Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 17b30833737b32ecab1f12c105e1b5cae6d49458 / . / ssl / ssl_test.cc
blob: 41572c42e450d68a8dd40afd41dbc9043bee2739 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]62};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]63
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]64struct CurveTest {
65 // The rule string to apply.
66 const char *rule;
67 // The list of expected curves, in order.
68 std::vector<uint16_t> expected;
69};
70
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]71static const CipherTest kCipherTests[] = {
72 // Selecting individual ciphers should work.
73 {
74 "ECDHE-ECDSA-CHACHA20-POLY1305:"
75 "ECDHE-RSA-CHACHA20-POLY1305:"
76 "ECDHE-ECDSA-AES128-GCM-SHA256:"
77 "ECDHE-RSA-AES128-GCM-SHA256",
78 {
79 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]80 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]94 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
95 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]96 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
97 },
98 },
99 // ! banishes ciphers from future selections.
100 {
101 "!aRSA:"
102 "ECDHE-ECDSA-CHACHA20-POLY1305:"
103 "ECDHE-RSA-CHACHA20-POLY1305:"
104 "ECDHE-ECDSA-AES128-GCM-SHA256:"
105 "ECDHE-RSA-AES128-GCM-SHA256",
106 {
107 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]108 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
109 },
110 },
111 // Multiple masks can be ANDed in a single rule.
112 {
113 "kRSA+AESGCM+AES128",
114 {
115 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
116 },
117 },
118 // - removes selected ciphers, but preserves their order for future
119 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
120 // ECDHE_RSA.
121 {
122 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
123 "AESGCM+AES128+aRSA",
124 {
125 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
126 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
127 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
128 },
129 },
130 // Unknown selectors are no-ops.
131 {
132 "ECDHE-ECDSA-CHACHA20-POLY1305:"
133 "ECDHE-RSA-CHACHA20-POLY1305:"
134 "ECDHE-ECDSA-AES128-GCM-SHA256:"
135 "ECDHE-RSA-AES128-GCM-SHA256:"
136 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
137 {
138 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]139 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]140 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
141 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
142 },
143 },
144 // Square brackets specify equi-preference groups.
145 {
146 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
147 "[ECDHE-RSA-CHACHA20-POLY1305]:"
148 "ECDHE-RSA-AES128-GCM-SHA256",
149 {
150 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]151 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]152 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]153 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
154 },
155 },
156 // @STRENGTH performs a stable strength-sort of the selected ciphers and
157 // only the selected ciphers.
158 {
159 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]160 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
162 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]163 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]164 // Select ECDHE ones and sort them by strength. Ties should resolve
165 // based on the order above.
166 "kECDHE:@STRENGTH:-ALL:"
167 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
168 // by strength. Then RSA, backwards by strength.
169 "aRSA",
170 {
171 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
172 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]173 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
175 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
176 },
177 },
178 // Exact ciphers may not be used in multi-part rules; they are treated
179 // as unknown aliases.
180 {
181 "ECDHE-ECDSA-AES128-GCM-SHA256:"
182 "ECDHE-RSA-AES128-GCM-SHA256:"
183 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
184 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
185 {
186 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
187 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
188 },
189 },
190 // SSLv3 matches everything that existed before TLS 1.2.
191 {
192 "AES128-SHA:AES128-SHA256:!SSLv3",
193 {
194 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
195 },
196 },
197 // TLSv1.2 matches everything added in TLS 1.2.
198 {
199 "AES128-SHA:AES128-SHA256:!TLSv1.2",
200 {
201 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
202 },
203 },
204 // The two directives have no intersection.
205 {
206 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
207 {
208 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
209 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
210 },
211 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]212};
213
214static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]215 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]216 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
217 "RSA]",
218 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]219 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]220 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]221 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]222 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]223 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]224 "",
225 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]226 // COMPLEMENTOFDEFAULT is empty.
227 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]228 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]229 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]230 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]231 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
232 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
233 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
234 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]235 // Opcode supplied, but missing selector.
236 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]237};
238
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]239static const char *kMustNotIncludeNull[] = {
240 "ALL",
241 "DEFAULT",
242 "ALL:!eNULL",
243 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]244 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]245 "FIPS",
246 "SHA",
247 "SHA1",
248 "RSA",
249 "SSLv3",
250 "TLSv1",
251 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]252};
253
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]254static const CurveTest kCurveTests[] = {
255 {
256 "P-256",
257 { SSL_CURVE_SECP256R1 },
258 },
259 {
260 "P-256:P-384:P-521:X25519",
261 {
262 SSL_CURVE_SECP256R1,
263 SSL_CURVE_SECP384R1,
264 SSL_CURVE_SECP521R1,
265 SSL_CURVE_X25519,
266 },
267 },
268};
269
270static const char *kBadCurvesLists[] = {
271 "",
272 ":",
273 "::",
274 "P-256::X25519",
275 "RSA:P-256",
276 "P-256:RSA",
277 "X25519:P-256:",
278 ":X25519:P-256",
279};
280
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]281static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
282 bool in_group = false;
283 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]284 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
285 if (!in_group && list->in_group_flags[i]) {
286 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]287 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]288 }
289 fprintf(stderr, "\t");
290 if (in_group) {
291 fprintf(stderr, " ");
292 }
293 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
294 if (in_group && !list->in_group_flags[i]) {
295 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]296 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]297 }
298 }
299}
300
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]301static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]302 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]303 if (!ctx) {
304 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]305 }
306
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]307 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
308 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]309 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]310 }
311
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]312 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]313 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
314 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
315 PrintCipherPreferenceList(ctx->cipher_list);
316 return false;
317 }
318
319 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]320 const SSL_CIPHER *cipher =
321 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]322 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
323 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
324 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]325 PrintCipherPreferenceList(ctx->cipher_list);
326 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]327 }
328 }
329
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]330 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331}
332
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]333static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]334 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]335 if (!ctx) {
336 return false;
337 }
338 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
339 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
340 return false;
341 }
342 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
343 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
344 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
345 return false;
346 }
347 }
348 return true;
349}
350
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]351static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]352 for (const CipherTest &test : kCipherTests) {
353 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]354 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]355 }
356 }
357
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]358 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]359 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]360 if (!ctx) {
361 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]362 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]363 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
364 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]365 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]366 }
367 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]368 }
369
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]370 for (const char *rule : kMustNotIncludeNull) {
371 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]372 return false;
373 }
374 }
375
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]376 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]377}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]378
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]379static bool TestCurveRule(const CurveTest &t) {
380 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
381 if (!ctx) {
382 return false;
383 }
384
385 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
386 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
387 return false;
388 }
389
390 // Compare the two lists.
391 if (ctx->supported_group_list_len != t.expected.size()) {
392 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
393 return false;
394 }
395
396 for (size_t i = 0; i < t.expected.size(); i++) {
397 if (t.expected[i] != ctx->supported_group_list[i]) {
398 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
399 return false;
400 }
401 }
402
403 return true;
404}
405
406static bool TestCurveRules() {
407 for (const CurveTest &test : kCurveTests) {
408 if (!TestCurveRule(test)) {
409 return false;
410 }
411 }
412
413 for (const char *rule : kBadCurvesLists) {
414 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
415 if (!ctx) {
416 return false;
417 }
418 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
419 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
420 return false;
421 }
422 ERR_clear_error();
423 }
424
425 return true;
426}
427
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]428// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]429static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]430 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]431 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
432 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
433 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
434 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
435 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
436 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
437 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
438 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
439 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
440 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
441 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
442 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
443 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
444 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
445 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
446 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
447 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
448 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
449 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
450 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
451 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
452 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
453 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
454 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
455 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
456 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
457 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
458 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
459 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]460 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]461
462// kCustomSession is a custom serialized SSL_SESSION generated by
463// filling in missing fields from |kOpenSSLSession|. This includes
464// providing |peer_sha256|, so |peer| is not serialized.
465static const char kCustomSession[] =
466 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
467 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
468 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
469 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
470 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
471 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
472 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
473 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
474
475// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
476static const char kBoringSSLSession[] =
477 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
478 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
479 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
480 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
481 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
482 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
483 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
484 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
485 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
486 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
487 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
488 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
489 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
490 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
491 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
492 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
493 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
494 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
495 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
496 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
497 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
498 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
499 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
500 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
501 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
502 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
503 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
504 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
505 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
506 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
507 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
508 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
509 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
510 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
511 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
512 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
513 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
514 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
515 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
516 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
517 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
518 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
519 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
520 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
521 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
522 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
523 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
524 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
525 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
526 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
527 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
528 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
529 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
530 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
531 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
532 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
533 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
534 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
535 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
536 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
537 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
538 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
539 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
540 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
541 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
542 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
543 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
544 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
545 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
546 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
547 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
548 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
549 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
550 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
551 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
552 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
553 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
554 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
555 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
556 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
557 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
558 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
559 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
560 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
561 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
562 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
563 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
564 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
565 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
566 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
567 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
568 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
569 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
570 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
571 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
572
573// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
574// the final (optional) element of |kCustomSession| with tag number 30.
575static const char kBadSessionExtraField[] =
576 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
577 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
578 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
579 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
580 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
581 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
582 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
583 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
584
585// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
586// the version of |kCustomSession| with 2.
587static const char kBadSessionVersion[] =
588 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
589 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
590 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
591 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
592 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
593 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
594 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
595 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
596
597// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
598// appended.
599static const char kBadSessionTrailingData[] =
600 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
601 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
602 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
603 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
604 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
605 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
606 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
607 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
608
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]609static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]610 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]611 if (!EVP_DecodedLength(&len, strlen(in))) {
612 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]613 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]614 }
615
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]616 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]617 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]618 strlen(in))) {
619 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]620 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]621 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]622 out->resize(len);
623 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]624}
625
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]626static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]627 const uint8_t *cptr;
628 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]629
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]630 // Decode the input.
631 std::vector<uint8_t> input;
632 if (!DecodeBase64(&input, input_b64)) {
633 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]634 }
635
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]636 // Verify the SSL_SESSION decodes.
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]637 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]638 if (!session) {
639 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]640 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]641 }
642
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]643 // Verify the SSL_SESSION encoding round-trips.
644 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]645 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]646 uint8_t *encoded_raw;
647 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]648 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]649 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]650 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]651 encoded.reset(encoded_raw);
652 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]653 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]654 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]655 hexdump(stderr, "Before: ", input.data(), input.size());
656 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]657 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]658 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]659
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]660 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]661 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]662 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]663 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]664 fprintf(stderr, "d2i_SSL_SESSION failed\n");
665 return false;
666 }
667
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]668 // Verify the SSL_SESSION encoding round-trips via the legacy API.
669 int len = i2d_SSL_SESSION(session.get(), NULL);
670 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]671 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]672 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]673 }
674
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]675 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
676 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]677 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]678 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]679 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]680
681 ptr = encoded.get();
682 len = i2d_SSL_SESSION(session.get(), &ptr);
683 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]684 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]686 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]687 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]688 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]689 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]691 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]692 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]693 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]694 }
695
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]696 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]697}
698
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]699static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
700 std::vector<uint8_t> input;
701 if (!DecodeBase64(&input, input_b64)) {
702 return false;
703 }
704
705 // Verify that the SSL_SESSION fails to decode.
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]706 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]707 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]708 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]709 return false;
710 }
711 ERR_clear_error();
712 return true;
713}
714
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]715static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]716 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]717 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 if (!ctx) {
719 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]720 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]721 if (ctx->min_version != min_version || ctx->max_version != max_version) {
722 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
723 ctx->min_version, ctx->max_version, min_version, max_version);
724 return false;
725 }
726 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]727}
728
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]729static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]730 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
731 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]732 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]733 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]734 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]735 if (!rfc_name) {
736 return false;
737 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]738 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]740}
741
742typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]743 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]744 const char *rfc_name;
745} CIPHER_RFC_NAME_TEST;
746
747static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]748 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
749 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
750 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
751 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
752 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
753 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
754 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
755 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
756 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
757 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
758 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
759 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
760 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
761 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
762 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
763 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
764 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
765 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
766 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
767 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
768 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
769 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]770};
771
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]772static bool TestCipherGetRFCName(void) {
773 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]774 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]775 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]776 std::string rfc_name;
777 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
778 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
779 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]780 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]781 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]782 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]783 rfc_name.c_str(), test->rfc_name);
784 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]785 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]786 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]787 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]788}
789
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]790// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
791// version and ticket length or nullptr on failure.
792static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
793 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]794 std::vector<uint8_t> der;
795 if (!DecodeBase64(&der, kOpenSSLSession)) {
796 return nullptr;
797 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]798 bssl::UniquePtr<SSL_SESSION> session(
799 SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]800 if (!session) {
801 return nullptr;
802 }
803
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]804 session->ssl_version = version;
805
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]806 // Swap out the ticket for a garbage one.
807 OPENSSL_free(session->tlsext_tick);
808 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
809 if (session->tlsext_tick == nullptr) {
810 return nullptr;
811 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]812 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]813 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]814
815 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]816#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
817 session->time = 1234;
818#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]819 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]820#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]821 return session;
822}
823
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]824static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]825 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]826 if (!bio) {
827 return false;
828 }
829 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]830 BIO_up_ref(bio.get());
831 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]832 int ret = SSL_connect(ssl);
833 if (ret > 0) {
834 // SSL_connect should fail without a BIO to write to.
835 return false;
836 }
837 ERR_clear_error();
838
839 const uint8_t *client_hello;
840 size_t client_hello_len;
841 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
842 return false;
843 }
844 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
845 return true;
846}
847
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]848// GetClientHelloLen creates a client SSL connection with the specified version
849// and ticket length. It returns the length of the ClientHello, not including
850// the record header, on success and zero on error.
851static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
852 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]853 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]854 bssl::UniquePtr<SSL_SESSION> session =
855 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]856 if (!ctx || !session) {
857 return 0;
858 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]859
860 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]861 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]862 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]863 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
864 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]865 return 0;
866 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]867
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]868 std::vector<uint8_t> client_hello;
869 if (!GetClientHello(ssl.get(), &client_hello) ||
870 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]871 return 0;
872 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]873
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]874 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]875}
876
877struct PaddingTest {
878 size_t input_len, padded_len;
879};
880
881static const PaddingTest kPaddingTests[] = {
882 // ClientHellos of length below 0x100 do not require padding.
883 {0xfe, 0xfe},
884 {0xff, 0xff},
885 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
886 {0x100, 0x200},
887 {0x123, 0x200},
888 {0x1fb, 0x200},
889 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
890 // padding extension takes a minimum of four bytes plus one required content
891 // byte. (To work around yet more server bugs, we avoid empty final
892 // extensions.)
893 {0x1fc, 0x201},
894 {0x1fd, 0x202},
895 {0x1fe, 0x203},
896 {0x1ff, 0x204},
897 // Finally, larger ClientHellos need no padding.
898 {0x200, 0x200},
899 {0x201, 0x201},
900};
901
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]902static bool TestPaddingExtension(uint16_t max_version,
903 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]904 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]905 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]906 if (base_len == 0) {
907 return false;
908 }
909
910 for (const PaddingTest &test : kPaddingTests) {
911 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]912 fprintf(stderr,
913 "Baseline ClientHello too long (max_version = %04x, "
914 "session_version = %04x).\n",
915 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]916 return false;
917 }
918
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]919 size_t padded_len = GetClientHelloLen(max_version, session_version,
920 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]921 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]922 fprintf(stderr,
923 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
924 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]925 static_cast<unsigned>(test.input_len),
926 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]927 static_cast<unsigned>(test.padded_len), max_version,
928 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]929 return false;
930 }
931 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]932
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]933 return true;
934}
935
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]936// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
937// before configuring as a server.
938static bool TestClientCAList() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]939 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]940 if (!ctx) {
941 return false;
942 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]943 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]944 if (!ssl) {
945 return false;
946 }
947
948 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
949 if (stack == nullptr) {
950 return false;
951 }
952 // |SSL_set_client_CA_list| takes ownership.
953 SSL_set_client_CA_list(ssl.get(), stack);
954
955 return SSL_get_client_CA_list(ssl.get()) == stack;
956}
957
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]958static void AppendSession(SSL_SESSION *session, void *arg) {
959 std::vector<SSL_SESSION*> *out =
960 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
961 out->push_back(session);
962}
963
964// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
965// order.
966static bool ExpectCache(SSL_CTX *ctx,
967 const std::vector<SSL_SESSION*> &expected) {
968 // Check the linked list.
969 SSL_SESSION *ptr = ctx->session_cache_head;
970 for (SSL_SESSION *session : expected) {
971 if (ptr != session) {
972 return false;
973 }
974 // TODO(davidben): This is an absurd way to denote the end of the list.
975 if (ptr->next ==
976 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
977 ptr = nullptr;
978 } else {
979 ptr = ptr->next;
980 }
981 }
982 if (ptr != nullptr) {
983 return false;
984 }
985
986 // Check the hash table.
987 std::vector<SSL_SESSION*> actual, expected_copy;
988 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
989 expected_copy = expected;
990
991 std::sort(actual.begin(), actual.end());
992 std::sort(expected_copy.begin(), expected_copy.end());
993
994 return actual == expected_copy;
995}
996
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]997static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
998 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new());
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]999 if (!ret) {
1000 return nullptr;
1001 }
1002
1003 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1004 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1005 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1006 return ret;
1007}
1008
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1009// Test that the internal session cache behaves as expected.
1010static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1011 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1012 if (!ctx) {
1013 return false;
1014 }
1015
1016 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1018 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1019 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1020 if (!session) {
1021 return false;
1022 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1023 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1024 }
1025
1026 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1027
1028 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1029 for (const auto &session : sessions) {
1030 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1031 return false;
1032 }
1033 }
1034
1035 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1036 std::vector<SSL_SESSION*> expected = {
1037 sessions[9].get(),
1038 sessions[8].get(),
1039 sessions[7].get(),
1040 sessions[6].get(),
1041 sessions[5].get(),
1042 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1043 if (!ExpectCache(ctx.get(), expected)) {
1044 return false;
1045 }
1046
1047 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1048 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1049 !ExpectCache(ctx.get(), expected)) {
1050 return false;
1051 }
1052
1053 // Although collisions should be impossible (256-bit session IDs), the cache
1054 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1055 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1056 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1057 return false;
1058 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1059 expected = {
1060 collision.get(),
1061 sessions[9].get(),
1062 sessions[8].get(),
1063 sessions[6].get(),
1064 sessions[5].get(),
1065 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1066 if (!ExpectCache(ctx.get(), expected)) {
1067 return false;
1068 }
1069
1070 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1071 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1072 return false;
1073 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1074 expected = {
1075 collision.get(),
1076 sessions[9].get(),
1077 sessions[8].get(),
1078 sessions[5].get(),
1079 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1080 if (!ExpectCache(ctx.get(), expected)) {
1081 return false;
1082 }
1083
1084 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1085 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1086 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1087 !ExpectCache(ctx.get(), expected)) {
1088 return false;
1089 }
1090
1091 return true;
1092}
1093
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1094static uint16_t EpochFromSequence(uint64_t seq) {
1095 return static_cast<uint16_t>(seq >> 48);
1096}
1097
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1098static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1099 static const char kCertPEM[] =
1100 "-----BEGIN CERTIFICATE-----\n"
1101 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1102 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1103 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1104 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1105 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1106 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1107 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1108 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1109 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1110 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1111 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1112 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1113 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1114 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1115 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1116 return bssl::UniquePtr<X509>(
1117 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1118}
1119
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1120static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1121 static const char kKeyPEM[] =
1122 "-----BEGIN RSA PRIVATE KEY-----\n"
1123 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1124 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1125 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1126 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1127 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1128 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1129 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1130 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1131 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1132 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1133 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1134 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1135 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1136 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1137 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1138 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1139 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1140}
1141
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1142static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1143 static const char kCertPEM[] =
1144 "-----BEGIN CERTIFICATE-----\n"
1145 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1146 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1147 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1148 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1149 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1150 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1151 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1152 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1153 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1154 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1155 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1156 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1157 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1158}
1159
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1160static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1161 static const char kKeyPEM[] =
1162 "-----BEGIN PRIVATE KEY-----\n"
1163 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1164 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1165 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1166 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1167 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1168 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1169 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1170}
1171
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1172static bssl::UniquePtr<X509> GetChainTestCertificate() {
1173 static const char kCertPEM[] =
1174 "-----BEGIN CERTIFICATE-----\n"
1175 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1176 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1177 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1178 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1179 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1180 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1181 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1182 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1183 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1184 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1185 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1186 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1187 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1188 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1189 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1190 "1ngWZ7Ih\n"
1191 "-----END CERTIFICATE-----\n";
1192 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1193 return bssl::UniquePtr<X509>(
1194 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1195}
1196
1197static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1198 static const char kCertPEM[] =
1199 "-----BEGIN CERTIFICATE-----\n"
1200 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1201 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1202 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1203 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1204 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1205 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1206 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1207 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1208 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1209 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1210 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1211 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1212 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1213 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1214 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1215 "-----END CERTIFICATE-----\n";
1216 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1217 return bssl::UniquePtr<X509>(
1218 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1219}
1220
1221static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1222 static const char kKeyPEM[] =
1223 "-----BEGIN PRIVATE KEY-----\n"
1224 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1225 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1226 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1227 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1228 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1229 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1230 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1231 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1232 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1233 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1234 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1235 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1236 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1237 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1238 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1239 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1240 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1241 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1242 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1243 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1244 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1245 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1246 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1247 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1248 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1249 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1250 "-----END PRIVATE KEY-----\n";
1251 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1252 return bssl::UniquePtr<EVP_PKEY>(
1253 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1254}
1255
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1256static bool CompleteHandshakes(SSL *client, SSL *server) {
1257 // Drive both their handshakes to completion.
1258 for (;;) {
1259 int client_ret = SSL_do_handshake(client);
1260 int client_err = SSL_get_error(client, client_ret);
1261 if (client_err != SSL_ERROR_NONE &&
1262 client_err != SSL_ERROR_WANT_READ &&
1263 client_err != SSL_ERROR_WANT_WRITE) {
1264 fprintf(stderr, "Client error: %d\n", client_err);
1265 return false;
1266 }
1267
1268 int server_ret = SSL_do_handshake(server);
1269 int server_err = SSL_get_error(server, server_ret);
1270 if (server_err != SSL_ERROR_NONE &&
1271 server_err != SSL_ERROR_WANT_READ &&
1272 server_err != SSL_ERROR_WANT_WRITE) {
1273 fprintf(stderr, "Server error: %d\n", server_err);
1274 return false;
1275 }
1276
1277 if (client_ret == 1 && server_ret == 1) {
1278 break;
1279 }
1280 }
1281
1282 return true;
1283}
1284
1285static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1286 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1287 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1288 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1289 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1290 if (!client || !server) {
1291 return false;
1292 }
1293 SSL_set_connect_state(client.get());
1294 SSL_set_accept_state(server.get());
1295
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1296 SSL_set_session(client.get(), session);
1297
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1298 BIO *bio1, *bio2;
1299 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1300 return false;
1301 }
1302 // SSL_set_bio takes ownership.
1303 SSL_set_bio(client.get(), bio1, bio1);
1304 SSL_set_bio(server.get(), bio2, bio2);
1305
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1306 if (!CompleteHandshakes(client.get(), server.get())) {
1307 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1308 }
1309
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1310 *out_client = std::move(client);
1311 *out_server = std::move(server);
1312 return true;
1313}
1314
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1315static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1316 uint16_t version) {
1317 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1318 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1319 if (!server_ctx || !client_ctx ||
1320 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1321 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1322 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1323 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1324 return false;
1325 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1326
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1327 bssl::UniquePtr<X509> cert = GetTestCertificate();
1328 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1329 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1330 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1331 return false;
1332 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1333
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1334 bssl::UniquePtr<SSL> client, server;
1335 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1336 server_ctx.get(), nullptr /* no session */)) {
1337 return false;
1338 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1339
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1340 // Drain any post-handshake messages to ensure there are no unread records
1341 // on either end.
1342 uint8_t byte = 0;
1343 if (SSL_read(client.get(), &byte, 1) > 0 ||
1344 SSL_read(server.get(), &byte, 1) > 0) {
1345 fprintf(stderr, "Received unexpected data.\n");
1346 return false;
1347 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1348
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1349 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1350 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1351 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1352 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1353
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1354 if (is_dtls) {
1355 // Both client and server must be at epoch 1.
1356 if (EpochFromSequence(client_read_seq) != 1 ||
1357 EpochFromSequence(client_write_seq) != 1 ||
1358 EpochFromSequence(server_read_seq) != 1 ||
1359 EpochFromSequence(server_write_seq) != 1) {
1360 fprintf(stderr, "Bad epochs.\n");
1361 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1362 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1363
1364 // The next record to be written should exceed the largest received.
1365 if (client_write_seq <= server_read_seq ||
1366 server_write_seq <= client_read_seq) {
1367 fprintf(stderr, "Inconsistent sequence numbers.\n");
1368 return false;
1369 }
1370 } else {
1371 // The next record to be written should equal the next to be received.
1372 if (client_write_seq != server_read_seq ||
1373 server_write_seq != client_read_seq) {
1374 fprintf(stderr, "Inconsistent sequence numbers.\n");
1375 return false;
1376 }
1377 }
1378
1379 // Send a record from client to server.
1380 if (SSL_write(client.get(), &byte, 1) != 1 ||
1381 SSL_read(server.get(), &byte, 1) != 1) {
1382 fprintf(stderr, "Could not send byte.\n");
1383 return false;
1384 }
1385
1386 // The client write and server read sequence numbers should have
1387 // incremented.
1388 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1389 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1390 fprintf(stderr, "Sequence numbers did not increment.\n");
1391 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1392 }
1393
1394 return true;
1395}
1396
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1397static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1398 uint16_t version) {
1399 // SSL_shutdown is a no-op in DTLS.
1400 if (is_dtls) {
1401 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1402 }
1403
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1404 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1405 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1406 bssl::UniquePtr<X509> cert = GetTestCertificate();
1407 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1408 if (!client_ctx || !server_ctx || !cert || !key ||
1409 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1410 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1411 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1412 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1413 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1414 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1415 return false;
1416 }
1417
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1418 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1419 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1420 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1421 return false;
1422 }
1423
1424 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1425 // one side has shut down.
1426 if (SSL_shutdown(client.get()) != 0) {
1427 fprintf(stderr, "Could not shutdown.\n");
1428 return false;
1429 }
1430
1431 // Reading from the server should consume the EOF.
1432 uint8_t byte;
1433 if (SSL_read(server.get(), &byte, 1) != 0 ||
1434 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1435 fprintf(stderr, "Connection was not shut down cleanly.\n");
1436 return false;
1437 }
1438
1439 // However, the server may continue to write data and then shut down the
1440 // connection.
1441 byte = 42;
1442 if (SSL_write(server.get(), &byte, 1) != 1 ||
1443 SSL_read(client.get(), &byte, 1) != 1 ||
1444 byte != 42) {
1445 fprintf(stderr, "Could not send byte.\n");
1446 return false;
1447 }
1448
1449 // The server may then shutdown the connection.
1450 if (SSL_shutdown(server.get()) != 1 ||
1451 SSL_shutdown(client.get()) != 1) {
1452 fprintf(stderr, "Could not complete shutdown.\n");
1453 return false;
1454 }
1455
1456 return true;
1457}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1458
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1459static bool TestSessionDuplication() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1460 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1461 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1462 if (!client_ctx || !server_ctx) {
1463 return false;
1464 }
1465
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1466 bssl::UniquePtr<X509> cert = GetTestCertificate();
1467 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1468 if (!cert || !key ||
1469 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1470 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1471 return false;
1472 }
1473
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1474 bssl::UniquePtr<SSL> client, server;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1475 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1476 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1477 return false;
1478 }
1479
1480 SSL_SESSION *session0 = SSL_get_session(client.get());
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1481 bssl::UniquePtr<SSL_SESSION> session1(SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1482 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1483 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1484 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1485
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1486 session1->not_resumable = 0;
1487
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1488 uint8_t *s0_bytes, *s1_bytes;
1489 size_t s0_len, s1_len;
1490
1491 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1492 return false;
1493 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1494 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1495
1496 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1497 return false;
1498 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1499 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1500
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1501 return s0_len == s1_len && OPENSSL_memcmp(s0_bytes, s1_bytes, s0_len) == 0;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1502}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1503
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1504static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1505 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1506 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1507 SSL_get_wfd(ssl), rfd, wfd);
1508 return false;
1509 }
1510
1511 // The wrapper BIOs are always equal when fds are equal, even if set
1512 // individually.
1513 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1514 fprintf(stderr, "rbio and wbio did not match.\n");
1515 return false;
1516 }
1517
1518 return true;
1519}
1520
1521static bool TestSetFD() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1522 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1523 if (!ctx) {
1524 return false;
1525 }
1526
1527 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1528 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1529 if (!ssl ||
1530 !SSL_set_rfd(ssl.get(), 1) ||
1531 !SSL_set_wfd(ssl.get(), 2) ||
1532 !ExpectFDs(ssl.get(), 1, 2)) {
1533 return false;
1534 }
1535
1536 // Test setting the same FD.
1537 ssl.reset(SSL_new(ctx.get()));
1538 if (!ssl ||
1539 !SSL_set_fd(ssl.get(), 1) ||
1540 !ExpectFDs(ssl.get(), 1, 1)) {
1541 return false;
1542 }
1543
1544 // Test setting the same FD one side at a time.
1545 ssl.reset(SSL_new(ctx.get()));
1546 if (!ssl ||
1547 !SSL_set_rfd(ssl.get(), 1) ||
1548 !SSL_set_wfd(ssl.get(), 1) ||
1549 !ExpectFDs(ssl.get(), 1, 1)) {
1550 return false;
1551 }
1552
1553 // Test setting the same FD in the other order.
1554 ssl.reset(SSL_new(ctx.get()));
1555 if (!ssl ||
1556 !SSL_set_wfd(ssl.get(), 1) ||
1557 !SSL_set_rfd(ssl.get(), 1) ||
1558 !ExpectFDs(ssl.get(), 1, 1)) {
1559 return false;
1560 }
1561
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1562 // Test changing the read FD partway through.
1563 ssl.reset(SSL_new(ctx.get()));
1564 if (!ssl ||
1565 !SSL_set_fd(ssl.get(), 1) ||
1566 !SSL_set_rfd(ssl.get(), 2) ||
1567 !ExpectFDs(ssl.get(), 2, 1)) {
1568 return false;
1569 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1570
1571 // Test changing the write FD partway through.
1572 ssl.reset(SSL_new(ctx.get()));
1573 if (!ssl ||
1574 !SSL_set_fd(ssl.get(), 1) ||
1575 !SSL_set_wfd(ssl.get(), 2) ||
1576 !ExpectFDs(ssl.get(), 1, 2)) {
1577 return false;
1578 }
1579
1580 // Test a no-op change to the read FD partway through.
1581 ssl.reset(SSL_new(ctx.get()));
1582 if (!ssl ||
1583 !SSL_set_fd(ssl.get(), 1) ||
1584 !SSL_set_rfd(ssl.get(), 1) ||
1585 !ExpectFDs(ssl.get(), 1, 1)) {
1586 return false;
1587 }
1588
1589 // Test a no-op change to the write FD partway through.
1590 ssl.reset(SSL_new(ctx.get()));
1591 if (!ssl ||
1592 !SSL_set_fd(ssl.get(), 1) ||
1593 !SSL_set_wfd(ssl.get(), 1) ||
1594 !ExpectFDs(ssl.get(), 1, 1)) {
1595 return false;
1596 }
1597
1598 // ASan builds will implicitly test that the internal |BIO| reference-counting
1599 // is correct.
1600
1601 return true;
1602}
1603
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1604static bool TestSetBIO() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1605 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1606 if (!ctx) {
1607 return false;
1608 }
1609
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1610 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1611 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1612 bio3(BIO_new(BIO_s_mem()));
1613 if (!ssl || !bio1 || !bio2 || !bio3) {
1614 return false;
1615 }
1616
1617 // SSL_set_bio takes one reference when the parameters are the same.
1618 BIO_up_ref(bio1.get());
1619 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1620
1621 // Repeating the call does nothing.
1622 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1623
1624 // It takes one reference each when the parameters are different.
1625 BIO_up_ref(bio2.get());
1626 BIO_up_ref(bio3.get());
1627 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1628
1629 // Repeating the call does nothing.
1630 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1631
1632 // It takes one reference when changing only wbio.
1633 BIO_up_ref(bio1.get());
1634 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1635
1636 // It takes one reference when changing only rbio and the two are different.
1637 BIO_up_ref(bio3.get());
1638 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1639
1640 // If setting wbio to rbio, it takes no additional references.
1641 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1642
1643 // From there, wbio may be switched to something else.
1644 BIO_up_ref(bio1.get());
1645 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1646
1647 // If setting rbio to wbio, it takes no additional references.
1648 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1649
1650 // From there, rbio may be switched to something else, but, for historical
1651 // reasons, it takes a reference to both parameters.
1652 BIO_up_ref(bio1.get());
1653 BIO_up_ref(bio2.get());
1654 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1655
1656 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1657 // is correct.
1658 return true;
1659}
1660
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1661static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1662
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1663static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1664 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1665 bssl::UniquePtr<X509> cert = GetTestCertificate();
1666 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1667 if (!cert || !key) {
1668 return false;
1669 }
1670
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1671 // Configure both client and server to accept any certificate.
1672 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1673 if (!ctx ||
1674 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1675 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1676 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1677 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1678 return false;
1679 }
1680 SSL_CTX_set_verify(
1681 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1682 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1683
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1684 bssl::UniquePtr<SSL> client, server;
1685 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1686 nullptr /* no session */)) {
1687 return false;
1688 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1689
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1690 // Client and server should both see the leaf certificate.
1691 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1692 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1693 fprintf(stderr, "Server peer certificate did not match.\n");
1694 return false;
1695 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1696
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1697 peer.reset(SSL_get_peer_certificate(client.get()));
1698 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1699 fprintf(stderr, "Client peer certificate did not match.\n");
1700 return false;
1701 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1702
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1703 // However, for historical reasons, the chain includes the leaf on the
1704 // client, but does not on the server.
1705 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1706 fprintf(stderr, "Client peer chain was incorrect.\n");
1707 return false;
1708 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1709
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1710 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1711 fprintf(stderr, "Server peer chain was incorrect.\n");
1712 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1713 }
1714
1715 return true;
1716}
1717
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1718static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1719 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1720 bssl::UniquePtr<X509> cert = GetTestCertificate();
1721 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1722 if (!cert || !key) {
1723 return false;
1724 }
1725
1726 uint8_t *cert_der = NULL;
1727 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1728 if (cert_der_len < 0) {
1729 return false;
1730 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1731 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1732
1733 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1734 SHA256(cert_der, cert_der_len, cert_sha256);
1735
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1736 // Configure both client and server to accept any certificate, but the
1737 // server must retain only the SHA-256 of the peer.
1738 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1739 if (!ctx ||
1740 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1741 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1742 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1743 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1744 return false;
1745 }
1746 SSL_CTX_set_verify(
1747 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1748 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1749 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1750
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1751 bssl::UniquePtr<SSL> client, server;
1752 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1753 nullptr /* no session */)) {
1754 return false;
1755 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1756
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1757 // The peer certificate has been dropped.
1758 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1759 if (peer) {
1760 fprintf(stderr, "Peer certificate was retained.\n");
1761 return false;
1762 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1763
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1764 SSL_SESSION *session = SSL_get_session(server.get());
1765 if (!session->peer_sha256_valid) {
1766 fprintf(stderr, "peer_sha256_valid was not set.\n");
1767 return false;
1768 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1769
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1770 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1771 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1772 fprintf(stderr, "peer_sha256 did not match.\n");
1773 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1774 }
1775
1776 return true;
1777}
1778
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1779static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1780 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1781 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1782 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1783 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1784 // Our default cipher list varies by CPU capabilities, so manually place
1785 // the ChaCha20 ciphers in front.
1786 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1787 return false;
1788 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1789
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1790 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1791 if (!ssl) {
1792 return false;
1793 }
1794 std::vector<uint8_t> client_hello;
1795 if (!GetClientHello(ssl.get(), &client_hello)) {
1796 return false;
1797 }
1798
1799 // Zero the client_random.
1800 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1801 1 + 3 + // handshake message header
1802 2; // client_version
1803 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1804 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1805 return false;
1806 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1807 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1808
1809 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1810 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1811 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1812 fprintf(stderr, "Got:\n\t");
1813 for (size_t i = 0; i < client_hello.size(); i++) {
1814 fprintf(stderr, "0x%02x, ", client_hello[i]);
1815 }
1816 fprintf(stderr, "\nWanted:\n\t");
1817 for (size_t i = 0; i < expected_len; i++) {
1818 fprintf(stderr, "0x%02x, ", expected[i]);
1819 }
1820 fprintf(stderr, "\n");
1821 return false;
1822 }
1823
1824 return true;
1825}
1826
1827// Tests that our ClientHellos do not change unexpectedly.
1828static bool TestClientHello() {
1829 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1830 0x16,
1831 0x03, 0x00,
1832 0x00, 0x3f,
1833 0x01,
1834 0x00, 0x00, 0x3b,
1835 0x03, 0x00,
1836 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1837 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1838 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1839 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1840 0x00,
1841 0x00, 0x14,
1842 0xc0, 0x09,
1843 0xc0, 0x13,
1844 0x00, 0x33,
1845 0xc0, 0x0a,
1846 0xc0, 0x14,
1847 0x00, 0x39,
1848 0x00, 0x2f,
1849 0x00, 0x35,
1850 0x00, 0x0a,
1851 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1852 };
1853 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1854 sizeof(kSSL3ClientHello))) {
1855 return false;
1856 }
1857
1858 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1859 0x16,
1860 0x03, 0x01,
1861 0x00, 0x5e,
1862 0x01,
1863 0x00, 0x00, 0x5a,
1864 0x03, 0x01,
1865 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1866 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1867 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1868 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1869 0x00,
1870 0x00, 0x12,
1871 0xc0, 0x09,
1872 0xc0, 0x13,
1873 0x00, 0x33,
1874 0xc0, 0x0a,
1875 0xc0, 0x14,
1876 0x00, 0x39,
1877 0x00, 0x2f,
1878 0x00, 0x35,
1879 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1880 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1881 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1882 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1883 };
1884 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1885 sizeof(kTLS1ClientHello))) {
1886 return false;
1887 }
1888
1889 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1890 0x16,
1891 0x03, 0x01,
1892 0x00, 0x5e,
1893 0x01,
1894 0x00, 0x00, 0x5a,
1895 0x03, 0x02,
1896 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1897 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1898 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1899 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1900 0x00,
1901 0x00, 0x12,
1902 0xc0, 0x09,
1903 0xc0, 0x13,
1904 0x00, 0x33,
1905 0xc0, 0x0a,
1906 0xc0, 0x14,
1907 0x00, 0x39,
1908 0x00, 0x2f,
1909 0x00, 0x35,
1910 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1911 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1912 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1913 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1914 };
1915 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1916 sizeof(kTLS11ClientHello))) {
1917 return false;
1918 }
1919
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1920 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1921 // builds.
1922#if defined(BORINGSSL_ANDROID_SYSTEM)
1923 return true;
1924#endif
1925
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1926 static const uint8_t kTLS12ClientHello[] = {
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1927 0x16, 0x03, 0x01, 0x00, 0x9a, 0x01, 0x00, 0x00, 0x96, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1928 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1929 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1930 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0xcc, 0xa9,
1931 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x2c, 0xc0, 0x30,
1932 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0x00, 0x33,
1933 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x28, 0x00, 0x39,
1934 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
1935 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
1936 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1937 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
1938 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
1939 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
1940 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1941 };
1942 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1943 sizeof(kTLS12ClientHello))) {
1944 return false;
1945 }
1946
1947 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1948 // implementation has settled enough that it won't change.
1949
1950 return true;
1951}
1952
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1953static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1954
1955static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1956 // Save the most recent session.
1957 g_last_session.reset(session);
1958 return 1;
1959}
1960
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1961static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1962 SSL_CTX *server_ctx) {
1963 g_last_session = nullptr;
1964 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1965
1966 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1967 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1968 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1969 nullptr /* no session */)) {
1970 fprintf(stderr, "Failed to connect client and server.\n");
1971 return nullptr;
1972 }
1973
1974 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1975 SSL_read(client.get(), nullptr, 0);
1976
1977 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1978
1979 if (!g_last_session) {
1980 fprintf(stderr, "Client did not receive a session.\n");
1981 return nullptr;
1982 }
1983 return std::move(g_last_session);
1984}
1985
1986static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1987 SSL_SESSION *session,
1988 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1989 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1990 if (!ConnectClientAndServer(&client, &server, client_ctx,
1991 server_ctx, session)) {
1992 fprintf(stderr, "Failed to connect client and server.\n");
1993 return false;
1994 }
1995
1996 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1997 fprintf(stderr, "Client and server were inconsistent.\n");
1998 return false;
1999 }
2000
2001 bool was_reused = !!SSL_session_reused(client.get());
2002 if (was_reused != reused) {
2003 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
2004 was_reused ? "" : " not");
2005 return false;
2006 }
2007
2008 return true;
2009}
2010
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2011static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2012 SSL_CTX *server_ctx,
2013 SSL_SESSION *session) {
2014 g_last_session = nullptr;
2015 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2016
2017 bssl::UniquePtr<SSL> client, server;
2018 if (!ConnectClientAndServer(&client, &server, client_ctx,
2019 server_ctx, session)) {
2020 fprintf(stderr, "Failed to connect client and server.\n");
2021 return nullptr;
2022 }
2023
2024 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2025 fprintf(stderr, "Client and server were inconsistent.\n");
2026 return nullptr;
2027 }
2028
2029 if (!SSL_session_reused(client.get())) {
2030 fprintf(stderr, "Session was not reused.\n");
2031 return nullptr;
2032 }
2033
2034 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2035 SSL_read(client.get(), nullptr, 0);
2036
2037 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2038
2039 if (!g_last_session) {
2040 fprintf(stderr, "Client did not receive a renewed session.\n");
2041 return nullptr;
2042 }
2043 return std::move(g_last_session);
2044}
2045
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2046static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2047 static const uint8_t kContext[] = {3};
2048
2049 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2050 return SSL_TLSEXT_ERR_ALERT_FATAL;
2051 }
2052
2053 return SSL_TLSEXT_ERR_OK;
2054}
2055
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2056static int SwitchSessionIDContextEarly(const SSL_CLIENT_HELLO *client_hello) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2057 static const uint8_t kContext[] = {3};
2058
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2059 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2060 sizeof(kContext))) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2061 return -1;
2062 }
2063
2064 return 1;
2065}
2066
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2067static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2068 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2069 bssl::UniquePtr<X509> cert = GetTestCertificate();
2070 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2071 if (!cert || !key) {
2072 return false;
2073 }
2074
2075 static const uint8_t kContext1[] = {1};
2076 static const uint8_t kContext2[] = {2};
2077
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2078 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2079 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2080 if (!server_ctx || !client_ctx ||
2081 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2082 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2083 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2084 sizeof(kContext1)) ||
2085 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2086 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2087 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2088 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2089 return false;
2090 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2091
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2092 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2093 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2094
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2095 bssl::UniquePtr<SSL_SESSION> session =
2096 CreateClientSession(client_ctx.get(), server_ctx.get());
2097 if (!session) {
2098 fprintf(stderr, "Error getting session.\n");
2099 return false;
2100 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2101
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2102 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2103 true /* expect session reused */)) {
2104 fprintf(stderr, "Error resuming session.\n");
2105 return false;
2106 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2107
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2108 // Change the session ID context.
2109 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2110 sizeof(kContext2))) {
2111 return false;
2112 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2113
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2114 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2115 false /* expect session not reused */)) {
2116 fprintf(stderr, "Error connecting with a different context.\n");
2117 return false;
2118 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2119
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2120 // Change the session ID context back and install an SNI callback to switch
2121 // it.
2122 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2123 sizeof(kContext1))) {
2124 return false;
2125 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2126
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2127 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2128 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2129
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2130 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2131 false /* expect session not reused */)) {
2132 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2133 return false;
2134 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2135
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2136 // Switch the session ID context with the early callback instead.
2137 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2138 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2139 SwitchSessionIDContextEarly);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2140
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2141 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2142 false /* expect session not reused */)) {
2143 fprintf(stderr,
2144 "Error connecting with a context switch on early callback.\n");
2145 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2146 }
2147
2148 return true;
2149}
2150
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2151static timeval g_current_time;
2152
2153static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2154 *out_clock = g_current_time;
2155}
2156
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2157static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2158 out_clock->tv_sec = 1000;
2159 out_clock->tv_usec = 0;
2160}
2161
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2162static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2163 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2164 int encrypt) {
2165 static const uint8_t kZeros[16] = {0};
2166
2167 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2168 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2169 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2170 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2171 return 0;
2172 }
2173
2174 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2175 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2176 return -1;
2177 }
2178
2179 // Returning two from the callback in decrypt mode renews the
2180 // session in TLS 1.2 and below.
2181 return encrypt ? 1 : 2;
2182}
2183
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2184static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2185 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2186 return false;
2187 }
2188
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2189 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2190 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2191 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2192
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2193#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2194 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2195 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2196#else
2197 static const uint8_t kZeros[16] = {0};
2198 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2199 bssl::ScopedEVP_CIPHER_CTX ctx;
2200 int len1, len2;
2201 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2202 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2203 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2204 return false;
2205 }
2206
2207 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2208#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2209
2210 bssl::UniquePtr<SSL_SESSION> server_session(
2211 SSL_SESSION_from_bytes(plaintext.get(), len));
2212 if (!server_session) {
2213 return false;
2214 }
2215
2216 *out = server_session->time;
2217 return true;
2218}
2219
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2220static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2221 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2222 bssl::UniquePtr<X509> cert = GetTestCertificate();
2223 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2224 if (!cert || !key) {
2225 return false;
2226 }
2227
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2228 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2229 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2230 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2231
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2232 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2233 // resumptions still perform ECDHE.
2234 const time_t timeout = version == TLS1_3_VERSION
2235 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2236 : SSL_DEFAULT_SESSION_TIMEOUT;
2237
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2238 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2239 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2240 if (!server_ctx || !client_ctx ||
2241 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2242 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2243 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2244 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2245 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2246 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2247 return false;
2248 }
2249
2250 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2251 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2252
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2253 // Both client and server must enforce session timeouts. We configure the
2254 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2255 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2256 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2257 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2258 } else {
2259 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2260 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2261 }
2262
2263 // Configure a ticket callback which renews tickets.
2264 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2265
2266 bssl::UniquePtr<SSL_SESSION> session =
2267 CreateClientSession(client_ctx.get(), server_ctx.get());
2268 if (!session) {
2269 fprintf(stderr, "Error getting session.\n");
2270 return false;
2271 }
2272
2273 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2274 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2275
2276 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2277 true /* expect session reused */)) {
2278 fprintf(stderr, "Error resuming session.\n");
2279 return false;
2280 }
2281
2282 // Advance the clock one more second.
2283 g_current_time.tv_sec++;
2284
2285 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2286 false /* expect session not reused */)) {
2287 fprintf(stderr, "Error resuming session.\n");
2288 return false;
2289 }
2290
2291 // Rewind the clock to before the session was minted.
2292 g_current_time.tv_sec = kStartTime - 1;
2293
2294 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2295 false /* expect session not reused */)) {
2296 fprintf(stderr, "Error resuming session.\n");
2297 return false;
2298 }
2299
2300 // SSL 3.0 cannot renew sessions.
2301 if (version == SSL3_VERSION) {
2302 continue;
2303 }
2304
2305 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2306 time_t new_start_time = kStartTime + timeout - 10;
2307 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2308 bssl::UniquePtr<SSL_SESSION> new_session =
2309 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2310 if (!new_session) {
2311 fprintf(stderr, "Error renewing session.\n");
2312 return false;
2313 }
2314
2315 // This new session is not the same object as before.
2316 if (session.get() == new_session.get()) {
2317 fprintf(stderr, "New and old sessions alias.\n");
2318 return false;
2319 }
2320
2321 // Check the sessions have timestamps measured from issuance.
2322 long session_time = 0;
2323 if (server_test) {
2324 if (!GetServerTicketTime(&session_time, new_session.get())) {
2325 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2326 return false;
2327 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2328 } else {
2329 session_time = new_session->time;
2330 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2331
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2332 if (session_time != g_current_time.tv_sec) {
2333 fprintf(stderr, "New session is not measured from issuance.\n");
2334 return false;
2335 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2336
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2337 if (version == TLS1_3_VERSION) {
2338 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2339 // lifetime TLS 1.3.
2340 g_current_time.tv_sec = new_start_time + timeout - 1;
2341 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2342 new_session.get(),
2343 true /* expect session reused */)) {
2344 fprintf(stderr, "Error resuming renewed session.\n");
2345 return false;
2346 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2347
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2348 // The new session expires after the new timeout.
2349 g_current_time.tv_sec = new_start_time + timeout + 1;
2350 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2351 new_session.get(),
2352 false /* expect session ot reused */)) {
2353 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2354 return false;
2355 }
2356
2357 // Renew the session until it begins just past the auth timeout.
2358 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2359 while (new_start_time < auth_end_time - 1000) {
2360 // Get as close as possible to target start time.
2361 new_start_time =
2362 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2363 g_current_time.tv_sec = new_start_time;
2364 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2365 new_session.get());
2366 if (!new_session) {
2367 fprintf(stderr, "Error renewing session.\n");
2368 return false;
2369 }
2370 }
2371
2372 // Now the session's lifetime is bound by the auth timeout.
2373 g_current_time.tv_sec = auth_end_time - 1;
2374 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2375 new_session.get(),
2376 true /* expect session reused */)) {
2377 fprintf(stderr, "Error resuming renewed session.\n");
2378 return false;
2379 }
2380
2381 g_current_time.tv_sec = auth_end_time + 1;
2382 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2383 new_session.get(),
2384 false /* expect session ot reused */)) {
2385 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2386 return false;
2387 }
2388 } else {
2389 // The new session is usable just before the old expiration.
2390 g_current_time.tv_sec = kStartTime + timeout - 1;
2391 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2392 new_session.get(),
2393 true /* expect session reused */)) {
2394 fprintf(stderr, "Error resuming renewed session.\n");
2395 return false;
2396 }
2397
2398 // Renewal does not extend the lifetime, so it is not usable beyond the
2399 // old expiration.
2400 g_current_time.tv_sec = kStartTime + timeout + 1;
2401 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2402 new_session.get(),
2403 false /* expect session not reused */)) {
2404 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2405 return false;
2406 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2407 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2408 }
2409
2410 return true;
2411}
2412
Alessandro Ghedinibf483642016-11-22 18:56:46 +0000[diff] [blame]2413static int SetSessionTimeoutCallback(SSL *ssl, void *arg) {
2414 long timeout = *(long *) arg;
2415 SSL_set_session_timeout(ssl, timeout);
2416 return 1;
2417}
2418
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2419static int SetSessionTimeoutCallbackTLS13(SSL *ssl, void *arg) {
2420 long timeout = *(long *) arg;
2421 SSL_set_session_psk_dhe_timeout(ssl, timeout);
2422 return 1;
2423}
2424
Alessandro Ghedinibf483642016-11-22 18:56:46 +0000[diff] [blame]2425static bool TestSessionTimeoutCertCallback(bool is_dtls,
2426 const SSL_METHOD *method,
2427 uint16_t version) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2428 if (version == TLS1_3_VERSION) {
2429 // |SSL_set_session_timeout| only applies to TLS 1.2 style resumption.
2430 return true;
2431 }
2432
Alessandro Ghedinibf483642016-11-22 18:56:46 +0000[diff] [blame]2433 static const int kStartTime = 1000;
2434 g_current_time.tv_sec = kStartTime;
2435
2436 bssl::UniquePtr<X509> cert = GetTestCertificate();
2437 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2438 if (!cert || !key) {
2439 return false;
2440 }
2441
2442 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2443 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2444 if (!server_ctx || !client_ctx ||
2445 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2446 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2447 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2448 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2449 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2450 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2451 return false;
2452 }
2453
2454 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2455 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2456
2457 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2458
2459 long timeout = 25;
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2460 if (version == TLS1_3_VERSION) {
2461 SSL_CTX_set_cert_cb(server_ctx.get(), SetSessionTimeoutCallbackTLS13,
2462 &timeout);
2463 } else {
2464 SSL_CTX_set_cert_cb(server_ctx.get(), SetSessionTimeoutCallback, &timeout);
2465 }
Alessandro Ghedinibf483642016-11-22 18:56:46 +0000[diff] [blame]2466
2467 bssl::UniquePtr<SSL_SESSION> session =
2468 CreateClientSession(client_ctx.get(), server_ctx.get());
2469 if (!session) {
2470 fprintf(stderr, "Error getting session.\n");
2471 return false;
2472 }
2473
2474 // Advance the clock just behind the timeout.
2475 g_current_time.tv_sec += timeout - 1;
2476
2477 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2478 true /* expect session reused */)) {
2479 fprintf(stderr, "Error resuming session.\n");
2480 return false;
2481 }
2482
2483 // Advance the clock one more second.
2484 g_current_time.tv_sec++;
2485
2486 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2487 false /* expect session not reused */)) {
2488 fprintf(stderr, "Error resuming session.\n");
2489 return false;
2490 }
2491
2492 // Set session timeout to 0 to disable resumption.
2493 timeout = 0;
2494 g_current_time.tv_sec = kStartTime;
2495
2496 bssl::UniquePtr<SSL_SESSION> not_resumable_session =
2497 CreateClientSession(client_ctx.get(), server_ctx.get());
2498 if (!not_resumable_session) {
2499 fprintf(stderr, "Error getting session.\n");
2500 return false;
2501 }
2502
2503 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2504 not_resumable_session.get(),
2505 false /* expect session not reused */)) {
2506 fprintf(stderr, "Error resuming session with timeout of 0.\n");
2507 return false;
2508 }
2509
2510 // Set both context and connection (via callback) default session timeout.
2511 // The connection one is the one that ends up being used.
2512 timeout = 25;
2513 g_current_time.tv_sec = kStartTime;
2514
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame^]2515 if (version == TLS1_3_VERSION) {
2516 SSL_CTX_set_session_psk_dhe_timeout(server_ctx.get(), timeout - 10);
2517 } else {
2518 SSL_CTX_set_timeout(server_ctx.get(), timeout - 10);
2519 }
Alessandro Ghedinibf483642016-11-22 18:56:46 +0000[diff] [blame]2520
2521 bssl::UniquePtr<SSL_SESSION> ctx_and_cb_session =
2522 CreateClientSession(client_ctx.get(), server_ctx.get());
2523 if (!ctx_and_cb_session) {
2524 fprintf(stderr, "Error getting session.\n");
2525 return false;
2526 }
2527
2528 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2529 ctx_and_cb_session.get(),
2530 true /* expect session reused */)) {
2531 fprintf(stderr, "Error resuming session with timeout of 0.\n");
2532 return false;
2533 }
2534
2535 // Advance the clock just behind the timeout.
2536 g_current_time.tv_sec += timeout - 1;
2537
2538 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2539 ctx_and_cb_session.get(),
2540 true /* expect session reused */)) {
2541 fprintf(stderr, "Error resuming session.\n");
2542 return false;
2543 }
2544
2545 // Advance the clock one more second.
2546 g_current_time.tv_sec++;
2547
2548 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2549 ctx_and_cb_session.get(),
2550 false /* expect session not reused */)) {
2551 fprintf(stderr, "Error resuming session.\n");
2552 return false;
2553 }
2554
2555 return true;
2556}
2557
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2558static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2559 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2560 SSL_set_SSL_CTX(ssl, ctx);
2561 return SSL_TLSEXT_ERR_OK;
2562}
2563
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2564static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2565 uint16_t version) {
2566 // SSL 3.0 lacks extensions.
2567 if (version == SSL3_VERSION) {
2568 return true;
2569 }
2570
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2571 bssl::UniquePtr<X509> cert = GetTestCertificate();
2572 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2573 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2574 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2575 if (!cert || !key || !cert2 || !key2) {
2576 return false;
2577 }
2578
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2579 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2580 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2581
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2582 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2583 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2584 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2585 if (!server_ctx || !server_ctx2 || !client_ctx ||
2586 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2587 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2588 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2589 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2590 // Historically signing preferences would be lost in some cases with the
2591 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2592 // this doesn't happen when |version| is TLS 1.2, configure the private
2593 // key to only sign SHA-256.
2594 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2595 1) ||
2596 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2597 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2598 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2599 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2600 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2601 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2602 return false;
2603 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2604
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2605 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2606 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2607
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2608 bssl::UniquePtr<SSL> client, server;
2609 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2610 server_ctx.get(), nullptr)) {
2611 fprintf(stderr, "Handshake failed.\n");
2612 return false;
2613 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2614
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2615 // The client should have received |cert2|.
2616 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2617 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2618 fprintf(stderr, "Incorrect certificate received.\n");
2619 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2620 }
2621
2622 return true;
2623}
2624
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2625static int SetMaxVersion(const SSL_CLIENT_HELLO *client_hello) {
2626 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2627 return -1;
2628 }
2629
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2630 return 1;
2631}
2632
2633// TestEarlyCallbackVersionSwitch tests that the early callback can swap the
2634// maximum version.
2635static bool TestEarlyCallbackVersionSwitch() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2636 bssl::UniquePtr<X509> cert = GetTestCertificate();
2637 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2638 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2639 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2640 if (!cert || !key || !server_ctx || !client_ctx ||
2641 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2642 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2643 !SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION) ||
2644 !SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)) {
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2645 return false;
2646 }
2647
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2648 SSL_CTX_set_select_certificate_cb(server_ctx.get(), SetMaxVersion);
2649
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2650 bssl::UniquePtr<SSL> client, server;
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2651 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2652 server_ctx.get(), nullptr)) {
2653 return false;
2654 }
2655
2656 if (SSL_version(client.get()) != TLS1_2_VERSION) {
2657 fprintf(stderr, "Early callback failed to switch the maximum version.\n");
2658 return false;
2659 }
2660
2661 return true;
2662}
2663
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2664static bool TestSetVersion() {
2665 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2666 if (!ctx) {
2667 return false;
2668 }
2669
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2670 if (!SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2671 !SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION) ||
2672 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2673 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2674 fprintf(stderr, "Could not set valid TLS version.\n");
2675 return false;
2676 }
2677
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2678 if (SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2679 SSL_CTX_set_max_proto_version(ctx.get(), 0x0200) ||
2680 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2681 SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2682 SSL_CTX_set_min_proto_version(ctx.get(), 0x0200) ||
2683 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2684 fprintf(stderr, "Unexpectedly set invalid TLS version.\n");
2685 return false;
2686 }
2687
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2688 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2689 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2690 fprintf(stderr, "Could not set default TLS version.\n");
2691 return false;
2692 }
2693
2694 if (ctx->min_version != SSL3_VERSION ||
2695 ctx->max_version != TLS1_2_VERSION) {
2696 fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n",
2697 ctx->min_version, ctx->max_version);
2698 return false;
2699 }
2700
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2701 ctx.reset(SSL_CTX_new(DTLS_method()));
2702 if (!ctx) {
2703 return false;
2704 }
2705
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2706 if (!SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2707 !SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION) ||
2708 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2709 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2710 fprintf(stderr, "Could not set valid DTLS version.\n");
2711 return false;
2712 }
2713
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2714 if (SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2715 SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2716 SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2717 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2718 SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2719 SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2720 SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2721 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2722 fprintf(stderr, "Unexpectedly set invalid DTLS version.\n");
2723 return false;
2724 }
2725
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2726 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2727 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2728 fprintf(stderr, "Could not set default DTLS version.\n");
2729 return false;
2730 }
2731
2732 if (ctx->min_version != TLS1_1_VERSION ||
2733 ctx->max_version != TLS1_2_VERSION) {
2734 fprintf(stderr, "Default DTLS versions were incorrect (%04x and %04x).\n",
2735 ctx->min_version, ctx->max_version);
2736 return false;
2737 }
2738
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2739 return true;
2740}
2741
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2742static const char *GetVersionName(uint16_t version) {
2743 switch (version) {
2744 case SSL3_VERSION:
2745 return "SSLv3";
2746 case TLS1_VERSION:
2747 return "TLSv1";
2748 case TLS1_1_VERSION:
2749 return "TLSv1.1";
2750 case TLS1_2_VERSION:
2751 return "TLSv1.2";
2752 case TLS1_3_VERSION:
2753 return "TLSv1.3";
2754 case DTLS1_VERSION:
2755 return "DTLSv1";
2756 case DTLS1_2_VERSION:
2757 return "DTLSv1.2";
2758 default:
2759 return "???";
2760 }
2761}
2762
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2763static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2764 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2765 bssl::UniquePtr<X509> cert = GetTestCertificate();
2766 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2767 if (!cert || !key) {
2768 return false;
2769 }
2770
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2771 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2772 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2773 bssl::UniquePtr<SSL> client, server;
2774 if (!server_ctx || !client_ctx ||
2775 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2776 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2777 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2778 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2779 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2780 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2781 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2782 server_ctx.get(), nullptr /* no session */)) {
2783 fprintf(stderr, "Failed to connect.\n");
2784 return false;
2785 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2786
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2787 if (SSL_version(client.get()) != version ||
2788 SSL_version(server.get()) != version) {
2789 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2790 SSL_version(client.get()), SSL_version(server.get()), version);
2791 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2792 }
2793
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2794 // Test the version name is reported as expected.
2795 const char *version_name = GetVersionName(version);
2796 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2797 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2798 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2799 SSL_get_version(client.get()), SSL_get_version(server.get()),
2800 version_name);
2801 return false;
2802 }
2803
2804 // Test SSL_SESSION reports the same name.
2805 const char *client_name =
2806 SSL_SESSION_get_version(SSL_get_session(client.get()));
2807 const char *server_name =
2808 SSL_SESSION_get_version(SSL_get_session(server.get()));
2809 if (strcmp(version_name, client_name) != 0 ||
2810 strcmp(version_name, server_name) != 0) {
2811 fprintf(stderr,
2812 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2813 client_name, server_name, version_name);
2814 return false;
2815 }
2816
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2817 return true;
2818}
2819
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2820// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2821// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2822static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2823 uint16_t version) {
2824 // SSL 3.0 lacks extensions.
2825 if (version == SSL3_VERSION) {
2826 return true;
2827 }
2828
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2829 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2830
2831 bssl::UniquePtr<X509> cert = GetTestCertificate();
2832 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2833 if (!cert || !key) {
2834 return false;
2835 }
2836
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2837 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2838 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2839 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2840 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2841 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2842 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2843 0) {
2844 return false;
2845 }
2846
2847 // The ALPN callback does not fail the handshake on error, so have the
2848 // callback write a boolean.
2849 std::pair<uint16_t, bool> callback_state(version, false);
2850 SSL_CTX_set_alpn_select_cb(
2851 ctx.get(),
2852 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2853 unsigned in_len, void *arg) -> int {
2854 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2855 if (SSL_get_pending_cipher(ssl) != nullptr &&
2856 SSL_version(ssl) == state->first) {
2857 state->second = true;
2858 }
2859 return SSL_TLSEXT_ERR_NOACK;
2860 },
2861 &callback_state);
2862
2863 bssl::UniquePtr<SSL> client, server;
2864 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2865 nullptr /* no session */)) {
2866 return false;
2867 }
2868
2869 if (!callback_state.second) {
2870 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2871 return false;
2872 }
2873
2874 return true;
2875}
2876
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2877static bool TestSSLClearSessionResumption(bool is_dtls,
2878 const SSL_METHOD *method,
2879 uint16_t version) {
2880 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2881 // API pattern.
2882 if (version == TLS1_3_VERSION) {
2883 return true;
2884 }
2885
2886 bssl::UniquePtr<X509> cert = GetTestCertificate();
2887 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2888 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2889 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2890 if (!cert || !key || !server_ctx || !client_ctx ||
2891 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2892 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2893 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2894 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2895 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2896 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2897 return false;
2898 }
2899
2900 // Connect a client and a server.
2901 bssl::UniquePtr<SSL> client, server;
2902 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2903 server_ctx.get(), nullptr /* no session */)) {
2904 return false;
2905 }
2906
2907 if (SSL_session_reused(client.get()) ||
2908 SSL_session_reused(server.get())) {
2909 fprintf(stderr, "Session unexpectedly reused.\n");
2910 return false;
2911 }
2912
2913 // Reset everything.
2914 if (!SSL_clear(client.get()) ||
2915 !SSL_clear(server.get())) {
2916 fprintf(stderr, "SSL_clear failed.\n");
2917 return false;
2918 }
2919
2920 // Attempt to connect a second time.
2921 if (!CompleteHandshakes(client.get(), server.get())) {
2922 fprintf(stderr, "Could not reuse SSL objects.\n");
2923 return false;
2924 }
2925
2926 // |SSL_clear| should implicitly offer the previous session to the server.
2927 if (!SSL_session_reused(client.get()) ||
2928 !SSL_session_reused(server.get())) {
2929 fprintf(stderr, "Session was not reused in second try.\n");
2930 return false;
2931 }
2932
2933 return true;
2934}
2935
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2936static bool ChainsEqual(STACK_OF(X509) *chain,
2937 const std::vector<X509 *> &expected) {
2938 if (sk_X509_num(chain) != expected.size()) {
2939 return false;
2940 }
2941
2942 for (size_t i = 0; i < expected.size(); i++) {
2943 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2944 return false;
2945 }
2946 }
2947
2948 return true;
2949}
2950
2951static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2952 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2953 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2954 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2955 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2956 if (!cert || !intermediate || !key) {
2957 return false;
2958 }
2959
2960 // Configure both client and server to accept any certificate. Add
2961 // |intermediate| to the cert store.
2962 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2963 if (!ctx ||
2964 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2965 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2966 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2967 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2968 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2969 intermediate.get())) {
2970 return false;
2971 }
2972 SSL_CTX_set_verify(
2973 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2974 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2975
2976 // By default, the client and server should each only send the leaf.
2977 bssl::UniquePtr<SSL> client, server;
2978 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2979 nullptr /* no session */)) {
2980 return false;
2981 }
2982
2983 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2984 fprintf(stderr, "Client-received chain did not match.\n");
2985 return false;
2986 }
2987
2988 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2989 fprintf(stderr, "Server-received chain did not match.\n");
2990 return false;
2991 }
2992
2993 // If auto-chaining is enabled, then the intermediate is sent.
2994 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2995 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2996 nullptr /* no session */)) {
2997 return false;
2998 }
2999
3000 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
3001 {cert.get(), intermediate.get()})) {
3002 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
3003 return false;
3004 }
3005
3006 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
3007 {cert.get(), intermediate.get()})) {
3008 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
3009 return false;
3010 }
3011
3012 // Auto-chaining does not override explicitly-configured intermediates.
3013 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
3014 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3015 nullptr /* no session */)) {
3016 return false;
3017 }
3018
3019 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
3020 {cert.get(), cert.get()})) {
3021 fprintf(stderr,
3022 "Client-received chain did not match (auto-chaining, explicit "
3023 "intermediate).\n");
3024 return false;
3025 }
3026
3027 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
3028 {cert.get(), cert.get()})) {
3029 fprintf(stderr,
3030 "Server-received chain did not match (auto-chaining, explicit "
3031 "intermediate).\n");
3032 return false;
3033 }
3034
3035 return true;
3036}
3037
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3038static bool ExpectBadWriteRetry() {
3039 int err = ERR_get_error();
3040 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
3041 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
3042 char buf[ERR_ERROR_STRING_BUF_LEN];
3043 ERR_error_string_n(err, buf, sizeof(buf));
3044 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
3045 return false;
3046 }
3047
3048 if (ERR_peek_error() != 0) {
3049 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
3050 return false;
3051 }
3052
3053 return true;
3054}
3055
3056static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
3057 uint16_t version) {
3058 if (is_dtls) {
3059 return true;
3060 }
3061
3062 for (bool enable_partial_write : std::vector<bool>{false, true}) {
3063 // Connect a client and server.
3064 bssl::UniquePtr<X509> cert = GetTestCertificate();
3065 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3066 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3067 bssl::UniquePtr<SSL> client, server;
3068 if (!cert || !key || !ctx ||
3069 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3070 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3071 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3072 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
3073 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3074 nullptr /* no session */)) {
3075 return false;
3076 }
3077
3078 if (enable_partial_write) {
3079 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
3080 }
3081
3082 // Write without reading until the buffer is full and we have an unfinished
3083 // write. Keep a count so we may reread it again later. "hello!" will be
3084 // written in two chunks, "hello" and "!".
3085 char data[] = "hello!";
3086 static const int kChunkLen = 5; // The length of "hello".
3087 unsigned count = 0;
3088 for (;;) {
3089 int ret = SSL_write(client.get(), data, kChunkLen);
3090 if (ret <= 0) {
3091 int err = SSL_get_error(client.get(), ret);
3092 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
3093 break;
3094 }
3095 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
3096 return false;
3097 }
3098
3099 if (ret != 5) {
3100 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
3101 return false;
3102 }
3103
3104 count++;
3105 }
3106
3107 // Retrying with the same parameters is legal.
3108 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
3109 SSL_ERROR_WANT_WRITE) {
3110 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3111 return false;
3112 }
3113
3114 // Retrying with the same buffer but shorter length is not legal.
3115 if (SSL_get_error(client.get(),
3116 SSL_write(client.get(), data, kChunkLen - 1)) !=
3117 SSL_ERROR_SSL ||
3118 !ExpectBadWriteRetry()) {
3119 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3120 return false;
3121 }
3122
3123 // Retrying with a different buffer pointer is not legal.
3124 char data2[] = "hello";
3125 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
3126 kChunkLen)) != SSL_ERROR_SSL ||
3127 !ExpectBadWriteRetry()) {
3128 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3129 return false;
3130 }
3131
3132 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
3133 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
3134 if (SSL_get_error(client.get(),
3135 SSL_write(client.get(), data2, kChunkLen)) !=
3136 SSL_ERROR_WANT_WRITE) {
3137 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3138 return false;
3139 }
3140
3141 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
3142 if (SSL_get_error(client.get(),
3143 SSL_write(client.get(), data2, kChunkLen - 1)) !=
3144 SSL_ERROR_SSL ||
3145 !ExpectBadWriteRetry()) {
3146 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3147 return false;
3148 }
3149
3150 // Retrying with a larger buffer is legal.
3151 if (SSL_get_error(client.get(),
3152 SSL_write(client.get(), data, kChunkLen + 1)) !=
3153 SSL_ERROR_WANT_WRITE) {
3154 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3155 return false;
3156 }
3157
3158 // Drain the buffer.
3159 char buf[20];
3160 for (unsigned i = 0; i < count; i++) {
3161 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3162 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
3163 fprintf(stderr, "Failed to read initial records.\n");
3164 return false;
3165 }
3166 }
3167
3168 // Now that there is space, a retry with a larger buffer should flush the
3169 // pending record, skip over that many bytes of input (on assumption they
3170 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
3171 // is set, this will complete in two steps.
3172 char data3[] = "_____!";
3173 if (enable_partial_write) {
3174 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
3175 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
3176 fprintf(stderr, "SSL_write retry failed.\n");
3177 return false;
3178 }
3179 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3180 fprintf(stderr, "SSL_write retry failed.\n");
3181 return false;
3182 }
3183
3184 // Check the last write was correct. The data will be spread over two
3185 // records, so SSL_read returns twice.
3186 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3187 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3188 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3189 buf[0] != '!') {
3190 fprintf(stderr, "Failed to read write retry.\n");
3191 return false;
3192 }
3193 }
3194
3195 return true;
3196}
3197
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3198static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3199 const SSL_METHOD *method,
3200 uint16_t version)) {
3201 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]3202 SSL3_VERSION,
3203 TLS1_VERSION,
3204 TLS1_1_VERSION,
3205 TLS1_2_VERSION,
3206// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3207#if !defined(BORINGSSL_ANDROID_SYSTEM)
3208 TLS1_3_VERSION,
3209#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3210 };
3211
3212 static uint16_t kDTLSVersions[] = {
3213 DTLS1_VERSION, DTLS1_2_VERSION,
3214 };
3215
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3216 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3217 if (!test_func(false, TLS_method(), version)) {
3218 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3219 return false;
3220 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3221 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3222
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3223 for (uint16_t version : kDTLSVersions) {
3224 if (!test_func(true, DTLS_method(), version)) {
3225 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3226 return false;
3227 }
3228 }
3229
3230 return true;
3231}
3232
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3233TEST(SSLTest, AddChainCertHack) {
3234 // Ensure that we don't accidently break the hack that we have in place to
3235 // keep curl and serf happy when they use an |X509| even after transfering
3236 // ownership.
3237
3238 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3239 ASSERT_TRUE(ctx);
3240 X509 *cert = GetTestCertificate().release();
3241 ASSERT_TRUE(cert);
3242 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3243
3244 // This should not trigger a use-after-free.
3245 X509_cmp(cert, cert);
3246}
3247
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3248// TODO(davidben): Convert this file to GTest properly.
3249TEST(SSLTest, AllTests) {
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3250 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]3251 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3252 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
3253 !TestSSL_SESSIONEncoding(kCustomSession) ||
3254 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3255 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3256 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3257 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]3258 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3259 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
3260 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
3261 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
3262 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
3263 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
3264 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
3265 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
3266 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
3267 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3268 // Test the padding extension at TLS 1.2.
3269 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3270 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3271 // will be no PSK binder after the padding extension.
3272 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3273 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3274 // will be a PSK binder after the padding extension.
3275 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3276 !TestClientCAList() ||
3277 !TestInternalSessionCache() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3278 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3279 !ForEachVersion(TestOneSidedShutdown) ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]3280 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]3281 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]3282 !TestSetBIO() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3283 !ForEachVersion(TestGetPeerCertificate) ||
3284 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3285 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3286 !ForEachVersion(TestSessionIDContext) ||
3287 !ForEachVersion(TestSessionTimeout) ||
Alessandro Ghedinibf483642016-11-22 18:56:46 +0000[diff] [blame]3288 !ForEachVersion(TestSessionTimeoutCertCallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3289 !ForEachVersion(TestSNICallback) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]3290 !TestEarlyCallbackVersionSwitch() ||
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]3291 !TestSetVersion() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3292 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3293 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3294 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3295 !ForEachVersion(TestAutoChain) ||
3296 !ForEachVersion(TestSSLWriteRetry)) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]3297 ERR_print_errors_fp(stderr);
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3298 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3299 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3300}