FD partway through.
1793 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1794 ASSERT_TRUE(ssl);
1795 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1796 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1797 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1798
1799 // Test a no-op change to the read FD partway through.
1800 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1801 ASSERT_TRUE(ssl);
1802 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1803 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1804 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1805
1806 // Test a no-op change to the write FD partway through.
1807 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1808 ASSERT_TRUE(ssl);
1809 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1810 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1811 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1812
1813 // ASan builds will implicitly test that the internal |BIO| reference-counting
1814 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1815}
1816
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1817TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1818 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1819 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1820
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1821 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1822 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1823 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1824 ASSERT_TRUE(ssl);
1825 ASSERT_TRUE(bio1);
1826 ASSERT_TRUE(bio2);
1827 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1828
1829 // SSL_set_bio takes one reference when the parameters are the same.
1830 BIO_up_ref(bio1.get());
1831 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1832
1833 // Repeating the call does nothing.
1834 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1835
1836 // It takes one reference each when the parameters are different.
1837 BIO_up_ref(bio2.get());
1838 BIO_up_ref(bio3.get());
1839 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1840
1841 // Repeating the call does nothing.
1842 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1843
1844 // It takes one reference when changing only wbio.
1845 BIO_up_ref(bio1.get());
1846 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1847
1848 // It takes one reference when changing only rbio and the two are different.
1849 BIO_up_ref(bio3.get());
1850 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1851
1852 // If setting wbio to rbio, it takes no additional references.
1853 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1854
1855 // From there, wbio may be switched to something else.
1856 BIO_up_ref(bio1.get());
1857 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1858
1859 // If setting rbio to wbio, it takes no additional references.
1860 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1861
1862 // From there, rbio may be switched to something else, but, for historical
1863 // reasons, it takes a reference to both parameters.
1864 BIO_up_ref(bio1.get());
1865 BIO_up_ref(bio2.get());
1866 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1867
1868 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1869 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1870}
1871
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1872static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1873
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1874TEST_P(SSLVersionTest, GetPeerCertificate) {
1875 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1876
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1877 // Configure both client and server to accept any certificate.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1878 SSL_CTX_set_verify(client_ctx_.get(),
1879 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1880 nullptr);
1881 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
1882 SSL_CTX_set_verify(server_ctx_.get(),
1883 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1884 nullptr);
1885 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1886
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1887 ASSERT_TRUE(Connect());
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1888
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1889 // Client and server should both see the leaf certificate.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1890 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1891 ASSERT_TRUE(peer);
1892 ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1893
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1894 peer.reset(SSL_get_peer_certificate(client_.get()));
1895 ASSERT_TRUE(peer);
1896 ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1897
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1898 // However, for historical reasons, the X509 chain includes the leaf on the
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1899 // client, but does not on the server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1900 EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(client_.get())), 1u);
1901 EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client_.get())),
1902 1u);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1903
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1904 EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(server_.get())), 0u);
1905 EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server_.get())),
1906 1u);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1907}
1908
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1909TEST_P(SSLVersionTest, NoPeerCertificate) {
1910 SSL_CTX_set_verify(server_ctx_.get(), SSL_VERIFY_PEER, nullptr);
1911 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
1912 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1913
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1914 ASSERT_TRUE(Connect());
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1915
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1916 // Server should not see a peer certificate.
1917 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1918 ASSERT_FALSE(peer);
1919 ASSERT_FALSE(SSL_get0_peer_certificates(server_.get()));
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1920}
1921
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1922TEST_P(SSLVersionTest, RetainOnlySHA256OfCerts) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1923 uint8_t *cert_der = NULL;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1924 int cert_der_len = i2d_X509(cert_.get(), &cert_der);
1925 ASSERT_GE(cert_der_len, 0);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1926 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1927
1928 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1929 SHA256(cert_der, cert_der_len, cert_sha256);
1930
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1931 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
1932
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1933 // Configure both client and server to accept any certificate, but the
1934 // server must retain only the SHA-256 of the peer.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1935 SSL_CTX_set_verify(client_ctx_.get(),
1936 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1937 nullptr);
1938 SSL_CTX_set_verify(server_ctx_.get(),
1939 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1940 nullptr);
1941 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
1942 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
1943 SSL_CTX_set_retain_only_sha256_of_client_certs(server_ctx_.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1944
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1945 ASSERT_TRUE(Connect());
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1946
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1947 // The peer certificate has been dropped.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1948 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1949 EXPECT_FALSE(peer);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1950
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1951 SSL_SESSION *session = SSL_get_session(server_.get());
1952 EXPECT_TRUE(session->peer_sha256_valid);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1953
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1954 EXPECT_EQ(Bytes(cert_sha256), Bytes(session->peer_sha256));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1955}
1956
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1957// Tests that our ClientHellos do not change unexpectedly. These are purely
1958// change detection tests. If they fail as part of an intentional ClientHello
1959// change, update the test vector.
1960TEST(SSLTest, ClientHello) {
1961 struct {
1962 uint16_t max_version;
1963 std::vector<uint8_t> expected;
1964 } kTests[] = {
1965 {SSL3_VERSION,
1966 {0x16, 0x03, 0x00, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x37, 0x03, 0x00,
1967 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1968 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1969 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1970 0x00, 0x10, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00,
1971 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00}},
1972 {TLS1_VERSION,
1973 {0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00, 0x56, 0x03, 0x01, 0x00,
1974 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1975 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1976 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09,
1977 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1978 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1979 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1980 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}},
1981 {TLS1_1_VERSION,
1982 {0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00, 0x56, 0x03, 0x02, 0x00,
1983 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1984 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1985 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09,
1986 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1987 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1988 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1989 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}},
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1990 {TLS1_2_VERSION,
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]1991 {0x16, 0x03, 0x01, 0x00, 0x82, 0x01, 0x00, 0x00, 0x7e, 0x03, 0x03, 0x00,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1992 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1993 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]1994 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0xcc, 0xa9,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1995 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xc0, 0x09,
David Benjamin6e678ee2018-04-16 19:54:42 -0400[diff] [blame]1996 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
1997 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1998 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1999 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
2000 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
2001 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
2002 0x17, 0x00, 0x18}},
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]2003 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
2004 // implementation has settled enough that it won't change.
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2005 };
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]2006
2007 for (const auto &t : kTests) {
2008 SCOPED_TRACE(t.max_version);
2009
2010 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2011 ASSERT_TRUE(ctx);
2012 // Our default cipher list varies by CPU capabilities, so manually place the
2013 // ChaCha20 ciphers in front.
2014 const char *cipher_list = "CHACHA20:ALL";
2015 // SSLv3 is off by default.
2016 ASSERT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
2017 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), t.max_version));
2018 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list));
2019
2020 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
2021 ASSERT_TRUE(ssl);
2022 std::vector<uint8_t> client_hello;
2023 ASSERT_TRUE(GetClientHello(ssl.get(), &client_hello));
2024
2025 // Zero the client_random.
2026 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
2027 1 + 3 + // handshake message header
2028 2; // client_version
2029 ASSERT_GE(client_hello.size(), kRandomOffset + SSL3_RANDOM_SIZE);
2030 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
2031
2032 if (client_hello != t.expected) {
2033 ADD_FAILURE() << "ClientHellos did not match.";
2034 // Print the value manually so it is easier to update the test vector.
2035 for (size_t i = 0; i < client_hello.size(); i += 12) {
2036 printf(" %c", i == 0 ? '{' : ' ');
2037 for (size_t j = i; j < client_hello.size() && j < i + 12; j++) {
2038 if (j > i) {
2039 printf(" ");
2040 }
2041 printf("0x%02x", client_hello[j]);
2042 if (j < client_hello.size() - 1) {
2043 printf(",");
2044 }
2045 }
2046 if (i + 12 >= client_hello.size()) {
2047 printf("}}");
2048 }
2049 printf("\n");
2050 }
2051 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2052 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2053}
2054
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2055static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2056
2057static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2058 // Save the most recent session.
2059 g_last_session.reset(session);
2060 return 1;
2061}
2062
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2063static bssl::UniquePtr<SSL_SESSION> CreateClientSession(
2064 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2065 const ClientConfig &config = ClientConfig()) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2066 g_last_session = nullptr;
2067 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2068
2069 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2070 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2071 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2072 config)) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2073 fprintf(stderr, "Failed to connect client and server.\n");
2074 return nullptr;
2075 }
2076
2077 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2078 SSL_read(client.get(), nullptr, 0);
2079
2080 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2081
2082 if (!g_last_session) {
2083 fprintf(stderr, "Client did not receive a session.\n");
2084 return nullptr;
2085 }
2086 return std::move(g_last_session);
2087}
2088
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2089static void ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2090 SSL_SESSION *session, bool want_reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2091 bssl::UniquePtr<SSL> client, server;
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2092 ClientConfig config;
2093 config.session = session;
2094 EXPECT_TRUE(
2095 ConnectClientAndServer(&client, &server, client_ctx, server_ctx, config));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2096
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2097 EXPECT_EQ(SSL_session_reused(client.get()), SSL_session_reused(server.get()));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2098
2099 bool was_reused = !!SSL_session_reused(client.get());
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2100 EXPECT_EQ(was_reused, want_reused);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2101}
2102
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2103static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2104 SSL_CTX *server_ctx,
2105 SSL_SESSION *session) {
2106 g_last_session = nullptr;
2107 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2108
2109 bssl::UniquePtr<SSL> client, server;
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2110 ClientConfig config;
2111 config.session = session;
2112 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2113 config)) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2114 fprintf(stderr, "Failed to connect client and server.\n");
2115 return nullptr;
2116 }
2117
2118 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2119 fprintf(stderr, "Client and server were inconsistent.\n");
2120 return nullptr;
2121 }
2122
2123 if (!SSL_session_reused(client.get())) {
2124 fprintf(stderr, "Session was not reused.\n");
2125 return nullptr;
2126 }
2127
2128 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2129 SSL_read(client.get(), nullptr, 0);
2130
2131 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2132
2133 if (!g_last_session) {
2134 fprintf(stderr, "Client did not receive a renewed session.\n");
2135 return nullptr;
2136 }
2137 return std::move(g_last_session);
2138}
2139
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2140static void ExpectTicketKeyChanged(SSL_CTX *ctx, uint8_t *inout_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2141 bool changed) {
2142 uint8_t new_key[kTicketKeyLen];
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2143 // May return 0, 1 or 48.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2144 ASSERT_EQ(SSL_CTX_get_tlsext_ticket_keys(ctx, new_key, kTicketKeyLen), 1);
2145 if (changed) {
2146 ASSERT_NE(Bytes(inout_key, kTicketKeyLen), Bytes(new_key));
2147 } else {
2148 ASSERT_EQ(Bytes(inout_key, kTicketKeyLen), Bytes(new_key));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2149 }
2150 OPENSSL_memcpy(inout_key, new_key, kTicketKeyLen);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2151}
2152
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2153static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2154 static const uint8_t kContext[] = {3};
2155
2156 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2157 return SSL_TLSEXT_ERR_ALERT_FATAL;
2158 }
2159
2160 return SSL_TLSEXT_ERR_OK;
2161}
2162
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2163TEST_P(SSLVersionTest, SessionIDContext) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2164 static const uint8_t kContext1[] = {1};
2165 static const uint8_t kContext2[] = {2};
2166
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2167 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1,
2168 sizeof(kContext1)));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2169
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2170 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2171 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2172
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2173 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2174 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2175 ASSERT_TRUE(session);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2176
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2177 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2178 session.get(),
2179 true /* expect session reused */));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2180
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2181 // Change the session ID context.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2182 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext2,
2183 sizeof(kContext2)));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2184
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2185 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2186 session.get(),
2187 false /* expect session not reused */));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2188
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2189 // Change the session ID context back and install an SNI callback to switch
2190 // it.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2191 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1,
2192 sizeof(kContext1)));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2193
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2194 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(),
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2195 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2196
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2197 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2198 session.get(),
2199 false /* expect session not reused */));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2200
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2201 // Switch the session ID context with the early callback instead.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2202 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2203 SSL_CTX_set_select_certificate_cb(
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2204 server_ctx_.get(),
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2205 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2206 static const uint8_t kContext[] = {3};
2207
2208 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2209 sizeof(kContext))) {
2210 return ssl_select_cert_error;
2211 }
2212
2213 return ssl_select_cert_success;
2214 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2215
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2216 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2217 session.get(),
2218 false /* expect session not reused */));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2219}
2220
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2221static timeval g_current_time;
2222
2223static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2224 *out_clock = g_current_time;
2225}
2226
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2227static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2228 out_clock->tv_sec = 1000;
2229 out_clock->tv_usec = 0;
2230}
2231
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2232static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2233 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2234 int encrypt) {
2235 static const uint8_t kZeros[16] = {0};
2236
2237 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2238 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2239 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2240 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2241 return 0;
2242 }
2243
2244 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2245 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2246 return -1;
2247 }
2248
2249 // Returning two from the callback in decrypt mode renews the
2250 // session in TLS 1.2 and below.
2251 return encrypt ? 1 : 2;
2252}
2253
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2254static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2255 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2256 return false;
2257 }
2258
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2259 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2260 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2261 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2262
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2263#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2264 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2265 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2266#else
2267 static const uint8_t kZeros[16] = {0};
2268 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2269 bssl::ScopedEVP_CIPHER_CTX ctx;
2270 int len1, len2;
2271 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2272 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2273 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2274 return false;
2275 }
2276
2277 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2278#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2279
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2280 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2281 if (!ssl_ctx) {
2282 return false;
2283 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2284 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2285 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2286 if (!server_session) {
2287 return false;
2288 }
2289
2290 *out = server_session->time;
2291 return true;
2292}
2293
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2294TEST_P(SSLVersionTest, SessionTimeout) {
2295 for (bool server_test : {false, true}) {
2296 SCOPED_TRACE(server_test);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2297
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2298 ResetContexts();
2299 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2300 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
2301
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2302 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2303 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2304
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2305 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2306 // resumptions still perform ECDHE.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2307 const time_t timeout = version() == TLS1_3_VERSION
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2308 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2309 : SSL_DEFAULT_SESSION_TIMEOUT;
2310
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2311 // Both client and server must enforce session timeouts. We configure the
2312 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2313 if (server_test) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2314 SSL_CTX_set_current_time_cb(client_ctx_.get(), FrozenTimeCallback);
2315 SSL_CTX_set_current_time_cb(server_ctx_.get(), CurrentTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2316 } else {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2317 SSL_CTX_set_current_time_cb(client_ctx_.get(), CurrentTimeCallback);
2318 SSL_CTX_set_current_time_cb(server_ctx_.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2319 }
2320
2321 // Configure a ticket callback which renews tickets.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2322 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx_.get(), RenewTicketCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2323
2324 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2325 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2326 ASSERT_TRUE(session);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2327
2328 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2329 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2330
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2331 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2332 session.get(),
2333 true /* expect session reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2334
2335 // Advance the clock one more second.
2336 g_current_time.tv_sec++;
2337
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2338 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2339 session.get(),
2340 false /* expect session not reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2341
2342 // Rewind the clock to before the session was minted.
2343 g_current_time.tv_sec = kStartTime - 1;
2344
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2345 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2346 session.get(),
2347 false /* expect session not reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2348
2349 // SSL 3.0 cannot renew sessions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2350 if (version() == SSL3_VERSION) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2351 continue;
2352 }
2353
2354 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2355 time_t new_start_time = kStartTime + timeout - 10;
2356 g_current_time.tv_sec = new_start_time;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2357 bssl::UniquePtr<SSL_SESSION> new_session = ExpectSessionRenewed(
2358 client_ctx_.get(), server_ctx_.get(), session.get());
2359 ASSERT_TRUE(new_session);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2360
2361 // This new session is not the same object as before.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2362 EXPECT_NE(session.get(), new_session.get());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2363
2364 // Check the sessions have timestamps measured from issuance.
2365 long session_time = 0;
2366 if (server_test) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2367 ASSERT_TRUE(GetServerTicketTime(&session_time, new_session.get()));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2368 } else {
2369 session_time = new_session->time;
2370 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2371
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2372 ASSERT_EQ(session_time, g_current_time.tv_sec);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2373
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2374 if (version() == TLS1_3_VERSION) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2375 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2376 // lifetime TLS 1.3.
2377 g_current_time.tv_sec = new_start_time + timeout - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2378 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2379 new_session.get(),
2380 true /* expect session reused */));
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2381
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2382 // The new session expires after the new timeout.
2383 g_current_time.tv_sec = new_start_time + timeout + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2384 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2385 new_session.get(),
2386 false /* expect session ot reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2387
2388 // Renew the session until it begins just past the auth timeout.
2389 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2390 while (new_start_time < auth_end_time - 1000) {
2391 // Get as close as possible to target start time.
2392 new_start_time =
2393 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2394 g_current_time.tv_sec = new_start_time;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2395 new_session = ExpectSessionRenewed(client_ctx_.get(), server_ctx_.get(),
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2396 new_session.get());
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2397 ASSERT_TRUE(new_session);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2398 }
2399
2400 // Now the session's lifetime is bound by the auth timeout.
2401 g_current_time.tv_sec = auth_end_time - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2402 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2403 new_session.get(),
2404 true /* expect session reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2405
2406 g_current_time.tv_sec = auth_end_time + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2407 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2408 new_session.get(),
2409 false /* expect session ot reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2410 } else {
2411 // The new session is usable just before the old expiration.
2412 g_current_time.tv_sec = kStartTime + timeout - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2413 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2414 new_session.get(),
2415 true /* expect session reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2416
2417 // Renewal does not extend the lifetime, so it is not usable beyond the
2418 // old expiration.
2419 g_current_time.tv_sec = kStartTime + timeout + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2420 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2421 new_session.get(),
2422 false /* expect session not reused */));
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2423 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2424 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2425}
2426
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2427TEST_P(SSLVersionTest, DefaultTicketKeyInitialization) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2428 static const uint8_t kZeroKey[kTicketKeyLen] = {};
2429 uint8_t ticket_key[kTicketKeyLen];
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2430 ASSERT_EQ(1, SSL_CTX_get_tlsext_ticket_keys(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2431 kTicketKeyLen));
2432 ASSERT_NE(0, OPENSSL_memcmp(ticket_key, kZeroKey, kTicketKeyLen));
2433}
2434
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2435TEST_P(SSLVersionTest, DefaultTicketKeyRotation) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2436 if (GetParam().version == SSL3_VERSION) {
2437 return;
2438 }
2439
2440 static const time_t kStartTime = 1001;
2441 g_current_time.tv_sec = kStartTime;
2442 uint8_t ticket_key[kTicketKeyLen];
2443
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2444 // We use session reuse as a proxy for ticket decryption success, hence
2445 // disable session timeouts.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2446 SSL_CTX_set_timeout(server_ctx_.get(), std::numeric_limits<uint32_t>::max());
2447 SSL_CTX_set_session_psk_dhe_timeout(server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2448 std::numeric_limits<uint32_t>::max());
2449
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2450 SSL_CTX_set_current_time_cb(client_ctx_.get(), FrozenTimeCallback);
2451 SSL_CTX_set_current_time_cb(server_ctx_.get(), CurrentTimeCallback);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2452
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2453 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2454 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_OFF);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2455
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2456 // Initialize ticket_key with the current key.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2457 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2458 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2459
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2460 // Verify ticket resumption actually works.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2461 bssl::UniquePtr<SSL> client, server;
2462 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2463 CreateClientSession(client_ctx_.get(), server_ctx_.get());
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2464 ASSERT_TRUE(session);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2465 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2466 session.get(), true /* reused */));
2467
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2468 // Advance time to just before key rotation.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2469 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2470 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2471 session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2472 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2473 false /* NOT changed */));
2474
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2475 // Force key rotation.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2476 g_current_time.tv_sec += 1;
2477 bssl::UniquePtr<SSL_SESSION> new_session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2478 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2479 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2480 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2481
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2482 // Resumption with both old and new ticket should work.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2483 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2484 session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2485 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2486 new_session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2487 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2488 false /* NOT changed */));
2489
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2490 // Force key rotation again. Resumption with the old ticket now fails.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2491 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2492 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2493 session.get(), false /* NOT reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2494 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2495 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2496
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2497 // But resumption with the newer session still works.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2498 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2499 new_session.get(), true /* reused */));
2500}
2501
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2502static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2503 SSL_CTX *ctx = reinterpret_cast<SSL_CTX *>(arg);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2504 SSL_set_SSL_CTX(ssl, ctx);
2505 return SSL_TLSEXT_ERR_OK;
2506}
2507
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2508TEST_P(SSLVersionTest, SNICallback) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2509 // SSL 3.0 lacks extensions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2510 if (version() == SSL3_VERSION) {
2511 return;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2512 }
2513
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2514 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2515 ASSERT_TRUE(cert2);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2516 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2517 ASSERT_TRUE(key2);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2518
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2519 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2520 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2521
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2522 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2523 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2524
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2525 bssl::UniquePtr<SSL_CTX> server_ctx2 = CreateContext();
2526 ASSERT_TRUE(server_ctx2);
2527 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()));
2528 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()));
2529 ASSERT_TRUE(SSL_CTX_set_signed_cert_timestamp_list(
2530 server_ctx2.get(), kSCTList, sizeof(kSCTList)));
2531 ASSERT_TRUE(SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2532 sizeof(kOCSPResponse)));
2533 // Historically signing preferences would be lost in some cases with the
2534 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2535 // this doesn't happen when |version| is TLS 1.2, configure the private
2536 // key to only sign SHA-256.
2537 ASSERT_TRUE(SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
2538 &kECDSAWithSHA256, 1));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2539
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2540 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), SwitchContext);
2541 SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2542
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2543 SSL_CTX_enable_signed_cert_timestamps(client_ctx_.get());
2544 SSL_CTX_enable_ocsp_stapling(client_ctx_.get());
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2545
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2546 ASSERT_TRUE(Connect());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2547
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2548 // The client should have received |cert2|.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2549 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client_.get()));
2550 ASSERT_TRUE(peer);
2551 EXPECT_EQ(X509_cmp(peer.get(), cert2.get()), 0);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2552
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2553 // The client should have received |server_ctx2|'s SCT list.
2554 const uint8_t *data;
2555 size_t len;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2556 SSL_get0_signed_cert_timestamp_list(client_.get(), &data, &len);
2557 EXPECT_EQ(Bytes(kSCTList), Bytes(data, len));
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2558
2559 // The client should have received |server_ctx2|'s OCSP response.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2560 SSL_get0_ocsp_response(client_.get(), &data, &len);
2561 EXPECT_EQ(Bytes(kOCSPResponse), Bytes(data, len));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2562}
2563
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2564// Test that the early callback can swap the maximum version.
2565TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2566 bssl::UniquePtr<X509> cert = GetTestCertificate();
2567 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2568 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2569 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2570 ASSERT_TRUE(cert);
2571 ASSERT_TRUE(key);
2572 ASSERT_TRUE(server_ctx);
2573 ASSERT_TRUE(client_ctx);
2574 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2575 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2576 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2577 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2578
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2579 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2580 server_ctx.get(),
2581 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2582 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2583 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2584 }
2585
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2586 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2587 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2588
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2589 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2590 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2591 server_ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2592 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2593}
2594
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2595TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2596 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2597 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2598
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2599 // Set valid TLS versions.
2600 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2601 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2602 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2603 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2604
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2605 // Invalid TLS versions are rejected.
2606 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2607 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2608 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2609 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2610 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2611 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2612
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2613 // Zero is the default version.
2614 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2615 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2616 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2617 EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2618
2619 // SSL 3.0 and TLS 1.3 are available, but not by default.
2620 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2621 EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2622 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2623 EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2624
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2625 // TLS1_3_DRAFT_VERSION is not an API-level version.
Steven Valdez64cc1212017-12-04 11:15:37 -0500[diff] [blame]2626 EXPECT_FALSE(
Steven Valdez7e5dd252018-01-22 15:20:31 -0500[diff] [blame]2627 SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT23_VERSION));
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2628 ERR_clear_error();
2629
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2630 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2631 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2632
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2633 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2634 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2635 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2636 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2637
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2638 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2639 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2640 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2641 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2642 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2643 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2644 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2645 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2646
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2647 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2648 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2649 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2650 EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2651}
2652
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2653static const char *GetVersionName(uint16_t version) {
2654 switch (version) {
2655 case SSL3_VERSION:
2656 return "SSLv3";
2657 case TLS1_VERSION:
2658 return "TLSv1";
2659 case TLS1_1_VERSION:
2660 return "TLSv1.1";
2661 case TLS1_2_VERSION:
2662 return "TLSv1.2";
2663 case TLS1_3_VERSION:
2664 return "TLSv1.3";
2665 case DTLS1_VERSION:
2666 return "DTLSv1";
2667 case DTLS1_2_VERSION:
2668 return "DTLSv1.2";
2669 default:
2670 return "???";
2671 }
2672}
2673
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2674TEST_P(SSLVersionTest, Version) {
2675 ASSERT_TRUE(Connect());
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2676
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2677 EXPECT_EQ(SSL_version(client_.get()), version());
2678 EXPECT_EQ(SSL_version(server_.get()), version());
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2679
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2680 // Test the version name is reported as expected.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2681 const char *version_name = GetVersionName(version());
2682 EXPECT_EQ(strcmp(version_name, SSL_get_version(client_.get())), 0);
2683 EXPECT_EQ(strcmp(version_name, SSL_get_version(server_.get())), 0);
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2684
2685 // Test SSL_SESSION reports the same name.
2686 const char *client_name =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2687 SSL_SESSION_get_version(SSL_get_session(client_.get()));
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2688 const char *server_name =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2689 SSL_SESSION_get_version(SSL_get_session(server_.get()));
2690 EXPECT_EQ(strcmp(version_name, client_name), 0);
2691 EXPECT_EQ(strcmp(version_name, server_name), 0);
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2692}
2693
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2694// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2695// selection callback.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2696TEST_P(SSLVersionTest, ALPNCipherAvailable) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2697 // SSL 3.0 lacks extensions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2698 if (version() == SSL3_VERSION) {
2699 return;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2700 }
2701
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2702 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2703
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2704 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2705 ASSERT_EQ(SSL_CTX_set_alpn_protos(client_ctx_.get(), kALPNProtos,
2706 sizeof(kALPNProtos)),
2707 0);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2708
2709 // The ALPN callback does not fail the handshake on error, so have the
2710 // callback write a boolean.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2711 std::pair<uint16_t, bool> callback_state(version(), false);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2712 SSL_CTX_set_alpn_select_cb(
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2713 server_ctx_.get(),
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2714 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2715 unsigned in_len, void *arg) -> int {
2716 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2717 if (SSL_get_pending_cipher(ssl) != nullptr &&
2718 SSL_version(ssl) == state->first) {
2719 state->second = true;
2720 }
2721 return SSL_TLSEXT_ERR_NOACK;
2722 },
2723 &callback_state);
2724
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2725 ASSERT_TRUE(Connect());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2726
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2727 ASSERT_TRUE(callback_state.second);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2728}
2729
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2730TEST_P(SSLVersionTest, SSLClearSessionResumption) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2731 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2732 // API pattern.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2733 if (version() == TLS1_3_VERSION) {
2734 return;
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2735 }
2736
Matthew Braithwaiteb7bc80a2018-04-13 15:51:30 -0700[diff] [blame]2737 shed_handshake_config_ = false;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2738 ASSERT_TRUE(Connect());
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2739
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2740 EXPECT_FALSE(SSL_session_reused(client_.get()));
2741 EXPECT_FALSE(SSL_session_reused(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2742
2743 // Reset everything.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2744 ASSERT_TRUE(SSL_clear(client_.get()));
2745 ASSERT_TRUE(SSL_clear(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2746
2747 // Attempt to connect a second time.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2748 ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2749
2750 // |SSL_clear| should implicitly offer the previous session to the server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2751 EXPECT_TRUE(SSL_session_reused(client_.get()));
2752 EXPECT_TRUE(SSL_session_reused(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2753}
2754
Matthew Braithwaiteb7bc80a2018-04-13 15:51:30 -0700[diff] [blame]2755TEST_P(SSLVersionTest, SSLClearFailsWithShedding) {
2756 shed_handshake_config_ = false;
2757 ASSERT_TRUE(Connect());
2758 ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get()));
2759
2760 // Reset everything.
2761 ASSERT_TRUE(SSL_clear(client_.get()));
2762 ASSERT_TRUE(SSL_clear(server_.get()));
2763
2764 // Now enable shedding, and connect a second time.
2765 shed_handshake_config_ = true;
2766 ASSERT_TRUE(Connect());
2767 ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get()));
2768
2769 // |SSL_clear| should now fail.
2770 ASSERT_FALSE(SSL_clear(client_.get()));
2771 ASSERT_FALSE(SSL_clear(server_.get()));
2772}
2773
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2774static bool ChainsEqual(STACK_OF(X509) * chain,
2775 const std::vector<X509 *> &expected) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2776 if (sk_X509_num(chain) != expected.size()) {
2777 return false;
2778 }
2779
2780 for (size_t i = 0; i < expected.size(); i++) {
2781 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2782 return false;
2783 }
2784 }
2785
2786 return true;
2787}
2788
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2789TEST_P(SSLVersionTest, AutoChain) {
2790 cert_ = GetChainTestCertificate();
2791 ASSERT_TRUE(cert_);
2792 key_ = GetChainTestKey();
2793 ASSERT_TRUE(key_);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2794 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2795 ASSERT_TRUE(intermediate);
2796
2797 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2798 ASSERT_TRUE(UseCertAndKey(server_ctx_.get()));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2799
2800 // Configure both client and server to accept any certificate. Add
2801 // |intermediate| to the cert store.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2802 ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(client_ctx_.get()),
2803 intermediate.get()));
2804 ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(server_ctx_.get()),
2805 intermediate.get()));
2806 SSL_CTX_set_verify(client_ctx_.get(),
2807 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2808 nullptr);
2809 SSL_CTX_set_verify(server_ctx_.get(),
2810 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2811 nullptr);
2812 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
2813 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2814
2815 // By default, the client and server should each only send the leaf.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2816 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2817
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2818 EXPECT_TRUE(
2819 ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()), {cert_.get()}));
2820 EXPECT_TRUE(
2821 ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()), {cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2822
2823 // If auto-chaining is enabled, then the intermediate is sent.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2824 SSL_CTX_clear_mode(client_ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
2825 SSL_CTX_clear_mode(server_ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
2826 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2827
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2828 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()),
2829 {cert_.get(), intermediate.get()}));
2830 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()),
2831 {cert_.get(), intermediate.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2832
2833 // Auto-chaining does not override explicitly-configured intermediates.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2834 ASSERT_TRUE(SSL_CTX_add1_chain_cert(client_ctx_.get(), cert_.get()));
2835 ASSERT_TRUE(SSL_CTX_add1_chain_cert(server_ctx_.get(), cert_.get()));
2836 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2837
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2838 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()),
2839 {cert_.get(), cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2840
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2841 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()),
2842 {cert_.get(), cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2843}
2844
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2845static bool ExpectBadWriteRetry() {
2846 int err = ERR_get_error();
2847 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2848 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2849 char buf[ERR_ERROR_STRING_BUF_LEN];
2850 ERR_error_string_n(err, buf, sizeof(buf));
2851 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2852 return false;
2853 }
2854
2855 if (ERR_peek_error() != 0) {
2856 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2857 return false;
2858 }
2859
2860 return true;
2861}
2862
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2863TEST_P(SSLVersionTest, SSLWriteRetry) {
2864 if (is_dtls()) {
2865 return;
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2866 }
2867
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2868 for (bool enable_partial_write : {false, true}) {
2869 SCOPED_TRACE(enable_partial_write);
2870
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2871 // Connect a client and server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2872 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2873
2874 ASSERT_TRUE(Connect());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2875
2876 if (enable_partial_write) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2877 SSL_set_mode(client_.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2878 }
2879
2880 // Write without reading until the buffer is full and we have an unfinished
2881 // write. Keep a count so we may reread it again later. "hello!" will be
2882 // written in two chunks, "hello" and "!".
2883 char data[] = "hello!";
2884 static const int kChunkLen = 5; // The length of "hello".
2885 unsigned count = 0;
2886 for (;;) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2887 int ret = SSL_write(client_.get(), data, kChunkLen);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2888 if (ret <= 0) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2889 ASSERT_EQ(SSL_get_error(client_.get(), ret), SSL_ERROR_WANT_WRITE);
2890 break;
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2891 }
2892
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2893 ASSERT_EQ(ret, 5);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2894
2895 count++;
2896 }
2897
2898 // Retrying with the same parameters is legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2899 ASSERT_EQ(
2900 SSL_get_error(client_.get(), SSL_write(client_.get(), data, kChunkLen)),
2901 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2902
2903 // Retrying with the same buffer but shorter length is not legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2904 ASSERT_EQ(SSL_get_error(client_.get(),
2905 SSL_write(client_.get(), data, kChunkLen - 1)),
2906 SSL_ERROR_SSL);
2907 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2908
2909 // Retrying with a different buffer pointer is not legal.
2910 char data2[] = "hello";
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2911 ASSERT_EQ(SSL_get_error(client_.get(),
2912 SSL_write(client_.get(), data2, kChunkLen)),
2913 SSL_ERROR_SSL);
2914 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2915
2916 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2917 SSL_set_mode(client_.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2918 ASSERT_EQ(SSL_get_error(client_.get(),
2919 SSL_write(client_.get(), data2, kChunkLen)),
2920 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2921
2922 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2923 ASSERT_EQ(SSL_get_error(client_.get(),
2924 SSL_write(client_.get(), data2, kChunkLen - 1)),
2925 SSL_ERROR_SSL);
2926 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2927
2928 // Retrying with a larger buffer is legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2929 ASSERT_EQ(SSL_get_error(client_.get(),
2930 SSL_write(client_.get(), data, kChunkLen + 1)),
2931 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2932
2933 // Drain the buffer.
2934 char buf[20];
2935 for (unsigned i = 0; i < count; i++) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2936 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), kChunkLen);
2937 ASSERT_EQ(OPENSSL_memcmp(buf, "hello", kChunkLen), 0);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2938 }
2939
2940 // Now that there is space, a retry with a larger buffer should flush the
2941 // pending record, skip over that many bytes of input (on assumption they
2942 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
2943 // is set, this will complete in two steps.
2944 char data3[] = "_____!";
2945 if (enable_partial_write) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2946 ASSERT_EQ(SSL_write(client_.get(), data3, kChunkLen + 1), kChunkLen);
2947 ASSERT_EQ(SSL_write(client_.get(), data3 + kChunkLen, 1), 1);
2948 } else {
2949 ASSERT_EQ(SSL_write(client_.get(), data3, kChunkLen + 1), kChunkLen + 1);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2950 }
2951
2952 // Check the last write was correct. The data will be spread over two
2953 // records, so SSL_read returns twice.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2954 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), kChunkLen);
2955 ASSERT_EQ(OPENSSL_memcmp(buf, "hello", kChunkLen), 0);
2956 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), 1);
2957 ASSERT_EQ(buf[0], '!');
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2958 }
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2959}
2960
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2961TEST_P(SSLVersionTest, RecordCallback) {
2962 for (bool test_server : {true, false}) {
2963 SCOPED_TRACE(test_server);
2964 ResetContexts();
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]2965
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2966 bool read_seen = false;
2967 bool write_seen = false;
2968 auto cb = [&](int is_write, int cb_version, int cb_type, const void *buf,
2969 size_t len, SSL *ssl) {
2970 if (cb_type != SSL3_RT_HEADER) {
2971 return;
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2972 }
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2973
2974 // The callback does not report a version for records.
2975 EXPECT_EQ(0, cb_version);
2976
2977 if (is_write) {
2978 write_seen = true;
2979 } else {
2980 read_seen = true;
2981 }
2982
2983 // Sanity-check that the record header is plausible.
2984 CBS cbs;
2985 CBS_init(&cbs, reinterpret_cast<const uint8_t *>(buf), len);
2986 uint8_t type;
2987 uint16_t record_version, length;
2988 ASSERT_TRUE(CBS_get_u8(&cbs, &type));
2989 ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
Steven Valdez64cc1212017-12-04 11:15:37 -0500[diff] [blame]2990 EXPECT_EQ(record_version & 0xff00, version() & 0xff00);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2991 if (is_dtls()) {
2992 uint16_t epoch;
2993 ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
2994 EXPECT_TRUE(epoch == 0 || epoch == 1) << "Invalid epoch: " << epoch;
2995 ASSERT_TRUE(CBS_skip(&cbs, 6));
2996 }
2997 ASSERT_TRUE(CBS_get_u16(&cbs, &length));
2998 EXPECT_EQ(0u, CBS_len(&cbs));
2999 };
3000 using CallbackType = decltype(cb);
3001 SSL_CTX *ctx = test_server ? server_ctx_.get() : client_ctx_.get();
3002 SSL_CTX_set_msg_callback(
3003 ctx, [](int is_write, int cb_version, int cb_type, const void *buf,
3004 size_t len, SSL *ssl, void *arg) {
3005 CallbackType *cb_ptr = reinterpret_cast<CallbackType *>(arg);
3006 (*cb_ptr)(is_write, cb_version, cb_type, buf, len, ssl);
3007 });
3008 SSL_CTX_set_msg_callback_arg(ctx, &cb);
3009
3010 ASSERT_TRUE(Connect());
3011
3012 EXPECT_TRUE(read_seen);
3013 EXPECT_TRUE(write_seen);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3014 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3015}
3016
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3017TEST_P(SSLVersionTest, GetServerName) {
3018 // No extensions in SSL 3.0.
3019 if (version() == SSL3_VERSION) {
3020 return;
3021 }
3022
3023 ClientConfig config;
3024 config.servername = "host1";
3025
3026 SSL_CTX_set_tlsext_servername_callback(
3027 server_ctx_.get(), [](SSL *ssl, int *out_alert, void *arg) -> int {
3028 // During the handshake, |SSL_get_servername| must match |config|.
3029 ClientConfig *config_p = reinterpret_cast<ClientConfig *>(arg);
3030 EXPECT_STREQ(config_p->servername.c_str(),
3031 SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name));
3032 return SSL_TLSEXT_ERR_OK;
3033 });
3034 SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), &config);
3035
3036 ASSERT_TRUE(Connect(config));
3037 // After the handshake, it must also be available.
3038 EXPECT_STREQ(config.servername.c_str(),
3039 SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name));
3040
3041 // Establish a session under host1.
3042 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
3043 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
3044 bssl::UniquePtr<SSL_SESSION> session =
3045 CreateClientSession(client_ctx_.get(), server_ctx_.get(), config);
3046
3047 // If the client resumes a session with a different name, |SSL_get_servername|
3048 // must return the new name.
3049 ASSERT_TRUE(session);
3050 config.session = session.get();
3051 config.servername = "host2";
3052 ASSERT_TRUE(Connect(config));
3053 EXPECT_STREQ(config.servername.c_str(),
3054 SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name));
3055}
3056
David Benjamin3d8f0802017-09-06 16:12:52 -0400[diff] [blame]3057// Test that session cache mode bits are honored in the client session callback.
3058TEST_P(SSLVersionTest, ClientSessionCacheMode) {
3059 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_OFF);
3060 EXPECT_FALSE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3061
3062 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_CLIENT);
3063 EXPECT_TRUE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3064
3065 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_SERVER);
3066 EXPECT_FALSE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3067}
3068
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3069TEST(SSLTest, AddChainCertHack) {
3070 // Ensure that we don't accidently break the hack that we have in place to
3071 // keep curl and serf happy when they use an |X509| even after transfering
3072 // ownership.
3073
3074 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3075 ASSERT_TRUE(ctx);
3076 X509 *cert = GetTestCertificate().release();
3077 ASSERT_TRUE(cert);
3078 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3079
3080 // This should not trigger a use-after-free.
3081 X509_cmp(cert, cert);
3082}
3083
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3084TEST(SSLTest, GetCertificate) {
3085 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3086 ASSERT_TRUE(ctx);
3087 bssl::UniquePtr<X509> cert = GetTestCertificate();
3088 ASSERT_TRUE(cert);
3089 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3090 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3091 ASSERT_TRUE(ssl);
3092
3093 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3094 ASSERT_TRUE(cert2);
3095 X509 *cert3 = SSL_get_certificate(ssl.get());
3096 ASSERT_TRUE(cert3);
3097
3098 // The old and new certificates must be identical.
3099 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3100 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3101
3102 uint8_t *der = nullptr;
3103 long der_len = i2d_X509(cert.get(), &der);
3104 ASSERT_LT(0, der_len);
3105 bssl::UniquePtr<uint8_t> free_der(der);
3106
3107 uint8_t *der2 = nullptr;
3108 long der2_len = i2d_X509(cert2, &der2);
3109 ASSERT_LT(0, der2_len);
3110 bssl::UniquePtr<uint8_t> free_der2(der2);
3111
3112 uint8_t *der3 = nullptr;
3113 long der3_len = i2d_X509(cert3, &der3);
3114 ASSERT_LT(0, der3_len);
3115 bssl::UniquePtr<uint8_t> free_der3(der3);
3116
3117 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3118 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3119 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3120}
3121
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3122TEST(SSLTest, SetChainAndKeyMismatch) {
3123 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3124 ASSERT_TRUE(ctx);
3125
3126 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3127 ASSERT_TRUE(key);
3128 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3129 ASSERT_TRUE(leaf);
3130 std::vector<CRYPTO_BUFFER*> chain = {
3131 leaf.get(),
3132 };
3133
3134 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3135 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3136 key.get(), nullptr));
3137 ERR_clear_error();
3138}
3139
3140TEST(SSLTest, SetChainAndKey) {
3141 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3142 ASSERT_TRUE(client_ctx);
3143 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3144 ASSERT_TRUE(server_ctx);
3145
3146 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3147 ASSERT_TRUE(key);
3148 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3149 ASSERT_TRUE(leaf);
3150 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3151 GetChainTestIntermediateBuffer();
3152 ASSERT_TRUE(intermediate);
3153 std::vector<CRYPTO_BUFFER*> chain = {
3154 leaf.get(), intermediate.get(),
3155 };
3156 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3157 chain.size(), key.get(), nullptr));
3158
David Benjamin3a1dd462017-07-11 16:13:10 -0400[diff] [blame]3159 SSL_CTX_set_custom_verify(
3160 client_ctx.get(), SSL_VERIFY_PEER,
3161 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3162 return ssl_verify_ok;
3163 });
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3164
3165 bssl::UniquePtr<SSL> client, server;
3166 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3167 server_ctx.get()));
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3168}
3169
Matthew Braithwaite5301c102018-01-23 12:08:55 -0800[diff] [blame]3170TEST(SSLTest, BuffersFailWithoutCustomVerify) {
3171 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3172 ASSERT_TRUE(client_ctx);
3173 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3174 ASSERT_TRUE(server_ctx);
3175
3176 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3177 ASSERT_TRUE(key);
3178 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3179 ASSERT_TRUE(leaf);
3180 std::vector<CRYPTO_BUFFER*> chain = { leaf.get() };
3181 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3182 chain.size(), key.get(), nullptr));
3183
3184 // Without SSL_CTX_set_custom_verify(), i.e. with everything in the default
3185 // configuration, certificate verification should fail.
3186 bssl::UniquePtr<SSL> client, server;
3187 ASSERT_FALSE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3188 server_ctx.get()));
3189
3190 // Whereas with a verifier, the connection should succeed.
3191 SSL_CTX_set_custom_verify(
3192 client_ctx.get(), SSL_VERIFY_PEER,
3193 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3194 return ssl_verify_ok;
3195 });
3196 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3197 server_ctx.get()));
3198}
3199
3200TEST(SSLTest, CustomVerify) {
3201 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3202 ASSERT_TRUE(client_ctx);
3203 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3204 ASSERT_TRUE(server_ctx);
3205
3206 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3207 ASSERT_TRUE(key);
3208 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3209 ASSERT_TRUE(leaf);
3210 std::vector<CRYPTO_BUFFER*> chain = { leaf.get() };
3211 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3212 chain.size(), key.get(), nullptr));
3213
3214 SSL_CTX_set_custom_verify(
3215 client_ctx.get(), SSL_VERIFY_PEER,
3216 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3217 return ssl_verify_ok;
3218 });
3219
3220 bssl::UniquePtr<SSL> client, server;
3221 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3222 server_ctx.get()));
3223
3224 // With SSL_VERIFY_PEER, ssl_verify_invalid should result in a dropped
3225 // connection.
3226 SSL_CTX_set_custom_verify(
3227 client_ctx.get(), SSL_VERIFY_PEER,
3228 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3229 return ssl_verify_invalid;
3230 });
3231
3232 ASSERT_FALSE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3233 server_ctx.get()));
3234
3235 // But with SSL_VERIFY_NONE, ssl_verify_invalid should not cause a dropped
3236 // connection.
3237 SSL_CTX_set_custom_verify(
3238 client_ctx.get(), SSL_VERIFY_NONE,
3239 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3240 return ssl_verify_invalid;
3241 });
3242
3243 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3244 server_ctx.get()));
3245}
3246
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3247TEST(SSLTest, ClientCABuffers) {
3248 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3249 ASSERT_TRUE(client_ctx);
3250 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3251 ASSERT_TRUE(server_ctx);
3252
3253 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3254 ASSERT_TRUE(key);
3255 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3256 ASSERT_TRUE(leaf);
3257 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3258 GetChainTestIntermediateBuffer();
3259 ASSERT_TRUE(intermediate);
3260 std::vector<CRYPTO_BUFFER *> chain = {
3261 leaf.get(),
3262 intermediate.get(),
3263 };
3264 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3265 chain.size(), key.get(), nullptr));
3266
3267 bssl::UniquePtr<CRYPTO_BUFFER> ca_name(
3268 CRYPTO_BUFFER_new(kTestName, sizeof(kTestName), nullptr));
3269 ASSERT_TRUE(ca_name);
3270 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names(
3271 sk_CRYPTO_BUFFER_new_null());
3272 ASSERT_TRUE(ca_names);
3273 ASSERT_TRUE(sk_CRYPTO_BUFFER_push(ca_names.get(), ca_name.get()));
3274 ca_name.release();
3275 SSL_CTX_set0_client_CAs(server_ctx.get(), ca_names.release());
3276
3277 // Configure client and server to accept all certificates.
3278 SSL_CTX_set_custom_verify(
3279 client_ctx.get(), SSL_VERIFY_PEER,
3280 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3281 return ssl_verify_ok;
3282 });
3283 SSL_CTX_set_custom_verify(
3284 server_ctx.get(), SSL_VERIFY_PEER,
3285 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3286 return ssl_verify_ok;
3287 });
3288
3289 bool cert_cb_called = false;
3290 SSL_CTX_set_cert_cb(
3291 client_ctx.get(),
3292 [](SSL *ssl, void *arg) -> int {
3293 STACK_OF(CRYPTO_BUFFER) *peer_names =
3294 SSL_get0_server_requested_CAs(ssl);
3295 EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
3296 CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
3297 EXPECT_EQ(Bytes(kTestName), Bytes(CRYPTO_BUFFER_data(peer_name),
3298 CRYPTO_BUFFER_len(peer_name)));
3299 *reinterpret_cast<bool *>(arg) = true;
3300 return 1;
3301 },
3302 &cert_cb_called);
3303
3304 bssl::UniquePtr<SSL> client, server;
3305 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3306 server_ctx.get()));
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3307 EXPECT_TRUE(cert_cb_called);
3308}
3309
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3310// Configuring the empty cipher list, though an error, should still modify the
3311// configuration.
3312TEST(SSLTest, EmptyCipherList) {
3313 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3314 ASSERT_TRUE(ctx);
3315
3316 // Initially, the cipher list is not empty.
3317 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3318
3319 // Configuring the empty cipher list fails.
3320 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3321 ERR_clear_error();
3322
3323 // But the cipher list is still updated to empty.
3324 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3325}
3326
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3327// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3328// test |SSL_TICKET_AEAD_METHOD| can fail.
3329enum ssl_test_ticket_aead_failure_mode {
3330 ssl_test_ticket_aead_ok = 0,
3331 ssl_test_ticket_aead_seal_fail,
3332 ssl_test_ticket_aead_open_soft_fail,
3333 ssl_test_ticket_aead_open_hard_fail,
3334};
3335
3336struct ssl_test_ticket_aead_state {
3337 unsigned retry_count;
3338 ssl_test_ticket_aead_failure_mode failure_mode;
3339};
3340
3341static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3342 const CRYPTO_EX_DATA *from,
3343 void **from_d, int index,
3344 long argl, void *argp) {
3345 abort();
3346}
3347
3348static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3349 CRYPTO_EX_DATA *ad, int index,
3350 long argl, void *argp) {
3351 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3352 if (state == nullptr) {
3353 return;
3354 }
3355
3356 OPENSSL_free(state);
3357}
3358
3359static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3360static int g_ssl_test_ticket_aead_ex_index;
3361
3362static int ssl_test_ticket_aead_get_ex_index() {
3363 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3364 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3365 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3366 ssl_test_ticket_aead_ex_index_free);
3367 });
3368 return g_ssl_test_ticket_aead_ex_index;
3369}
3370
3371static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3372 return 1;
3373}
3374
3375static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3376 size_t max_out_len, const uint8_t *in,
3377 size_t in_len) {
3378 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3379 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3380
3381 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3382 max_out_len < in_len + 1) {
3383 return 0;
3384 }
3385
3386 OPENSSL_memmove(out, in, in_len);
3387 out[in_len] = 0xff;
3388 *out_len = in_len + 1;
3389
3390 return 1;
3391}
3392
3393static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3394 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3395 const uint8_t *in, size_t in_len) {
3396 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3397 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3398
3399 if (state->retry_count > 0) {
3400 state->retry_count--;
3401 return ssl_ticket_aead_retry;
3402 }
3403
3404 switch (state->failure_mode) {
3405 case ssl_test_ticket_aead_ok:
3406 break;
3407 case ssl_test_ticket_aead_seal_fail:
3408 // If |seal| failed then there shouldn't be any ticket to try and
3409 // decrypt.
3410 abort();
3411 break;
3412 case ssl_test_ticket_aead_open_soft_fail:
3413 return ssl_ticket_aead_ignore_ticket;
3414 case ssl_test_ticket_aead_open_hard_fail:
3415 return ssl_ticket_aead_error;
3416 }
3417
3418 if (in_len == 0 || in[in_len - 1] != 0xff) {
3419 return ssl_ticket_aead_ignore_ticket;
3420 }
3421
3422 if (max_out_len < in_len - 1) {
3423 return ssl_ticket_aead_error;
3424 }
3425
3426 OPENSSL_memmove(out, in, in_len - 1);
3427 *out_len = in_len - 1;
3428 return ssl_ticket_aead_success;
3429}
3430
3431static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3432 ssl_test_ticket_aead_max_overhead,
3433 ssl_test_ticket_aead_seal,
3434 ssl_test_ticket_aead_open,
3435};
3436
3437static void ConnectClientAndServerWithTicketMethod(
3438 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3439 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3440 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3441 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3442 ASSERT_TRUE(client);
3443 ASSERT_TRUE(server);
3444 SSL_set_connect_state(client.get());
3445 SSL_set_accept_state(server.get());
3446
3447 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3448 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3449 ASSERT_TRUE(state);
3450 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3451 state->retry_count = retry_count;
3452 state->failure_mode = failure_mode;
3453
3454 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3455 state));
3456
3457 SSL_set_session(client.get(), session);
3458
3459 BIO *bio1, *bio2;
3460 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3461
3462 // SSL_set_bio takes ownership.
3463 SSL_set_bio(client.get(), bio1, bio1);
3464 SSL_set_bio(server.get(), bio2, bio2);
3465
3466 if (CompleteHandshakes(client.get(), server.get())) {
3467 *out_client = std::move(client);
3468 *out_server = std::move(server);
3469 } else {
3470 out_client->reset();
3471 out_server->reset();
3472 }
3473}
3474
David Benjaminc9775322018-04-13 16:39:12 -0400[diff] [blame]3475using TicketAEADMethodParam =
3476 testing::tuple<uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>;
3477
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3478class TicketAEADMethodTest
David Benjaminc9775322018-04-13 16:39:12 -0400[diff] [blame]3479 : public ::testing::TestWithParam<TicketAEADMethodParam> {};
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3480
3481TEST_P(TicketAEADMethodTest, Resume) {
3482 bssl::UniquePtr<X509> cert = GetTestCertificate();
3483 ASSERT_TRUE(cert);
3484 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3485 ASSERT_TRUE(key);
3486
3487 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3488 ASSERT_TRUE(server_ctx);
3489 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3490 ASSERT_TRUE(client_ctx);
3491
3492 const uint16_t version = testing::get<0>(GetParam());
3493 const unsigned retry_count = testing::get<1>(GetParam());
3494 const ssl_test_ticket_aead_failure_mode failure_mode =
3495 testing::get<2>(GetParam());
3496
3497 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3498 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3499 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3500 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3501 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3502 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3503
3504 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3505 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3506 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3507 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3508 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3509
3510 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3511
3512 bssl::UniquePtr<SSL> client, server;
3513 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3514 server_ctx.get(), retry_count,
3515 failure_mode, nullptr);
3516 switch (failure_mode) {
3517 case ssl_test_ticket_aead_ok:
3518 case ssl_test_ticket_aead_open_hard_fail:
3519 case ssl_test_ticket_aead_open_soft_fail:
3520 ASSERT_TRUE(client);
3521 break;
3522 case ssl_test_ticket_aead_seal_fail:
3523 EXPECT_FALSE(client);
3524 return;
3525 }
3526 EXPECT_FALSE(SSL_session_reused(client.get()));
3527 EXPECT_FALSE(SSL_session_reused(server.get()));
3528
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3529 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3530 SSL_read(client.get(), nullptr, 0);
3531
3532 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3533 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3534 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3535 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3536 switch (failure_mode) {
3537 case ssl_test_ticket_aead_ok:
3538 ASSERT_TRUE(client);
3539 EXPECT_TRUE(SSL_session_reused(client.get()));
3540 EXPECT_TRUE(SSL_session_reused(server.get()));
3541 break;
3542 case ssl_test_ticket_aead_seal_fail:
3543 abort();
3544 break;
3545 case ssl_test_ticket_aead_open_hard_fail:
3546 EXPECT_FALSE(client);
3547 break;
3548 case ssl_test_ticket_aead_open_soft_fail:
3549 ASSERT_TRUE(client);
3550 EXPECT_FALSE(SSL_session_reused(client.get()));
3551 EXPECT_FALSE(SSL_session_reused(server.get()));
3552 }
3553}
3554
David Benjaminc9775322018-04-13 16:39:12 -0400[diff] [blame]3555std::string TicketAEADMethodParamToString(
3556 const testing::TestParamInfo<TicketAEADMethodParam> &params) {
3557 std::string ret = GetVersionName(std::get<0>(params.param));
3558 // GTest only allows alphanumeric characters and '_' in the parameter
3559 // string. Additionally filter out the 'v' to get "TLS13" over "TLSv13".
3560 for (auto it = ret.begin(); it != ret.end();) {
3561 if (*it == '.' || *it == 'v') {
3562 it = ret.erase(it);
3563 } else {
3564 ++it;
3565 }
3566 }
3567 char retry_count[256];
3568 snprintf(retry_count, sizeof(retry_count), "%d", std::get<1>(params.param));
3569 ret += "_";
3570 ret += retry_count;
3571 ret += "Retries_";
3572 switch (std::get<2>(params.param)) {
3573 case ssl_test_ticket_aead_ok:
3574 ret += "OK";
3575 break;
3576 case ssl_test_ticket_aead_seal_fail:
3577 ret += "SealFail";
3578 break;
3579 case ssl_test_ticket_aead_open_soft_fail:
3580 ret += "OpenSoftFail";
3581 break;
3582 case ssl_test_ticket_aead_open_hard_fail:
3583 ret += "OpenHardFail";
3584 break;
3585 }
3586 return ret;
3587}
3588
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3589INSTANTIATE_TEST_CASE_P(
3590 TicketAEADMethodTests, TicketAEADMethodTest,
David Benjaminc9775322018-04-13 16:39:12 -0400[diff] [blame]3591 testing::Combine(testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
3592 testing::Values(0, 1, 2),
3593 testing::Values(ssl_test_ticket_aead_ok,
3594 ssl_test_ticket_aead_seal_fail,
3595 ssl_test_ticket_aead_open_soft_fail,
3596 ssl_test_ticket_aead_open_hard_fail)),
3597 TicketAEADMethodParamToString);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3598
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]3599TEST(SSLTest, SelectNextProto) {
3600 uint8_t *result;
3601 uint8_t result_len;
3602
3603 // If there is an overlap, it should be returned.
3604 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3605 SSL_select_next_proto(&result, &result_len,
3606 (const uint8_t *)"\1a\2bb\3ccc", 9,
3607 (const uint8_t *)"\1x\1y\1a\1z", 8));
3608 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3609
3610 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3611 SSL_select_next_proto(&result, &result_len,
3612 (const uint8_t *)"\1a\2bb\3ccc", 9,
3613 (const uint8_t *)"\1x\1y\2bb\1z", 9));
3614 EXPECT_EQ(Bytes("bb"), Bytes(result, result_len));
3615
3616 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3617 SSL_select_next_proto(&result, &result_len,
3618 (const uint8_t *)"\1a\2bb\3ccc", 9,
3619 (const uint8_t *)"\1x\1y\3ccc\1z", 10));
3620 EXPECT_EQ(Bytes("ccc"), Bytes(result, result_len));
3621
3622 // Peer preference order takes precedence over local.
3623 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3624 SSL_select_next_proto(&result, &result_len,
3625 (const uint8_t *)"\1a\2bb\3ccc", 9,
3626 (const uint8_t *)"\3ccc\2bb\1a", 9));
3627 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3628
3629 // If there is no overlap, return the first local protocol.
3630 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3631 SSL_select_next_proto(&result, &result_len,
3632 (const uint8_t *)"\1a\2bb\3ccc", 9,
3633 (const uint8_t *)"\1x\2yy\3zzz", 9));
3634 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3635
3636 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3637 SSL_select_next_proto(&result, &result_len, nullptr, 0,
3638 (const uint8_t *)"\1x\2yy\3zzz", 9));
3639 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3640}
3641
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3642TEST(SSLTest, SealRecord) {
3643 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3644 server_ctx(SSL_CTX_new(TLS_method()));
3645 ASSERT_TRUE(client_ctx);
3646 ASSERT_TRUE(server_ctx);
3647
3648 bssl::UniquePtr<X509> cert = GetTestCertificate();
3649 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3650 ASSERT_TRUE(cert);
3651 ASSERT_TRUE(key);
3652 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3653 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3654
3655 bssl::UniquePtr<SSL> client, server;
3656 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3657 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3658
3659 const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3660 std::vector<uint8_t> prefix(
3661 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3662 body(record.size()),
3663 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3664 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3665 bssl::MakeSpan(body), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3666 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3667
3668 std::vector<uint8_t> sealed;
3669 sealed.insert(sealed.end(), prefix.begin(), prefix.end());
3670 sealed.insert(sealed.end(), body.begin(), body.end());
3671 sealed.insert(sealed.end(), suffix.begin(), suffix.end());
3672 std::vector<uint8_t> sealed_copy = sealed;
3673
3674 bssl::Span<uint8_t> plaintext;
3675 size_t record_len;
3676 uint8_t alert = 255;
3677 EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
3678 bssl::MakeSpan(sealed)),
3679 bssl::OpenRecordResult::kOK);
3680 EXPECT_EQ(record_len, sealed.size());
3681 EXPECT_EQ(plaintext, record);
3682 EXPECT_EQ(255, alert);
3683}
3684
3685TEST(SSLTest, SealRecordInPlace) {
3686 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3687 server_ctx(SSL_CTX_new(TLS_method()));
3688 ASSERT_TRUE(client_ctx);
3689 ASSERT_TRUE(server_ctx);
3690
3691 bssl::UniquePtr<X509> cert = GetTestCertificate();
3692 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3693 ASSERT_TRUE(cert);
3694 ASSERT_TRUE(key);
3695 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3696 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3697
3698 bssl::UniquePtr<SSL> client, server;
3699 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3700 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3701
3702 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3703 std::vector<uint8_t> record = plaintext;
3704 std::vector<uint8_t> prefix(
3705 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3706 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3707 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3708 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3709 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3710 record.insert(record.begin(), prefix.begin(), prefix.end());
3711 record.insert(record.end(), suffix.begin(), suffix.end());
3712
3713 bssl::Span<uint8_t> result;
3714 size_t record_len;
3715 uint8_t alert;
3716 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3717 bssl::MakeSpan(record)),
3718 bssl::OpenRecordResult::kOK);
3719 EXPECT_EQ(record_len, record.size());
3720 EXPECT_EQ(plaintext, result);
3721}
3722
3723TEST(SSLTest, SealRecordTrailingData) {
3724 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3725 server_ctx(SSL_CTX_new(TLS_method()));
3726 ASSERT_TRUE(client_ctx);
3727 ASSERT_TRUE(server_ctx);
3728
3729 bssl::UniquePtr<X509> cert = GetTestCertificate();
3730 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3731 ASSERT_TRUE(cert);
3732 ASSERT_TRUE(key);
3733 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3734 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3735
3736 bssl::UniquePtr<SSL> client, server;
3737 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3738 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3739
3740 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3741 std::vector<uint8_t> record = plaintext;
3742 std::vector<uint8_t> prefix(
3743 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3744 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3745 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3746 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3747 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3748 record.insert(record.begin(), prefix.begin(), prefix.end());
3749 record.insert(record.end(), suffix.begin(), suffix.end());
3750 record.insert(record.end(), {5, 4, 3, 2, 1});
3751
3752 bssl::Span<uint8_t> result;
3753 size_t record_len;
3754 uint8_t alert;
3755 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3756 bssl::MakeSpan(record)),
3757 bssl::OpenRecordResult::kOK);
3758 EXPECT_EQ(record_len, record.size() - 5);
3759 EXPECT_EQ(plaintext, result);
3760}
3761
3762TEST(SSLTest, SealRecordInvalidSpanSize) {
3763 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3764 server_ctx(SSL_CTX_new(TLS_method()));
3765 ASSERT_TRUE(client_ctx);
3766 ASSERT_TRUE(server_ctx);
3767
3768 bssl::UniquePtr<X509> cert = GetTestCertificate();
3769 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3770 ASSERT_TRUE(cert);
3771 ASSERT_TRUE(key);
3772 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3773 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3774
3775 bssl::UniquePtr<SSL> client, server;
3776 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3777 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3778
3779 std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3780 std::vector<uint8_t> prefix(
3781 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3782 body(record.size()),
3783 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3784
3785 auto expect_err = []() {
3786 int err = ERR_get_error();
3787 EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
3788 EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
3789 ERR_clear_error();
3790 };
3791 EXPECT_FALSE(bssl::SealRecord(
3792 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3793 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3794 expect_err();
3795 EXPECT_FALSE(bssl::SealRecord(
3796 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3797 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3798 expect_err();
3799
3800 EXPECT_FALSE(
3801 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3802 bssl::MakeSpan(record.data(), record.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3803 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3804 expect_err();
3805 EXPECT_FALSE(
3806 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3807 bssl::MakeSpan(record.data(), record.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3808 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3809 expect_err();
3810
3811 EXPECT_FALSE(bssl::SealRecord(
3812 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3813 bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3814 expect_err();
3815 EXPECT_FALSE(bssl::SealRecord(
3816 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3817 bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3818 expect_err();
3819}
3820
David Benjamin617b8182017-08-29 15:33:10 -0400[diff] [blame]3821// The client should gracefully handle no suitable ciphers being enabled.
3822TEST(SSLTest, NoCiphersAvailable) {
3823 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3824 ASSERT_TRUE(ctx);
3825
3826 // Configure |client_ctx| with a cipher list that does not intersect with its
3827 // version configuration.
3828 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(
3829 ctx.get(), "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
3830 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
3831
3832 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3833 ASSERT_TRUE(ssl);
3834 SSL_set_connect_state(ssl.get());
3835
3836 UniquePtr<BIO> rbio(BIO_new(BIO_s_mem())), wbio(BIO_new(BIO_s_mem()));
3837 ASSERT_TRUE(rbio);
3838 ASSERT_TRUE(wbio);
3839 SSL_set0_rbio(ssl.get(), rbio.release());
3840 SSL_set0_wbio(ssl.get(), wbio.release());
3841
3842 int ret = SSL_do_handshake(ssl.get());
3843 EXPECT_EQ(-1, ret);
3844 EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), ret));
3845 uint32_t err = ERR_get_error();
3846 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3847 EXPECT_EQ(SSL_R_NO_CIPHERS_AVAILABLE, ERR_GET_REASON(err));
3848}
3849
David Benjamina4bafd32017-10-03 15:06:29 -0400[diff] [blame]3850TEST_P(SSLVersionTest, SessionVersion) {
3851 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
3852 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
3853
3854 bssl::UniquePtr<SSL_SESSION> session =
3855 CreateClientSession(client_ctx_.get(), server_ctx_.get());
3856 ASSERT_TRUE(session);
3857 EXPECT_EQ(version(), SSL_SESSION_get_protocol_version(session.get()));
3858
3859 // Sessions in TLS 1.3 and later should be single-use.
3860 EXPECT_EQ(version() == TLS1_3_VERSION,
3861 !!SSL_SESSION_should_be_single_use(session.get()));
3862
3863 // Making fake sessions for testing works.
3864 session.reset(SSL_SESSION_new(client_ctx_.get()));
3865 ASSERT_TRUE(session);
3866 ASSERT_TRUE(SSL_SESSION_set_protocol_version(session.get(), version()));
3867 EXPECT_EQ(version(), SSL_SESSION_get_protocol_version(session.get()));
3868}
3869
David Benjaminfdb7a352017-10-12 17:34:18 -0400[diff] [blame]3870TEST_P(SSLVersionTest, SSLPending) {
3871 UniquePtr<SSL> ssl(SSL_new(client_ctx_.get()));
3872 ASSERT_TRUE(ssl);
3873 EXPECT_EQ(0, SSL_pending(ssl.get()));
3874
3875 ASSERT_TRUE(Connect());
3876 EXPECT_EQ(0, SSL_pending(client_.get()));
3877
3878 ASSERT_EQ(5, SSL_write(server_.get(), "hello", 5));
3879 ASSERT_EQ(5, SSL_write(server_.get(), "world", 5));
3880 EXPECT_EQ(0, SSL_pending(client_.get()));
3881
3882 char buf[10];
3883 ASSERT_EQ(1, SSL_peek(client_.get(), buf, 1));
3884 EXPECT_EQ(5, SSL_pending(client_.get()));
3885
3886 ASSERT_EQ(1, SSL_read(client_.get(), buf, 1));
3887 EXPECT_EQ(4, SSL_pending(client_.get()));
3888
3889 ASSERT_EQ(4, SSL_read(client_.get(), buf, 10));
3890 EXPECT_EQ(0, SSL_pending(client_.get()));
3891
3892 ASSERT_EQ(2, SSL_read(client_.get(), buf, 2));
3893 EXPECT_EQ(3, SSL_pending(client_.get()));
3894}
3895
David Benjamina031b612017-10-11 20:48:25 -0400[diff] [blame]3896// Test that post-handshake tickets consumed by |SSL_shutdown| are ignored.
3897TEST(SSLTest, ShutdownIgnoresTickets) {
3898 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3899 ASSERT_TRUE(ctx);
3900 ASSERT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_3_VERSION));
3901 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
3902
3903 bssl::UniquePtr<X509> cert = GetTestCertificate();
3904 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3905 ASSERT_TRUE(cert);
3906 ASSERT_TRUE(key);
3907 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3908 ASSERT_TRUE(SSL_CTX_use_PrivateKey(ctx.get(), key.get()));
3909
3910 SSL_CTX_set_session_cache_mode(ctx.get(), SSL_SESS_CACHE_BOTH);
3911
3912 bssl::UniquePtr<SSL> client, server;
3913 ASSERT_TRUE(ConnectClientAndServer(&client, &server, ctx.get(), ctx.get()));
3914
3915 SSL_CTX_sess_set_new_cb(ctx.get(), [](SSL *ssl, SSL_SESSION *session) -> int {
3916 ADD_FAILURE() << "New session callback called during SSL_shutdown";
3917 return 0;
3918 });
3919
3920 // Send close_notify.
3921 EXPECT_EQ(0, SSL_shutdown(server.get()));
3922 EXPECT_EQ(0, SSL_shutdown(client.get()));
3923
3924 // Receive close_notify.
3925 EXPECT_EQ(1, SSL_shutdown(server.get()));
3926 EXPECT_EQ(1, SSL_shutdown(client.get()));
3927}
3928
David Benjamin6cc352e2017-11-02 17:21:39 -0400[diff] [blame]3929TEST(SSLTest, SignatureAlgorithmProperties) {
3930 EXPECT_EQ(EVP_PKEY_NONE, SSL_get_signature_algorithm_key_type(0x1234));
3931 EXPECT_EQ(nullptr, SSL_get_signature_algorithm_digest(0x1234));
3932 EXPECT_FALSE(SSL_is_signature_algorithm_rsa_pss(0x1234));
3933
3934 EXPECT_EQ(EVP_PKEY_RSA,
3935 SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3936 EXPECT_EQ(EVP_md5_sha1(),
3937 SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3938 EXPECT_FALSE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3939
3940 EXPECT_EQ(EVP_PKEY_EC, SSL_get_signature_algorithm_key_type(
3941 SSL_SIGN_ECDSA_SECP256R1_SHA256));
3942 EXPECT_EQ(EVP_sha256(), SSL_get_signature_algorithm_digest(
3943 SSL_SIGN_ECDSA_SECP256R1_SHA256));
3944 EXPECT_FALSE(
3945 SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_ECDSA_SECP256R1_SHA256));
3946
3947 EXPECT_EQ(EVP_PKEY_RSA,
David Benjamin6879e192018-04-13 16:01:02 -0400[diff] [blame]3948 SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PSS_RSAE_SHA384));
David Benjamin6cc352e2017-11-02 17:21:39 -0400[diff] [blame]3949 EXPECT_EQ(EVP_sha384(),
David Benjamin6879e192018-04-13 16:01:02 -0400[diff] [blame]3950 SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PSS_RSAE_SHA384));
3951 EXPECT_TRUE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PSS_RSAE_SHA384));
David Benjamin6cc352e2017-11-02 17:21:39 -0400[diff] [blame]3952}
3953
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame]3954void MoveBIOs(SSL *dest, SSL *src) {
3955 BIO *rbio = SSL_get_rbio(src);
3956 BIO_up_ref(rbio);
3957 SSL_set0_rbio(dest, rbio);
3958
3959 BIO *wbio = SSL_get_wbio(src);
3960 BIO_up_ref(wbio);
3961 SSL_set0_wbio(dest, wbio);
3962
3963 SSL_set0_rbio(src, nullptr);
3964 SSL_set0_wbio(src, nullptr);
3965}
3966
3967TEST(SSLTest, Handoff) {
3968 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3969 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3970 bssl::UniquePtr<SSL_CTX> handshaker_ctx(SSL_CTX_new(TLS_method()));
3971 ASSERT_TRUE(client_ctx);
3972 ASSERT_TRUE(server_ctx);
3973 ASSERT_TRUE(handshaker_ctx);
3974
3975 SSL_CTX_set_handoff_mode(server_ctx.get(), 1);
3976 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_2_VERSION));
3977 ASSERT_TRUE(
3978 SSL_CTX_set_max_proto_version(handshaker_ctx.get(), TLS1_2_VERSION));
3979
3980 bssl::UniquePtr<X509> cert = GetTestCertificate();
3981 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3982 ASSERT_TRUE(cert);
3983 ASSERT_TRUE(key);
3984 ASSERT_TRUE(SSL_CTX_use_certificate(handshaker_ctx.get(), cert.get()));
3985 ASSERT_TRUE(SSL_CTX_use_PrivateKey(handshaker_ctx.get(), key.get()));
3986
3987 bssl::UniquePtr<SSL> client, server;
3988 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3989 server_ctx.get(), ClientConfig(),
3990 false /* don't handshake */));
3991
3992 int client_ret = SSL_do_handshake(client.get());
3993 int client_err = SSL_get_error(client.get(), client_ret);
3994 ASSERT_EQ(client_err, SSL_ERROR_WANT_READ);
3995
3996 int server_ret = SSL_do_handshake(server.get());
3997 int server_err = SSL_get_error(server.get(), server_ret);
3998 ASSERT_EQ(server_err, SSL_ERROR_HANDOFF);
3999
4000 ScopedCBB cbb;
4001 Array<uint8_t> handoff;
4002 ASSERT_TRUE(CBB_init(cbb.get(), 256));
4003 ASSERT_TRUE(SSL_serialize_handoff(server.get(), cbb.get()));
4004 ASSERT_TRUE(CBBFinishArray(cbb.get(), &handoff));
4005
4006 bssl::UniquePtr<SSL> handshaker(SSL_new(handshaker_ctx.get()));
4007 ASSERT_TRUE(SSL_apply_handoff(handshaker.get(), handoff));
4008
4009 MoveBIOs(handshaker.get(), server.get());
4010
4011 int handshake_ret = SSL_do_handshake(handshaker.get());
4012 int handshake_err = SSL_get_error(handshaker.get(), handshake_ret);
Matthew Braithwaite56986f92018-03-22 11:48:33 -0700[diff] [blame]4013 ASSERT_EQ(handshake_err, SSL_ERROR_HANDBACK);
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame]4014
Matthew Braithwaite56986f92018-03-22 11:48:33 -0700[diff] [blame]4015 // Double-check that additional calls to |SSL_do_handshake| continue
4016 // to get |SSL_ERRROR_HANDBACK|.
4017 handshake_ret = SSL_do_handshake(handshaker.get());
4018 handshake_err = SSL_get_error(handshaker.get(), handshake_ret);
4019 ASSERT_EQ(handshake_err, SSL_ERROR_HANDBACK);
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame]4020
4021 ScopedCBB cbb_handback;
4022 Array<uint8_t> handback;
4023 ASSERT_TRUE(CBB_init(cbb_handback.get(), 1024));
4024 ASSERT_TRUE(SSL_serialize_handback(handshaker.get(), cbb_handback.get()));
4025 ASSERT_TRUE(CBBFinishArray(cbb_handback.get(), &handback));
4026
4027 bssl::UniquePtr<SSL> server2(SSL_new(server_ctx.get()));
4028 ASSERT_TRUE(SSL_apply_handback(server2.get(), handback));
4029
4030 MoveBIOs(server2.get(), handshaker.get());
Matthew Braithwaite56986f92018-03-22 11:48:33 -0700[diff] [blame]4031 ASSERT_TRUE(CompleteHandshakes(client.get(), server2.get()));
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame]4032
4033 uint8_t byte = 42;
4034 EXPECT_EQ(SSL_write(client.get(), &byte, 1), 1);
4035 EXPECT_EQ(SSL_read(server2.get(), &byte, 1), 1);
4036 EXPECT_EQ(42, byte);
4037
4038 byte = 43;
4039 EXPECT_EQ(SSL_write(server2.get(), &byte, 1), 1);
4040 EXPECT_EQ(SSL_read(client.get(), &byte, 1), 1);
4041 EXPECT_EQ(43, byte);
4042}
4043
4044TEST(SSLTest, HandoffDeclined) {
4045 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
4046 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
4047 ASSERT_TRUE(client_ctx);
4048 ASSERT_TRUE(server_ctx);
4049
4050 SSL_CTX_set_handoff_mode(server_ctx.get(), 1);
4051 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_2_VERSION));
4052
4053 bssl::UniquePtr<X509> cert = GetTestCertificate();
4054 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
4055 ASSERT_TRUE(cert);
4056 ASSERT_TRUE(key);
4057 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
4058 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
4059
4060 bssl::UniquePtr<SSL> client, server;
4061 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
4062 server_ctx.get(), ClientConfig(),
4063 false /* don't handshake */));
4064
4065 int client_ret = SSL_do_handshake(client.get());
4066 int client_err = SSL_get_error(client.get(), client_ret);
4067 ASSERT_EQ(client_err, SSL_ERROR_WANT_READ);
4068
4069 int server_ret = SSL_do_handshake(server.get());
4070 int server_err = SSL_get_error(server.get(), server_ret);
4071 ASSERT_EQ(server_err, SSL_ERROR_HANDOFF);
4072
4073 ScopedCBB cbb;
4074 ASSERT_TRUE(CBB_init(cbb.get(), 256));
4075 ASSERT_TRUE(SSL_serialize_handoff(server.get(), cbb.get()));
4076
4077 ASSERT_TRUE(SSL_decline_handoff(server.get()));
4078
4079 ASSERT_TRUE(CompleteHandshakes(client.get(), server.get()));
4080
4081 uint8_t byte = 42;
4082 EXPECT_EQ(SSL_write(client.get(), &byte, 1), 1);
4083 EXPECT_EQ(SSL_read(server.get(), &byte, 1), 1);
4084 EXPECT_EQ(42, byte);
4085
4086 byte = 43;
4087 EXPECT_EQ(SSL_write(server.get(), &byte, 1), 1);
4088 EXPECT_EQ(SSL_read(client.get(), &byte, 1), 1);
4089 EXPECT_EQ(43, byte);
4090}
4091
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]4092// TODO(davidben): Convert this file to GTest properly.
4093TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]4094 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]4095 !TestSSL_SESSIONEncoding(kCustomSession) ||
4096 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
4097 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
4098 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
4099 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]4100 // Test the padding extension at TLS 1.2.
4101 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
4102 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
4103 // will be no PSK binder after the padding extension.
4104 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
4105 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
4106 // will be a PSK binder after the padding extension.
Steven Valdez74666da2018-01-09 06:18:36 -0500[diff] [blame]4107 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT23_VERSION)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]4108 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]4109 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]4110}
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]4111
4112} // namespace
4113} // namespace bssl