Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / e2568c41cbc9d9510594ffb8a84d1a68aa1c41dd / . / ssl / ssl_test.cc
blob: 135b37d9428ebb32bbf7c70bef648406b5c11e8b [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]52namespace bssl {
53
54namespace {
55
56struct VersionParam {
57 uint16_t version;
58 enum { is_tls, is_dtls } ssl_method;
59 const char name[8];
60};
61
62static const size_t kTicketKeyLen = 48;
63
64static const VersionParam kAllVersions[] = {
65 {SSL3_VERSION, VersionParam::is_tls, "SSL3"},
66 {TLS1_VERSION, VersionParam::is_tls, "TLS1"},
67 {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"},
68 {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"},
69// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
70#if !defined(BORINGSSL_ANDROID_SYSTEM)
71 {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"},
72#endif
73 {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"},
74 {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"},
75};
76
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]77struct ExpectedCipher {
78 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]79 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]80};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]81
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]82struct CipherTest {
83 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]84 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]85 // The list of expected ciphers, in order.
86 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]87 // True if this cipher list should fail in strict mode.
88 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]89};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]90
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]91struct CurveTest {
92 // The rule string to apply.
93 const char *rule;
94 // The list of expected curves, in order.
95 std::vector<uint16_t> expected;
96};
97
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]98static const CipherTest kCipherTests[] = {
99 // Selecting individual ciphers should work.
100 {
101 "ECDHE-ECDSA-CHACHA20-POLY1305:"
102 "ECDHE-RSA-CHACHA20-POLY1305:"
103 "ECDHE-ECDSA-AES128-GCM-SHA256:"
104 "ECDHE-RSA-AES128-GCM-SHA256",
105 {
106 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]107 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]108 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
109 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
110 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]111 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]112 },
113 // + reorders selected ciphers to the end, keeping their relative order.
114 {
115 "ECDHE-ECDSA-CHACHA20-POLY1305:"
116 "ECDHE-RSA-CHACHA20-POLY1305:"
117 "ECDHE-ECDSA-AES128-GCM-SHA256:"
118 "ECDHE-RSA-AES128-GCM-SHA256:"
119 "+aRSA",
120 {
121 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]122 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
123 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]124 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
125 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]126 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]127 },
128 // ! banishes ciphers from future selections.
129 {
130 "!aRSA:"
131 "ECDHE-ECDSA-CHACHA20-POLY1305:"
132 "ECDHE-RSA-CHACHA20-POLY1305:"
133 "ECDHE-ECDSA-AES128-GCM-SHA256:"
134 "ECDHE-RSA-AES128-GCM-SHA256",
135 {
136 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]137 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
138 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]139 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]140 },
141 // Multiple masks can be ANDed in a single rule.
142 {
143 "kRSA+AESGCM+AES128",
144 {
145 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
146 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]147 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]148 },
149 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]150 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]151 // ECDHE_RSA.
152 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]153 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]154 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]155 "AESGCM+AES128+aRSA",
156 {
157 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]158 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
159 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]160 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]162 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]163 {
164 "ECDHE-ECDSA-CHACHA20-POLY1305:"
165 "ECDHE-RSA-CHACHA20-POLY1305:"
166 "ECDHE-ECDSA-AES128-GCM-SHA256:"
167 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]168 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]169 {
170 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]171 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]172 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
173 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
174 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]175 true,
176 },
177 // Unknown selectors are no-ops, except in strict mode.
178 {
179 "ECDHE-ECDSA-CHACHA20-POLY1305:"
180 "ECDHE-RSA-CHACHA20-POLY1305:"
181 "ECDHE-ECDSA-AES128-GCM-SHA256:"
182 "ECDHE-RSA-AES128-GCM-SHA256:"
183 "-BOGUS2:+BOGUS3:!BOGUS4",
184 {
185 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
186 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
187 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
188 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
189 },
190 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]191 },
192 // Square brackets specify equi-preference groups.
193 {
194 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
195 "[ECDHE-RSA-CHACHA20-POLY1305]:"
196 "ECDHE-RSA-AES128-GCM-SHA256",
197 {
198 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]199 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]200 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]201 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
202 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]203 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]204 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]205 // Standard names may be used instead of OpenSSL names.
206 {
207 "[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]208 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]209 "[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
210 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
211 {
212 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
213 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
214 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
215 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
216 },
217 false,
218 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]219 // @STRENGTH performs a stable strength-sort of the selected ciphers and
220 // only the selected ciphers.
221 {
222 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]223 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]224 "!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]225 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]226 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]227 // Select ECDHE ones and sort them by strength. Ties should resolve
228 // based on the order above.
229 "kECDHE:@STRENGTH:-ALL:"
230 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
231 // by strength. Then RSA, backwards by strength.
232 "aRSA",
233 {
234 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
235 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]236 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]237 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
238 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
239 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]240 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]241 },
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]242 // Additional masks after @STRENGTH get silently discarded.
243 //
244 // TODO(davidben): Make this an error. If not silently discarded, they get
245 // interpreted as + opcodes which are very different.
246 {
247 "ECDHE-RSA-AES128-GCM-SHA256:"
248 "ECDHE-RSA-AES256-GCM-SHA384:"
249 "@STRENGTH+AES256",
250 {
251 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
252 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
253 },
254 false,
255 },
256 {
257 "ECDHE-RSA-AES128-GCM-SHA256:"
258 "ECDHE-RSA-AES256-GCM-SHA384:"
259 "@STRENGTH+AES256:"
260 "ECDHE-RSA-CHACHA20-POLY1305",
261 {
262 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
263 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
264 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
265 },
266 false,
267 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]268 // Exact ciphers may not be used in multi-part rules; they are treated
269 // as unknown aliases.
270 {
271 "ECDHE-ECDSA-AES128-GCM-SHA256:"
272 "ECDHE-RSA-AES128-GCM-SHA256:"
273 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
274 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
275 {
276 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
277 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
278 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]279 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]280 },
281 // SSLv3 matches everything that existed before TLS 1.2.
282 {
283 "AES128-SHA:AES128-SHA256:!SSLv3",
284 {
285 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
286 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]287 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]288 },
289 // TLSv1.2 matches everything added in TLS 1.2.
290 {
291 "AES128-SHA:AES128-SHA256:!TLSv1.2",
292 {
293 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
294 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]295 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]296 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]297 // The two directives have no intersection. But each component is valid, so
298 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]299 {
300 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
301 {
302 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
303 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
304 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]305 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]306 },
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]307 // Spaces, semi-colons and commas are separators.
308 {
309 "AES128-SHA: AES128-SHA256 AES256-SHA ,AES256-SHA256 ; AES128-GCM-SHA256",
310 {
311 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
312 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
313 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
314 {TLS1_CK_RSA_WITH_AES_256_SHA256, 0},
315 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
316 },
317 // …but not in strict mode.
318 true,
319 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]320};
321
322static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]323 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]324 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
325 "RSA]",
326 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]327 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]328 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]329 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]330 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]331 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]332 "",
333 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]334 // COMPLEMENTOFDEFAULT is empty.
335 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]336 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]337 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]338 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]339 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
340 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
341 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
342 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]343 // Opcode supplied, but missing selector.
344 "+",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]345 // Spaces are forbidden in equal-preference groups.
346 "[AES128-SHA | AES128-SHA256]",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]347};
348
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]349static const char *kMustNotIncludeNull[] = {
350 "ALL",
351 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]352 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]353 "FIPS",
354 "SHA",
355 "SHA1",
356 "RSA",
357 "SSLv3",
358 "TLSv1",
359 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]360};
361
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]362static const CurveTest kCurveTests[] = {
363 {
364 "P-256",
365 { SSL_CURVE_SECP256R1 },
366 },
367 {
368 "P-256:P-384:P-521:X25519",
369 {
370 SSL_CURVE_SECP256R1,
371 SSL_CURVE_SECP384R1,
372 SSL_CURVE_SECP521R1,
373 SSL_CURVE_X25519,
374 },
375 },
376};
377
378static const char *kBadCurvesLists[] = {
379 "",
380 ":",
381 "::",
382 "P-256::X25519",
383 "RSA:P-256",
384 "P-256:RSA",
385 "X25519:P-256:",
386 ":X25519:P-256",
387};
388
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]389static std::string CipherListToString(SSL_CTX *ctx) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]390 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]391 std::string ret;
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]392 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
393 for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
394 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
395 if (!in_group && SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]396 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]397 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]398 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]399 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]400 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]401 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]402 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]403 ret += SSL_CIPHER_get_name(cipher);
404 ret += "\n";
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]405 if (in_group && !SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]406 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]407 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]408 }
409 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]410 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]411}
412
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]413static bool CipherListsEqual(SSL_CTX *ctx,
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]414 const std::vector<ExpectedCipher> &expected) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]415 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
416 if (sk_SSL_CIPHER_num(ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]417 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]418 }
419
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]420 for (size_t i = 0; i < expected.size(); i++) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]421 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]422 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]423 expected[i].in_group_flag != !!SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]424 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]425 }
426 }
427
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]428 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]429}
430
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]431TEST(SSLTest, CipherRules) {
432 for (const CipherTest &t : kCipherTests) {
433 SCOPED_TRACE(t.rule);
434 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
435 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]436
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]437 // Test lax mode.
438 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]439 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]440 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]441 << CipherListToString(ctx.get());
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]442
443 // Test strict mode.
444 if (t.strict_fail) {
445 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
446 } else {
447 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]448 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]449 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]450 << CipherListToString(ctx.get());
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]451 }
452 }
453
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]454 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]455 SCOPED_TRACE(rule);
456 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
457 ASSERT_TRUE(ctx);
458
459 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]460 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]461 }
462
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]463 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]464 SCOPED_TRACE(rule);
465 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
466 ASSERT_TRUE(ctx);
467
468 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]469 for (const SSL_CIPHER *cipher : SSL_CTX_get_ciphers(ctx.get())) {
470 EXPECT_FALSE(SSL_CIPHER_is_NULL(cipher));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]471 }
472 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]473}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]474
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]475TEST(SSLTest, CurveRules) {
476 for (const CurveTest &t : kCurveTests) {
477 SCOPED_TRACE(t.rule);
478 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
479 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]480
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]481 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
482 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
483 for (size_t i = 0; i < t.expected.size(); i++) {
484 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]485 }
486 }
487
488 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]489 SCOPED_TRACE(rule);
490 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
491 ASSERT_TRUE(ctx);
492
493 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]494 ERR_clear_error();
495 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]496}
497
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]498// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]499static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]500 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]501 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
502 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
503 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
504 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
505 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
506 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
507 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
508 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
509 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
510 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
511 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
512 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
513 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
514 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
515 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
516 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
517 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
518 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
519 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
520 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
521 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
522 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
523 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
524 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
525 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
526 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
527 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
528 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
529 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]530 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]531
532// kCustomSession is a custom serialized SSL_SESSION generated by
533// filling in missing fields from |kOpenSSLSession|. This includes
534// providing |peer_sha256|, so |peer| is not serialized.
535static const char kCustomSession[] =
536 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
537 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
538 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
539 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
540 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
541 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
542 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
543 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
544
545// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
546static const char kBoringSSLSession[] =
547 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
548 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
549 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
550 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
551 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
552 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
553 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
554 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
555 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
556 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
557 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
558 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
559 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
560 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
561 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
562 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
563 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
564 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
565 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
566 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
567 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
568 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
569 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
570 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
571 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
572 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
573 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
574 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
575 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
576 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
577 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
578 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
579 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
580 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
581 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
582 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
583 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
584 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
585 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
586 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
587 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
588 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
589 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
590 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
591 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
592 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
593 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
594 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
595 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
596 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
597 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
598 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
599 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
600 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
601 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
602 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
603 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
604 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
605 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
606 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
607 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
608 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
609 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
610 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
611 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
612 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
613 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
614 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
615 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
616 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
617 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
618 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
619 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
620 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
621 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
622 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
623 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
624 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
625 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
626 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
627 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
628 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
629 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
630 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
631 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
632 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
633 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
634 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
635 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
636 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
637 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
638 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
639 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
640 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
641 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
642
643// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
644// the final (optional) element of |kCustomSession| with tag number 30.
645static const char kBadSessionExtraField[] =
646 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
647 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
648 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
649 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
650 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
651 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
652 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
653 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
654
655// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
656// the version of |kCustomSession| with 2.
657static const char kBadSessionVersion[] =
658 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
659 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
660 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
661 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
662 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
663 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
664 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
665 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
666
667// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
668// appended.
669static const char kBadSessionTrailingData[] =
670 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
671 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
672 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
673 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
674 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
675 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
676 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
677 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
678
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]679static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]680 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]681 if (!EVP_DecodedLength(&len, strlen(in))) {
682 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]683 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]684 }
685
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]686 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]687 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]688 strlen(in))) {
689 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]690 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]691 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 out->resize(len);
693 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]694}
695
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]696static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]697 const uint8_t *cptr;
698 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]700 // Decode the input.
701 std::vector<uint8_t> input;
702 if (!DecodeBase64(&input, input_b64)) {
703 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]704 }
705
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]706 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]707 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
708 if (!ssl_ctx) {
709 return false;
710 }
711 bssl::UniquePtr<SSL_SESSION> session(
712 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]713 if (!session) {
714 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]716 }
717
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 // Verify the SSL_SESSION encoding round-trips.
719 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]720 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 uint8_t *encoded_raw;
722 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]723 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]724 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]725 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]726 encoded.reset(encoded_raw);
727 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]728 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]729 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]730 hexdump(stderr, "Before: ", input.data(), input.size());
731 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]732 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]733 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]734
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]735 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]736 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]737 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]738 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]739 fprintf(stderr, "d2i_SSL_SESSION failed\n");
740 return false;
741 }
742
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]743 // Verify the SSL_SESSION encoding round-trips via the legacy API.
744 int len = i2d_SSL_SESSION(session.get(), NULL);
745 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]746 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]748 }
749
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]750 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
751 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]752 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]753 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]754 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]755
756 ptr = encoded.get();
757 len = i2d_SSL_SESSION(session.get(), &ptr);
758 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]759 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]760 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]761 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]762 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]763 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]764 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]765 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]766 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]767 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769 }
770
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]771 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]772}
773
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]774static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
775 std::vector<uint8_t> input;
776 if (!DecodeBase64(&input, input_b64)) {
777 return false;
778 }
779
780 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]781 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
782 if (!ssl_ctx) {
783 return false;
784 }
785 bssl::UniquePtr<SSL_SESSION> session(
786 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]787 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]788 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]789 return false;
790 }
791 ERR_clear_error();
792 return true;
793}
794
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]795static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
796 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]797 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]798 ASSERT_TRUE(ctx);
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]799 EXPECT_EQ(min_version, ctx->conf_min_version);
800 EXPECT_EQ(max_version, ctx->conf_max_version);
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]801}
802
803TEST(SSLTest, DefaultVersion) {
804 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
805 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
806 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
807 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
808 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
809 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
810 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
811 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]812}
813
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]814TEST(SSLTest, CipherProperties) {
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]815 static const struct {
816 int id;
817 const char *standard_name;
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]818 int cipher_nid;
819 int digest_nid;
820 int kx_nid;
821 int auth_nid;
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]822 } kTests[] = {
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]823 {
824 SSL3_CK_RSA_DES_192_CBC3_SHA,
825 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
826 NID_des_ede3_cbc,
827 NID_sha1,
828 NID_kx_rsa,
829 NID_auth_rsa,
830 },
831 {
832 TLS1_CK_RSA_WITH_AES_128_SHA,
833 "TLS_RSA_WITH_AES_128_CBC_SHA",
834 NID_aes_128_cbc,
835 NID_sha1,
836 NID_kx_rsa,
837 NID_auth_rsa,
838 },
839 {
840 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
841 "TLS_PSK_WITH_AES_256_CBC_SHA",
842 NID_aes_256_cbc,
843 NID_sha1,
844 NID_kx_psk,
845 NID_auth_psk,
846 },
847 {
848 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
849 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
850 NID_aes_128_cbc,
851 NID_sha256,
852 NID_kx_ecdhe,
853 NID_auth_rsa,
854 },
855 {
856 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
857 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
858 NID_aes_256_cbc,
859 NID_sha384,
860 NID_kx_ecdhe,
861 NID_auth_rsa,
862 },
863 {
864 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
865 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
866 NID_aes_128_gcm,
867 NID_undef,
868 NID_kx_ecdhe,
869 NID_auth_rsa,
870 },
871 {
872 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
873 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
874 NID_aes_128_gcm,
875 NID_undef,
876 NID_kx_ecdhe,
877 NID_auth_ecdsa,
878 },
879 {
880 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
881 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
882 NID_aes_256_gcm,
883 NID_undef,
884 NID_kx_ecdhe,
885 NID_auth_ecdsa,
886 },
887 {
888 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
889 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
890 NID_aes_128_cbc,
891 NID_sha1,
892 NID_kx_ecdhe,
893 NID_auth_psk,
894 },
895 {
896 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
897 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
898 NID_chacha20_poly1305,
899 NID_undef,
900 NID_kx_ecdhe,
901 NID_auth_rsa,
902 },
903 {
904 TLS1_CK_AES_256_GCM_SHA384,
905 "TLS_AES_256_GCM_SHA384",
906 NID_aes_256_gcm,
907 NID_undef,
908 NID_kx_any,
909 NID_auth_any,
910 },
911 {
912 TLS1_CK_AES_128_GCM_SHA256,
913 "TLS_AES_128_GCM_SHA256",
914 NID_aes_128_gcm,
915 NID_undef,
916 NID_kx_any,
917 NID_auth_any,
918 },
919 {
920 TLS1_CK_CHACHA20_POLY1305_SHA256,
921 "TLS_CHACHA20_POLY1305_SHA256",
922 NID_chacha20_poly1305,
923 NID_undef,
924 NID_kx_any,
925 NID_auth_any,
926 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]927 };
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]928
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]929 for (const auto &t : kTests) {
930 SCOPED_TRACE(t.standard_name);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]931
932 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
933 ASSERT_TRUE(cipher);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]934 EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));
935
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]936 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
937 ASSERT_TRUE(rfc_name);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]938 EXPECT_STREQ(t.standard_name, rfc_name.get());
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]939
940 EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher));
941 EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher));
942 EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher));
943 EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher));
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]944 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]945}
946
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]947// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
948// version and ticket length or nullptr on failure.
949static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
950 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]951 std::vector<uint8_t> der;
952 if (!DecodeBase64(&der, kOpenSSLSession)) {
953 return nullptr;
954 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]955
956 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
957 if (!ssl_ctx) {
958 return nullptr;
959 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]960 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]961 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]962 if (!session) {
963 return nullptr;
964 }
965
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]966 session->ssl_version = version;
967
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]968 // Swap out the ticket for a garbage one.
969 OPENSSL_free(session->tlsext_tick);
970 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
971 if (session->tlsext_tick == nullptr) {
972 return nullptr;
973 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]974 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]975 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]976
977 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]978#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
979 session->time = 1234;
980#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]981 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]982#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]983 return session;
984}
985
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]986static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]987 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]988 if (!bio) {
989 return false;
990 }
991 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]992 BIO_up_ref(bio.get());
993 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]994 int ret = SSL_connect(ssl);
995 if (ret > 0) {
996 // SSL_connect should fail without a BIO to write to.
997 return false;
998 }
999 ERR_clear_error();
1000
1001 const uint8_t *client_hello;
1002 size_t client_hello_len;
1003 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
1004 return false;
1005 }
1006 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
1007 return true;
1008}
1009
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1010// GetClientHelloLen creates a client SSL connection with the specified version
1011// and ticket length. It returns the length of the ClientHello, not including
1012// the record header, on success and zero on error.
1013static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
1014 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1015 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1016 bssl::UniquePtr<SSL_SESSION> session =
1017 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1018 if (!ctx || !session) {
1019 return 0;
1020 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1021
1022 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1023 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1024 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]1025 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1026 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1027 return 0;
1028 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1029
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1030 std::vector<uint8_t> client_hello;
1031 if (!GetClientHello(ssl.get(), &client_hello) ||
1032 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1033 return 0;
1034 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1035
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1036 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1037}
1038
1039struct PaddingTest {
1040 size_t input_len, padded_len;
1041};
1042
1043static const PaddingTest kPaddingTests[] = {
1044 // ClientHellos of length below 0x100 do not require padding.
1045 {0xfe, 0xfe},
1046 {0xff, 0xff},
1047 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
1048 {0x100, 0x200},
1049 {0x123, 0x200},
1050 {0x1fb, 0x200},
1051 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
1052 // padding extension takes a minimum of four bytes plus one required content
1053 // byte. (To work around yet more server bugs, we avoid empty final
1054 // extensions.)
1055 {0x1fc, 0x201},
1056 {0x1fd, 0x202},
1057 {0x1fe, 0x203},
1058 {0x1ff, 0x204},
1059 // Finally, larger ClientHellos need no padding.
1060 {0x200, 0x200},
1061 {0x201, 0x201},
1062};
1063
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1064static bool TestPaddingExtension(uint16_t max_version,
1065 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1066 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1067 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1068 if (base_len == 0) {
1069 return false;
1070 }
1071
1072 for (const PaddingTest &test : kPaddingTests) {
1073 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1074 fprintf(stderr,
1075 "Baseline ClientHello too long (max_version = %04x, "
1076 "session_version = %04x).\n",
1077 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1078 return false;
1079 }
1080
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1081 size_t padded_len = GetClientHelloLen(max_version, session_version,
1082 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1083 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1084 fprintf(stderr,
1085 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1086 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1087 static_cast<unsigned>(test.input_len),
1088 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1089 static_cast<unsigned>(test.padded_len), max_version,
1090 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1091 return false;
1092 }
1093 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1094
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1095 return true;
1096}
1097
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1098// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1099// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1100TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1101 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1102 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1103 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1104 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1105
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]1106 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1107 ASSERT_TRUE(name);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1108
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]1109 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
1110 ASSERT_TRUE(name_dup);
1111
1112 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
1113 ASSERT_TRUE(stack);
1114
1115 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
1116 name_dup.release();
1117
1118 // |SSL_set_client_CA_list| takes ownership.
1119 SSL_set_client_CA_list(ssl.get(), stack.release());
1120
1121 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1122 ASSERT_TRUE(result);
1123 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1124 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1125}
1126
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1127static void AppendSession(SSL_SESSION *session, void *arg) {
1128 std::vector<SSL_SESSION*> *out =
1129 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1130 out->push_back(session);
1131}
1132
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1133// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1134// order.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1135static bool CacheEquals(SSL_CTX *ctx,
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1136 const std::vector<SSL_SESSION*> &expected) {
1137 // Check the linked list.
1138 SSL_SESSION *ptr = ctx->session_cache_head;
1139 for (SSL_SESSION *session : expected) {
1140 if (ptr != session) {
1141 return false;
1142 }
1143 // TODO(davidben): This is an absurd way to denote the end of the list.
1144 if (ptr->next ==
1145 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1146 ptr = nullptr;
1147 } else {
1148 ptr = ptr->next;
1149 }
1150 }
1151 if (ptr != nullptr) {
1152 return false;
1153 }
1154
1155 // Check the hash table.
1156 std::vector<SSL_SESSION*> actual, expected_copy;
1157 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1158 expected_copy = expected;
1159
1160 std::sort(actual.begin(), actual.end());
1161 std::sort(expected_copy.begin(), expected_copy.end());
1162
1163 return actual == expected_copy;
1164}
1165
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1166static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]1167 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1168 if (!ssl_ctx) {
1169 return nullptr;
1170 }
1171 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1172 if (!ret) {
1173 return nullptr;
1174 }
1175
1176 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1177 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1178 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1179 return ret;
1180}
1181
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1182// Test that the internal session cache behaves as expected.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1183TEST(SSLTest, InternalSessionCache) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1184 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1185 ASSERT_TRUE(ctx);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1186
1187 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1188 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1189 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1190 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1191 ASSERT_TRUE(session);
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1192 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1193 }
1194
1195 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1196
1197 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1198 for (const auto &session : sessions) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1199 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1200 }
1201
1202 // Only the last five should be in the list.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1203 ASSERT_TRUE(CacheEquals(
1204 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1205 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1206
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1207 // Inserting an element already in the cache should fail and leave the cache
1208 // unchanged.
1209 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1210 ASSERT_TRUE(CacheEquals(
1211 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1212 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1213
1214 // Although collisions should be impossible (256-bit session IDs), the cache
1215 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1216 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1217 ASSERT_TRUE(collision);
1218 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1219 ASSERT_TRUE(CacheEquals(
1220 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1221 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1222
1223 // Removing sessions behaves correctly.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1224 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1225 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1226 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1227
1228 // Removing sessions requires an exact match.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1229 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1230 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1231
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1232 // The cache remains unchanged.
1233 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1234 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1235}
1236
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1237static uint16_t EpochFromSequence(uint64_t seq) {
1238 return static_cast<uint16_t>(seq >> 48);
1239}
1240
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1241static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1242 static const char kCertPEM[] =
1243 "-----BEGIN CERTIFICATE-----\n"
1244 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1245 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1246 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1247 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1248 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1249 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1250 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1251 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1252 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1253 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1254 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1255 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1256 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1257 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1258 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1259 return bssl::UniquePtr<X509>(
1260 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1261}
1262
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1263static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1264 static const char kKeyPEM[] =
1265 "-----BEGIN RSA PRIVATE KEY-----\n"
1266 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1267 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1268 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1269 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1270 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1271 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1272 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1273 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1274 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1275 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1276 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1277 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1278 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1279 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1280 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1281 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1282 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1283}
1284
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1285static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1286 static const char kCertPEM[] =
1287 "-----BEGIN CERTIFICATE-----\n"
1288 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1289 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1290 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1291 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1292 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1293 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1294 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1295 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1296 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1297 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1298 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1299 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1300 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1301}
1302
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1303static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1304 static const char kKeyPEM[] =
1305 "-----BEGIN PRIVATE KEY-----\n"
1306 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1307 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1308 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1309 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1310 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1311 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1312 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1313}
1314
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1315static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1316 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1317 char *name, *header;
1318 uint8_t *data;
1319 long data_len;
1320 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1321 &data_len)) {
1322 return nullptr;
1323 }
1324 OPENSSL_free(name);
1325 OPENSSL_free(header);
1326
1327 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1328 CRYPTO_BUFFER_new(data, data_len, nullptr));
1329 OPENSSL_free(data);
1330 return ret;
1331}
1332
1333static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1334 static const char kCertPEM[] =
1335 "-----BEGIN CERTIFICATE-----\n"
1336 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1337 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1338 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1339 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1340 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1341 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1342 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1343 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1344 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1345 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1346 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1347 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1348 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1349 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1350 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1351 "1ngWZ7Ih\n"
1352 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1353 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1354}
1355
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1356static bssl::UniquePtr<X509> X509FromBuffer(
1357 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1358 if (!buffer) {
1359 return nullptr;
1360 }
1361 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1362 return bssl::UniquePtr<X509>(
1363 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1364}
1365
1366static bssl::UniquePtr<X509> GetChainTestCertificate() {
1367 return X509FromBuffer(GetChainTestCertificateBuffer());
1368}
1369
1370static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1371 static const char kCertPEM[] =
1372 "-----BEGIN CERTIFICATE-----\n"
1373 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1374 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1375 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1376 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1377 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1378 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1379 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1380 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1381 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1382 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1383 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1384 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1385 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1386 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1387 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1388 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1389 return BufferFromPEM(kCertPEM);
1390}
1391
1392static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1393 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1394}
1395
1396static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1397 static const char kKeyPEM[] =
1398 "-----BEGIN PRIVATE KEY-----\n"
1399 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1400 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1401 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1402 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1403 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1404 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1405 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1406 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1407 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1408 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1409 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1410 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1411 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1412 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1413 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1414 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1415 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1416 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1417 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1418 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1419 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1420 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1421 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1422 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1423 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1424 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1425 "-----END PRIVATE KEY-----\n";
1426 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1427 return bssl::UniquePtr<EVP_PKEY>(
1428 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1429}
1430
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]1431static const uint8_t kTestName[] = {
1432 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
1433 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1434 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
1435 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
1436 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
1437 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64,
1438};
1439
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1440static bool CompleteHandshakes(SSL *client, SSL *server) {
1441 // Drive both their handshakes to completion.
1442 for (;;) {
1443 int client_ret = SSL_do_handshake(client);
1444 int client_err = SSL_get_error(client, client_ret);
1445 if (client_err != SSL_ERROR_NONE &&
1446 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1447 client_err != SSL_ERROR_WANT_WRITE &&
1448 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1449 fprintf(stderr, "Client error: %d\n", client_err);
1450 return false;
1451 }
1452
1453 int server_ret = SSL_do_handshake(server);
1454 int server_err = SSL_get_error(server, server_ret);
1455 if (server_err != SSL_ERROR_NONE &&
1456 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1457 server_err != SSL_ERROR_WANT_WRITE &&
1458 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1459 fprintf(stderr, "Server error: %d\n", server_err);
1460 return false;
1461 }
1462
1463 if (client_ret == 1 && server_ret == 1) {
1464 break;
1465 }
1466 }
1467
1468 return true;
1469}
1470
1471static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1472 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1473 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1474 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1475 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1476 if (!client || !server) {
1477 return false;
1478 }
1479 SSL_set_connect_state(client.get());
1480 SSL_set_accept_state(server.get());
1481
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1482 SSL_set_session(client.get(), session);
1483
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1484 BIO *bio1, *bio2;
1485 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1486 return false;
1487 }
1488 // SSL_set_bio takes ownership.
1489 SSL_set_bio(client.get(), bio1, bio1);
1490 SSL_set_bio(server.get(), bio2, bio2);
1491
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1492 if (!CompleteHandshakes(client.get(), server.get())) {
1493 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1494 }
1495
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1496 *out_client = std::move(client);
1497 *out_server = std::move(server);
1498 return true;
1499}
1500
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1501static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1502 uint16_t version) {
1503 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1504 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1505 if (!server_ctx || !client_ctx ||
1506 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1507 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1508 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1509 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1510 return false;
1511 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1512
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1513 bssl::UniquePtr<X509> cert = GetTestCertificate();
1514 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1515 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1516 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1517 return false;
1518 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1519
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1520 bssl::UniquePtr<SSL> client, server;
1521 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1522 server_ctx.get(), nullptr /* no session */)) {
1523 return false;
1524 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1525
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1526 // Drain any post-handshake messages to ensure there are no unread records
1527 // on either end.
1528 uint8_t byte = 0;
1529 if (SSL_read(client.get(), &byte, 1) > 0 ||
1530 SSL_read(server.get(), &byte, 1) > 0) {
1531 fprintf(stderr, "Received unexpected data.\n");
1532 return false;
1533 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1534
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1535 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1536 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1537 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1538 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1539
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1540 if (is_dtls) {
1541 // Both client and server must be at epoch 1.
1542 if (EpochFromSequence(client_read_seq) != 1 ||
1543 EpochFromSequence(client_write_seq) != 1 ||
1544 EpochFromSequence(server_read_seq) != 1 ||
1545 EpochFromSequence(server_write_seq) != 1) {
1546 fprintf(stderr, "Bad epochs.\n");
1547 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1548 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1549
1550 // The next record to be written should exceed the largest received.
1551 if (client_write_seq <= server_read_seq ||
1552 server_write_seq <= client_read_seq) {
1553 fprintf(stderr, "Inconsistent sequence numbers.\n");
1554 return false;
1555 }
1556 } else {
1557 // The next record to be written should equal the next to be received.
1558 if (client_write_seq != server_read_seq ||
1559 server_write_seq != client_read_seq) {
1560 fprintf(stderr, "Inconsistent sequence numbers.\n");
1561 return false;
1562 }
1563 }
1564
1565 // Send a record from client to server.
1566 if (SSL_write(client.get(), &byte, 1) != 1 ||
1567 SSL_read(server.get(), &byte, 1) != 1) {
1568 fprintf(stderr, "Could not send byte.\n");
1569 return false;
1570 }
1571
1572 // The client write and server read sequence numbers should have
1573 // incremented.
1574 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1575 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1576 fprintf(stderr, "Sequence numbers did not increment.\n");
1577 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1578 }
1579
1580 return true;
1581}
1582
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1583static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1584 uint16_t version) {
1585 // SSL_shutdown is a no-op in DTLS.
1586 if (is_dtls) {
1587 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1588 }
1589
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1590 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1591 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1592 bssl::UniquePtr<X509> cert = GetTestCertificate();
1593 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1594 if (!client_ctx || !server_ctx || !cert || !key ||
1595 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1596 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1597 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1598 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1599 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1600 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1601 return false;
1602 }
1603
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1604 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1605 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1606 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1607 return false;
1608 }
1609
1610 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1611 // one side has shut down.
1612 if (SSL_shutdown(client.get()) != 0) {
1613 fprintf(stderr, "Could not shutdown.\n");
1614 return false;
1615 }
1616
1617 // Reading from the server should consume the EOF.
1618 uint8_t byte;
1619 if (SSL_read(server.get(), &byte, 1) != 0 ||
1620 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1621 fprintf(stderr, "Connection was not shut down cleanly.\n");
1622 return false;
1623 }
1624
1625 // However, the server may continue to write data and then shut down the
1626 // connection.
1627 byte = 42;
1628 if (SSL_write(server.get(), &byte, 1) != 1 ||
1629 SSL_read(client.get(), &byte, 1) != 1 ||
1630 byte != 42) {
1631 fprintf(stderr, "Could not send byte.\n");
1632 return false;
1633 }
1634
1635 // The server may then shutdown the connection.
1636 if (SSL_shutdown(server.get()) != 1 ||
1637 SSL_shutdown(client.get()) != 1) {
1638 fprintf(stderr, "Could not complete shutdown.\n");
1639 return false;
1640 }
1641
1642 return true;
1643}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1644
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1645TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1646 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1647 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1648 ASSERT_TRUE(client_ctx);
1649 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1650
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1651 bssl::UniquePtr<X509> cert = GetTestCertificate();
1652 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1653 ASSERT_TRUE(cert);
1654 ASSERT_TRUE(key);
1655 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1656 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1657
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1658 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1659 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1660 server_ctx.get(),
1661 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1662
1663 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjamin31b0c9b2017-07-20 14:49:15 -0400[diff] [blame]1664 bssl::UniquePtr<SSL_SESSION> session1 =
1665 bssl::SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1666 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1667
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1668 session1->not_resumable = 0;
1669
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1670 uint8_t *s0_bytes, *s1_bytes;
1671 size_t s0_len, s1_len;
1672
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1673 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1674 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1675
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1676 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1677 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1678
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1679 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1680}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1681
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1682static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]1683 EXPECT_EQ(rfd, SSL_get_fd(ssl));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1684 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1685 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1686
1687 // The wrapper BIOs are always equal when fds are equal, even if set
1688 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1689 if (rfd == wfd) {
1690 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1691 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1692}
1693
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1694TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1695 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1696 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1697
1698 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1699 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1700 ASSERT_TRUE(ssl);
1701 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1702 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1703 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1704
1705 // Test setting the same FD.
1706 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1707 ASSERT_TRUE(ssl);
1708 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1709 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1710
1711 // Test setting the same FD one side at a time.
1712 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1713 ASSERT_TRUE(ssl);
1714 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1715 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1716 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1717
1718 // Test setting the same FD in the other order.
1719 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1720 ASSERT_TRUE(ssl);
1721 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1722 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1723 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1724
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1725 // Test changing the read FD partway through.
1726 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1727 ASSERT_TRUE(ssl);
1728 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1729 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1730 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1731
1732 // Test changing the write FD partway through.
1733 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1734 ASSERT_TRUE(ssl);
1735 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1736 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1737 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1738
1739 // Test a no-op change to the read FD partway through.
1740 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1741 ASSERT_TRUE(ssl);
1742 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1743 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1744 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1745
1746 // Test a no-op change to the write FD partway through.
1747 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1748 ASSERT_TRUE(ssl);
1749 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1750 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1751 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1752
1753 // ASan builds will implicitly test that the internal |BIO| reference-counting
1754 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1755}
1756
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1757TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1758 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1759 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1760
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1761 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1762 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1763 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1764 ASSERT_TRUE(ssl);
1765 ASSERT_TRUE(bio1);
1766 ASSERT_TRUE(bio2);
1767 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1768
1769 // SSL_set_bio takes one reference when the parameters are the same.
1770 BIO_up_ref(bio1.get());
1771 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1772
1773 // Repeating the call does nothing.
1774 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1775
1776 // It takes one reference each when the parameters are different.
1777 BIO_up_ref(bio2.get());
1778 BIO_up_ref(bio3.get());
1779 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1780
1781 // Repeating the call does nothing.
1782 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1783
1784 // It takes one reference when changing only wbio.
1785 BIO_up_ref(bio1.get());
1786 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1787
1788 // It takes one reference when changing only rbio and the two are different.
1789 BIO_up_ref(bio3.get());
1790 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1791
1792 // If setting wbio to rbio, it takes no additional references.
1793 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1794
1795 // From there, wbio may be switched to something else.
1796 BIO_up_ref(bio1.get());
1797 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1798
1799 // If setting rbio to wbio, it takes no additional references.
1800 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1801
1802 // From there, rbio may be switched to something else, but, for historical
1803 // reasons, it takes a reference to both parameters.
1804 BIO_up_ref(bio1.get());
1805 BIO_up_ref(bio2.get());
1806 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1807
1808 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1809 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1810}
1811
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1812static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1813
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1814static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1815 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1816 bssl::UniquePtr<X509> cert = GetTestCertificate();
1817 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1818 if (!cert || !key) {
1819 return false;
1820 }
1821
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1822 // Configure both client and server to accept any certificate.
1823 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1824 if (!ctx ||
1825 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1826 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1827 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1828 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1829 return false;
1830 }
1831 SSL_CTX_set_verify(
1832 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1833 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1834
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1835 bssl::UniquePtr<SSL> client, server;
1836 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1837 nullptr /* no session */)) {
1838 return false;
1839 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1840
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1841 // Client and server should both see the leaf certificate.
1842 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1843 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1844 fprintf(stderr, "Server peer certificate did not match.\n");
1845 return false;
1846 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1847
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1848 peer.reset(SSL_get_peer_certificate(client.get()));
1849 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1850 fprintf(stderr, "Client peer certificate did not match.\n");
1851 return false;
1852 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1853
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1854 // However, for historical reasons, the X509 chain includes the leaf on the
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1855 // client, but does not on the server.
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1856 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1 ||
1857 sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client.get())) != 1) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1858 fprintf(stderr, "Client peer chain was incorrect.\n");
1859 return false;
1860 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1861
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1862 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0 ||
1863 sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server.get())) != 1) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1864 fprintf(stderr, "Server peer chain was incorrect.\n");
1865 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1866 }
1867
1868 return true;
1869}
1870
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1871static bool TestNoPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1872 uint16_t version) {
1873 bssl::UniquePtr<X509> cert = GetTestCertificate();
1874 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1875 if (!cert || !key) {
1876 return false;
1877 }
1878
1879 // Configure an anonymous client.
1880 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method)),
1881 client_ctx(SSL_CTX_new(method));
1882 if (!server_ctx || !client_ctx ||
1883 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1884 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
1885 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1886 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1887 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1888 !SSL_CTX_set_max_proto_version(client_ctx.get(), version)) {
1889 return false;
1890 }
1891 SSL_CTX_set_verify(
1892 server_ctx.get(), SSL_VERIFY_PEER, nullptr);
1893 SSL_CTX_set_cert_verify_callback(server_ctx.get(), VerifySucceed, NULL);
1894 SSL_CTX_set_cert_verify_callback(client_ctx.get(), VerifySucceed, NULL);
1895
1896 bssl::UniquePtr<SSL> client, server;
1897 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1898 server_ctx.get(), nullptr /* no session */)) {
1899 return false;
1900 }
1901
1902 // Client and server should both see the leaf certificate.
1903 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1904 if (peer ||
1905 SSL_get0_peer_certificates(server.get()) != nullptr) {
1906 fprintf(stderr, "Server peer certificate was non-null.\n");
1907 return false;
1908 }
1909
1910 return true;
1911}
1912
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1913static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1914 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1915 bssl::UniquePtr<X509> cert = GetTestCertificate();
1916 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1917 if (!cert || !key) {
1918 return false;
1919 }
1920
1921 uint8_t *cert_der = NULL;
1922 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1923 if (cert_der_len < 0) {
1924 return false;
1925 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1926 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1927
1928 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1929 SHA256(cert_der, cert_der_len, cert_sha256);
1930
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1931 // Configure both client and server to accept any certificate, but the
1932 // server must retain only the SHA-256 of the peer.
1933 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1934 if (!ctx ||
1935 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1936 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1937 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1938 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1939 return false;
1940 }
1941 SSL_CTX_set_verify(
1942 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1943 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1944 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1945
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1946 bssl::UniquePtr<SSL> client, server;
1947 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1948 nullptr /* no session */)) {
1949 return false;
1950 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1951
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1952 // The peer certificate has been dropped.
1953 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1954 if (peer) {
1955 fprintf(stderr, "Peer certificate was retained.\n");
1956 return false;
1957 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1958
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1959 SSL_SESSION *session = SSL_get_session(server.get());
1960 if (!session->peer_sha256_valid) {
1961 fprintf(stderr, "peer_sha256_valid was not set.\n");
1962 return false;
1963 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1964
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1965 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1966 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1967 fprintf(stderr, "peer_sha256 did not match.\n");
1968 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1969 }
1970
1971 return true;
1972}
1973
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1974static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1975 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1976 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1977 // Our default cipher list varies by CPU capabilities, so manually place the
1978 // ChaCha20 ciphers in front.
Matthew Braithwaite7e06de52017-04-10 15:52:14 -0700[diff] [blame]1979 const char* cipher_list = "CHACHA20:ALL";
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1980 if (!ctx ||
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]1981 // SSLv3 is off by default.
1982 !SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1983 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1984 !SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list)) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1985 return false;
1986 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1987
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1988 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1989 if (!ssl) {
1990 return false;
1991 }
1992 std::vector<uint8_t> client_hello;
1993 if (!GetClientHello(ssl.get(), &client_hello)) {
1994 return false;
1995 }
1996
1997 // Zero the client_random.
1998 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1999 1 + 3 + // handshake message header
2000 2; // client_version
2001 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
2002 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
2003 return false;
2004 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2005 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2006
2007 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2008 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2009 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
2010 fprintf(stderr, "Got:\n\t");
2011 for (size_t i = 0; i < client_hello.size(); i++) {
2012 fprintf(stderr, "0x%02x, ", client_hello[i]);
2013 }
2014 fprintf(stderr, "\nWanted:\n\t");
2015 for (size_t i = 0; i < expected_len; i++) {
2016 fprintf(stderr, "0x%02x, ", expected[i]);
2017 }
2018 fprintf(stderr, "\n");
2019 return false;
2020 }
2021
2022 return true;
2023}
2024
2025// Tests that our ClientHellos do not change unexpectedly.
2026static bool TestClientHello() {
2027 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2028 0x16,
2029 0x03, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2030 0x00, 0x3b,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2031 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2032 0x00, 0x00, 0x37,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2033 0x03, 0x00,
2034 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2035 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2036 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2037 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2038 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2039 0x00, 0x10,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2040 0xc0, 0x09,
2041 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2042 0xc0, 0x0a,
2043 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2044 0x00, 0x2f,
2045 0x00, 0x35,
2046 0x00, 0x0a,
2047 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2048 };
2049 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
2050 sizeof(kSSL3ClientHello))) {
2051 return false;
2052 }
2053
2054 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2055 0x16,
2056 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2057 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2058 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2059 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2060 0x03, 0x01,
2061 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2062 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2063 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2064 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2065 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2066 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2067 0xc0, 0x09,
2068 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2069 0xc0, 0x0a,
2070 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2071 0x00, 0x2f,
2072 0x00, 0x35,
2073 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2074 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2075 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2076 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
2077 };
2078 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
2079 sizeof(kTLS1ClientHello))) {
2080 return false;
2081 }
2082
2083 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2084 0x16,
2085 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2086 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2087 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2088 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2089 0x03, 0x02,
2090 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2091 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2092 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2093 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2094 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2095 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2096 0xc0, 0x09,
2097 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2098 0xc0, 0x0a,
2099 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2100 0x00, 0x2f,
2101 0x00, 0x35,
2102 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2103 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2104 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2105 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
2106 };
2107 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
2108 sizeof(kTLS11ClientHello))) {
2109 return false;
2110 }
2111
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]2112 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
2113 // builds.
2114#if defined(BORINGSSL_ANDROID_SYSTEM)
2115 return true;
2116#endif
2117
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2118 static const uint8_t kTLS12ClientHello[] = {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2119 0x16,
2120 0x03, 0x01,
2121 0x00, 0x8e,
2122 0x01,
2123 0x00, 0x00, 0x8a,
2124 0x03, 0x03,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]2125 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2126 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2127 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2128 0x00, 0x2a,
2129 0xcc, 0xa9,
2130 0xcc, 0xa8,
2131 0xc0, 0x2b,
2132 0xc0, 0x2f,
2133 0xc0, 0x2c,
2134 0xc0, 0x30,
2135 0xc0, 0x09,
2136 0xc0, 0x23,
2137 0xc0, 0x13,
2138 0xc0, 0x27,
2139 0xc0, 0x0a,
2140 0xc0, 0x24,
2141 0xc0, 0x14,
2142 0xc0, 0x28,
2143 0x00, 0x9c,
2144 0x00, 0x9d,
2145 0x00, 0x2f,
2146 0x00, 0x3c,
2147 0x00, 0x35,
2148 0x00, 0x3d,
2149 0x00, 0x0a,
2150 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2151 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04,
2152 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08,
2153 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2154 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2155 };
2156 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
2157 sizeof(kTLS12ClientHello))) {
2158 return false;
2159 }
2160
2161 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
2162 // implementation has settled enough that it won't change.
2163
2164 return true;
2165}
2166
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2167static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2168
2169static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2170 // Save the most recent session.
2171 g_last_session.reset(session);
2172 return 1;
2173}
2174
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2175static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
Steven Valdeze831a812017-03-09 14:56:07 -0500[diff] [blame]2176 SSL_CTX *server_ctx) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2177 g_last_session = nullptr;
2178 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2179
2180 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2181 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2182 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2183 nullptr /* no session */)) {
2184 fprintf(stderr, "Failed to connect client and server.\n");
2185 return nullptr;
2186 }
2187
2188 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2189 SSL_read(client.get(), nullptr, 0);
2190
2191 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2192
2193 if (!g_last_session) {
2194 fprintf(stderr, "Client did not receive a session.\n");
2195 return nullptr;
2196 }
2197 return std::move(g_last_session);
2198}
2199
2200static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2201 SSL_SESSION *session,
2202 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2203 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2204 if (!ConnectClientAndServer(&client, &server, client_ctx,
2205 server_ctx, session)) {
2206 fprintf(stderr, "Failed to connect client and server.\n");
2207 return false;
2208 }
2209
2210 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2211 fprintf(stderr, "Client and server were inconsistent.\n");
2212 return false;
2213 }
2214
2215 bool was_reused = !!SSL_session_reused(client.get());
2216 if (was_reused != reused) {
2217 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
2218 was_reused ? "" : " not");
2219 return false;
2220 }
2221
2222 return true;
2223}
2224
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2225static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2226 SSL_CTX *server_ctx,
2227 SSL_SESSION *session) {
2228 g_last_session = nullptr;
2229 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2230
2231 bssl::UniquePtr<SSL> client, server;
2232 if (!ConnectClientAndServer(&client, &server, client_ctx,
2233 server_ctx, session)) {
2234 fprintf(stderr, "Failed to connect client and server.\n");
2235 return nullptr;
2236 }
2237
2238 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2239 fprintf(stderr, "Client and server were inconsistent.\n");
2240 return nullptr;
2241 }
2242
2243 if (!SSL_session_reused(client.get())) {
2244 fprintf(stderr, "Session was not reused.\n");
2245 return nullptr;
2246 }
2247
2248 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2249 SSL_read(client.get(), nullptr, 0);
2250
2251 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2252
2253 if (!g_last_session) {
2254 fprintf(stderr, "Client did not receive a renewed session.\n");
2255 return nullptr;
2256 }
2257 return std::move(g_last_session);
2258}
2259
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2260static bool ExpectTicketKeyChanged(SSL_CTX *ctx, uint8_t *inout_key,
2261 bool changed) {
2262 uint8_t new_key[kTicketKeyLen];
2263 int res = SSL_CTX_get_tlsext_ticket_keys(ctx, new_key, kTicketKeyLen) == 1;
2264 if (res != 1) { /* May return 0, 1 or 48. */
2265 fprintf(stderr, "SSL_CTX_get_tlsext_ticket_keys() returned %d.\n", res);
2266 return false;
2267 }
2268 if (changed != !!OPENSSL_memcmp(inout_key, new_key, kTicketKeyLen)) {
2269 fprintf(stderr, "Ticket key unexpectedly %s.\n",
2270 changed ? "did not change" : "changed");
2271 return false;
2272 }
2273 OPENSSL_memcpy(inout_key, new_key, kTicketKeyLen);
2274 return true;
2275}
2276
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2277static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2278 static const uint8_t kContext[] = {3};
2279
2280 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2281 return SSL_TLSEXT_ERR_ALERT_FATAL;
2282 }
2283
2284 return SSL_TLSEXT_ERR_OK;
2285}
2286
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2287static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2288 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2289 bssl::UniquePtr<X509> cert = GetTestCertificate();
2290 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2291 if (!cert || !key) {
2292 return false;
2293 }
2294
2295 static const uint8_t kContext1[] = {1};
2296 static const uint8_t kContext2[] = {2};
2297
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2298 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2299 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2300 if (!server_ctx || !client_ctx ||
2301 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2302 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2303 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2304 sizeof(kContext1)) ||
2305 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2306 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2307 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2308 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2309 return false;
2310 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2311
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2312 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2313 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2314
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2315 bssl::UniquePtr<SSL_SESSION> session =
2316 CreateClientSession(client_ctx.get(), server_ctx.get());
2317 if (!session) {
2318 fprintf(stderr, "Error getting session.\n");
2319 return false;
2320 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2321
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2322 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2323 true /* expect session reused */)) {
2324 fprintf(stderr, "Error resuming session.\n");
2325 return false;
2326 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2327
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2328 // Change the session ID context.
2329 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2330 sizeof(kContext2))) {
2331 return false;
2332 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2333
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2334 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2335 false /* expect session not reused */)) {
2336 fprintf(stderr, "Error connecting with a different context.\n");
2337 return false;
2338 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2339
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2340 // Change the session ID context back and install an SNI callback to switch
2341 // it.
2342 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2343 sizeof(kContext1))) {
2344 return false;
2345 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2346
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2347 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2348 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2349
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2350 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2351 false /* expect session not reused */)) {
2352 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2353 return false;
2354 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2355
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2356 // Switch the session ID context with the early callback instead.
2357 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2358 SSL_CTX_set_select_certificate_cb(
2359 server_ctx.get(),
2360 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2361 static const uint8_t kContext[] = {3};
2362
2363 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2364 sizeof(kContext))) {
2365 return ssl_select_cert_error;
2366 }
2367
2368 return ssl_select_cert_success;
2369 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2370
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2371 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2372 false /* expect session not reused */)) {
2373 fprintf(stderr,
2374 "Error connecting with a context switch on early callback.\n");
2375 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2376 }
2377
2378 return true;
2379}
2380
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2381static timeval g_current_time;
2382
2383static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2384 *out_clock = g_current_time;
2385}
2386
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2387static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2388 out_clock->tv_sec = 1000;
2389 out_clock->tv_usec = 0;
2390}
2391
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2392static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2393 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2394 int encrypt) {
2395 static const uint8_t kZeros[16] = {0};
2396
2397 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2398 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2399 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2400 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2401 return 0;
2402 }
2403
2404 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2405 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2406 return -1;
2407 }
2408
2409 // Returning two from the callback in decrypt mode renews the
2410 // session in TLS 1.2 and below.
2411 return encrypt ? 1 : 2;
2412}
2413
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2414static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2415 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2416 return false;
2417 }
2418
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2419 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2420 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2421 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2422
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2423#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2424 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2425 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2426#else
2427 static const uint8_t kZeros[16] = {0};
2428 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2429 bssl::ScopedEVP_CIPHER_CTX ctx;
2430 int len1, len2;
2431 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2432 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2433 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2434 return false;
2435 }
2436
2437 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2438#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2439
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2440 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2441 if (!ssl_ctx) {
2442 return false;
2443 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2444 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2445 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2446 if (!server_session) {
2447 return false;
2448 }
2449
2450 *out = server_session->time;
2451 return true;
2452}
2453
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2454static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2455 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2456 bssl::UniquePtr<X509> cert = GetTestCertificate();
2457 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2458 if (!cert || !key) {
2459 return false;
2460 }
2461
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2462 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2463 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2464 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2465
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2466 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2467 // resumptions still perform ECDHE.
2468 const time_t timeout = version == TLS1_3_VERSION
2469 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2470 : SSL_DEFAULT_SESSION_TIMEOUT;
2471
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2472 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2473 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2474 if (!server_ctx || !client_ctx ||
2475 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2476 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2477 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2478 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2479 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2480 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2481 return false;
2482 }
2483
2484 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2485 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2486
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2487 // Both client and server must enforce session timeouts. We configure the
2488 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2489 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2490 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2491 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2492 } else {
2493 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2494 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2495 }
2496
2497 // Configure a ticket callback which renews tickets.
2498 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2499
2500 bssl::UniquePtr<SSL_SESSION> session =
2501 CreateClientSession(client_ctx.get(), server_ctx.get());
2502 if (!session) {
2503 fprintf(stderr, "Error getting session.\n");
2504 return false;
2505 }
2506
2507 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2508 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2509
2510 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2511 true /* expect session reused */)) {
2512 fprintf(stderr, "Error resuming session.\n");
2513 return false;
2514 }
2515
2516 // Advance the clock one more second.
2517 g_current_time.tv_sec++;
2518
2519 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2520 false /* expect session not reused */)) {
2521 fprintf(stderr, "Error resuming session.\n");
2522 return false;
2523 }
2524
2525 // Rewind the clock to before the session was minted.
2526 g_current_time.tv_sec = kStartTime - 1;
2527
2528 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2529 false /* expect session not reused */)) {
2530 fprintf(stderr, "Error resuming session.\n");
2531 return false;
2532 }
2533
2534 // SSL 3.0 cannot renew sessions.
2535 if (version == SSL3_VERSION) {
2536 continue;
2537 }
2538
2539 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2540 time_t new_start_time = kStartTime + timeout - 10;
2541 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2542 bssl::UniquePtr<SSL_SESSION> new_session =
2543 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2544 if (!new_session) {
2545 fprintf(stderr, "Error renewing session.\n");
2546 return false;
2547 }
2548
2549 // This new session is not the same object as before.
2550 if (session.get() == new_session.get()) {
2551 fprintf(stderr, "New and old sessions alias.\n");
2552 return false;
2553 }
2554
2555 // Check the sessions have timestamps measured from issuance.
2556 long session_time = 0;
2557 if (server_test) {
2558 if (!GetServerTicketTime(&session_time, new_session.get())) {
2559 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2560 return false;
2561 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2562 } else {
2563 session_time = new_session->time;
2564 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2565
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2566 if (session_time != g_current_time.tv_sec) {
2567 fprintf(stderr, "New session is not measured from issuance.\n");
2568 return false;
2569 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2570
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2571 if (version == TLS1_3_VERSION) {
2572 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2573 // lifetime TLS 1.3.
2574 g_current_time.tv_sec = new_start_time + timeout - 1;
2575 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2576 new_session.get(),
2577 true /* expect session reused */)) {
2578 fprintf(stderr, "Error resuming renewed session.\n");
2579 return false;
2580 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2581
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2582 // The new session expires after the new timeout.
2583 g_current_time.tv_sec = new_start_time + timeout + 1;
2584 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2585 new_session.get(),
2586 false /* expect session ot reused */)) {
2587 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2588 return false;
2589 }
2590
2591 // Renew the session until it begins just past the auth timeout.
2592 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2593 while (new_start_time < auth_end_time - 1000) {
2594 // Get as close as possible to target start time.
2595 new_start_time =
2596 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2597 g_current_time.tv_sec = new_start_time;
2598 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2599 new_session.get());
2600 if (!new_session) {
2601 fprintf(stderr, "Error renewing session.\n");
2602 return false;
2603 }
2604 }
2605
2606 // Now the session's lifetime is bound by the auth timeout.
2607 g_current_time.tv_sec = auth_end_time - 1;
2608 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2609 new_session.get(),
2610 true /* expect session reused */)) {
2611 fprintf(stderr, "Error resuming renewed session.\n");
2612 return false;
2613 }
2614
2615 g_current_time.tv_sec = auth_end_time + 1;
2616 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2617 new_session.get(),
2618 false /* expect session ot reused */)) {
2619 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2620 return false;
2621 }
2622 } else {
2623 // The new session is usable just before the old expiration.
2624 g_current_time.tv_sec = kStartTime + timeout - 1;
2625 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2626 new_session.get(),
2627 true /* expect session reused */)) {
2628 fprintf(stderr, "Error resuming renewed session.\n");
2629 return false;
2630 }
2631
2632 // Renewal does not extend the lifetime, so it is not usable beyond the
2633 // old expiration.
2634 g_current_time.tv_sec = kStartTime + timeout + 1;
2635 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2636 new_session.get(),
2637 false /* expect session not reused */)) {
2638 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2639 return false;
2640 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2641 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2642 }
2643
2644 return true;
2645}
2646
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2647class DefaultSessionTicketKeyTest
2648 : public ::testing::TestWithParam<VersionParam> {
2649 public:
2650 bssl::UniquePtr<SSL_CTX> CreateContext() const {
2651 const VersionParam version = GetParam();
2652 const SSL_METHOD *method = version.ssl_method == VersionParam::is_dtls
2653 ? DTLS_method()
2654 : TLS_method();
2655 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2656 if (!ctx ||
2657 !SSL_CTX_set_min_proto_version(ctx.get(), version.version) ||
2658 !SSL_CTX_set_max_proto_version(ctx.get(), version.version)) {
2659 return nullptr;
2660 }
2661 return ctx;
2662 }
2663};
2664
2665
2666TEST_P(DefaultSessionTicketKeyTest, Initialization) {
2667 bssl::UniquePtr<X509> cert = GetTestCertificate();
2668 ASSERT_TRUE(cert);
2669 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2670 ASSERT_TRUE(key);
2671
2672 bssl::UniquePtr<SSL_CTX> server_ctx = CreateContext();
2673 ASSERT_TRUE(server_ctx);
2674 static const uint8_t kZeroKey[kTicketKeyLen] = {};
2675 uint8_t ticket_key[kTicketKeyLen];
2676 ASSERT_EQ(1, SSL_CTX_get_tlsext_ticket_keys(server_ctx.get(), ticket_key,
2677 kTicketKeyLen));
2678 ASSERT_NE(0, OPENSSL_memcmp(ticket_key, kZeroKey, kTicketKeyLen));
2679}
2680
2681TEST_P(DefaultSessionTicketKeyTest, Rotation) {
2682 if (GetParam().version == SSL3_VERSION) {
2683 return;
2684 }
2685
2686 static const time_t kStartTime = 1001;
2687 g_current_time.tv_sec = kStartTime;
2688 uint8_t ticket_key[kTicketKeyLen];
2689
2690 bssl::UniquePtr<X509> cert = GetTestCertificate();
2691 ASSERT_TRUE(cert);
2692 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2693 ASSERT_TRUE(key);
2694
2695 bssl::UniquePtr<SSL_CTX> server_ctx = CreateContext();
2696 ASSERT_TRUE(server_ctx);
2697 bssl::UniquePtr<SSL_CTX> client_ctx = CreateContext();
2698 ASSERT_TRUE(client_ctx);
2699
2700 /* We use session reuse as a proxy for ticket decryption success, hence
2701 * disable session timeouts. */
2702 SSL_CTX_set_timeout(server_ctx.get(), std::numeric_limits<uint32_t>::max());
2703 SSL_CTX_set_session_psk_dhe_timeout(server_ctx.get(),
2704 std::numeric_limits<uint32_t>::max());
2705
2706 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
2707 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2708
2709 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2710 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_OFF);
2711
2712 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2713 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2714
2715 /* Initialize ticket_key with the current key. */
2716 ASSERT_TRUE(
2717 ExpectTicketKeyChanged(server_ctx.get(), ticket_key, true /* changed */));
2718
2719 /* Verify ticket resumption actually works. */
2720 bssl::UniquePtr<SSL> client, server;
2721 bssl::UniquePtr<SSL_SESSION> session =
2722 CreateClientSession(client_ctx.get(), server_ctx.get());
2723 ASSERT_TRUE(session);
2724 EXPECT_TRUE(ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2725 session.get(), true /* reused */));
2726
2727 /* Advance time to just before key rotation. */
2728 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL - 1;
2729 EXPECT_TRUE(ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2730 session.get(), true /* reused */));
2731 ASSERT_TRUE(ExpectTicketKeyChanged(server_ctx.get(), ticket_key,
2732 false /* NOT changed */));
2733
2734 /* Force key rotation. */
2735 g_current_time.tv_sec += 1;
2736 bssl::UniquePtr<SSL_SESSION> new_session =
2737 CreateClientSession(client_ctx.get(), server_ctx.get());
2738 ASSERT_TRUE(
2739 ExpectTicketKeyChanged(server_ctx.get(), ticket_key, true /* changed */));
2740
2741 /* Resumption with both old and new ticket should work. */
2742 EXPECT_TRUE(ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2743 session.get(), true /* reused */));
2744 EXPECT_TRUE(ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2745 new_session.get(), true /* reused */));
2746 ASSERT_TRUE(ExpectTicketKeyChanged(server_ctx.get(), ticket_key,
2747 false /* NOT changed */));
2748
2749 /* Force key rotation again. Resumption with the old ticket now fails. */
2750 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL;
2751 EXPECT_TRUE(ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2752 session.get(), false /* NOT reused */));
2753 ASSERT_TRUE(
2754 ExpectTicketKeyChanged(server_ctx.get(), ticket_key, true /* changed */));
2755
2756 /* But resumption with the newer session still works. */
2757 EXPECT_TRUE(ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2758 new_session.get(), true /* reused */));
2759}
2760
2761INSTANTIATE_TEST_CASE_P(WithTLSVersion, DefaultSessionTicketKeyTest,
2762 testing::ValuesIn(kAllVersions),
2763 [](const testing::TestParamInfo<VersionParam> &i) {
2764 return i.param.name;
2765 });
2766
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2767static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2768 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2769 SSL_set_SSL_CTX(ssl, ctx);
2770 return SSL_TLSEXT_ERR_OK;
2771}
2772
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2773static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2774 uint16_t version) {
2775 // SSL 3.0 lacks extensions.
2776 if (version == SSL3_VERSION) {
2777 return true;
2778 }
2779
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2780 bssl::UniquePtr<X509> cert = GetTestCertificate();
2781 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2782 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2783 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2784 if (!cert || !key || !cert2 || !key2) {
2785 return false;
2786 }
2787
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2788 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2789 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2790
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2791 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2792 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2793
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2794 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2795 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2796 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2797 if (!server_ctx || !server_ctx2 || !client_ctx ||
2798 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2799 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2800 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2801 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2802 !SSL_CTX_set_signed_cert_timestamp_list(server_ctx2.get(), kSCTList,
2803 sizeof(kSCTList)) ||
2804 !SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2805 sizeof(kOCSPResponse)) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2806 // Historically signing preferences would be lost in some cases with the
2807 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2808 // this doesn't happen when |version| is TLS 1.2, configure the private
2809 // key to only sign SHA-256.
2810 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2811 1) ||
2812 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2813 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2814 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2815 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2816 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2817 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2818 return false;
2819 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2820
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2821 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2822 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2823
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2824 SSL_CTX_enable_signed_cert_timestamps(client_ctx.get());
2825 SSL_CTX_enable_ocsp_stapling(client_ctx.get());
2826
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2827 bssl::UniquePtr<SSL> client, server;
2828 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2829 server_ctx.get(), nullptr)) {
2830 fprintf(stderr, "Handshake failed.\n");
2831 return false;
2832 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2833
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2834 // The client should have received |cert2|.
2835 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2836 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2837 fprintf(stderr, "Incorrect certificate received.\n");
2838 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2839 }
2840
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2841 // The client should have received |server_ctx2|'s SCT list.
2842 const uint8_t *data;
2843 size_t len;
2844 SSL_get0_signed_cert_timestamp_list(client.get(), &data, &len);
2845 if (Bytes(kSCTList) != Bytes(data, len)) {
2846 fprintf(stderr, "Incorrect SCT list received.\n");
2847 return false;
2848 }
2849
2850 // The client should have received |server_ctx2|'s OCSP response.
2851 SSL_get0_ocsp_response(client.get(), &data, &len);
2852 if (Bytes(kOCSPResponse) != Bytes(data, len)) {
2853 fprintf(stderr, "Incorrect OCSP response received.\n");
2854 return false;
2855 }
2856
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2857 return true;
2858}
2859
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2860// Test that the early callback can swap the maximum version.
2861TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2862 bssl::UniquePtr<X509> cert = GetTestCertificate();
2863 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2864 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2865 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2866 ASSERT_TRUE(cert);
2867 ASSERT_TRUE(key);
2868 ASSERT_TRUE(server_ctx);
2869 ASSERT_TRUE(client_ctx);
2870 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2871 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2872 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2873 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2874
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2875 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2876 server_ctx.get(),
2877 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2878 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2879 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2880 }
2881
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2882 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2883 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2884
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2885 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2886 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2887 server_ctx.get(), nullptr));
2888 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2889}
2890
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2891TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2892 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2893 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2894
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2895 // Set valid TLS versions.
2896 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2897 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2898 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2899 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2900
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2901 // Invalid TLS versions are rejected.
2902 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2903 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2904 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2905 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2906 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2907 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2908
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2909 // Zero is the default version.
2910 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2911 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2912 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2913 EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2914
2915 // SSL 3.0 and TLS 1.3 are available, but not by default.
2916 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2917 EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2918 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2919 EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2920
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2921 // TLS1_3_DRAFT_VERSION is not an API-level version.
2922 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT_VERSION));
2923 ERR_clear_error();
2924
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2925 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2926 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2927
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2928 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2929 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2930 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2931 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2932
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2933 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2934 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2935 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2936 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2937 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2938 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2939 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2940 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2941
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2942 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2943 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2944 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2945 EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2946}
2947
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2948static const char *GetVersionName(uint16_t version) {
2949 switch (version) {
2950 case SSL3_VERSION:
2951 return "SSLv3";
2952 case TLS1_VERSION:
2953 return "TLSv1";
2954 case TLS1_1_VERSION:
2955 return "TLSv1.1";
2956 case TLS1_2_VERSION:
2957 return "TLSv1.2";
2958 case TLS1_3_VERSION:
2959 return "TLSv1.3";
2960 case DTLS1_VERSION:
2961 return "DTLSv1";
2962 case DTLS1_2_VERSION:
2963 return "DTLSv1.2";
2964 default:
2965 return "???";
2966 }
2967}
2968
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2969static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2970 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2971 bssl::UniquePtr<X509> cert = GetTestCertificate();
2972 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2973 if (!cert || !key) {
2974 return false;
2975 }
2976
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2977 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2978 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2979 bssl::UniquePtr<SSL> client, server;
2980 if (!server_ctx || !client_ctx ||
2981 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2982 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2983 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2984 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2985 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2986 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2987 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2988 server_ctx.get(), nullptr /* no session */)) {
2989 fprintf(stderr, "Failed to connect.\n");
2990 return false;
2991 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2992
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2993 if (SSL_version(client.get()) != version ||
2994 SSL_version(server.get()) != version) {
2995 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2996 SSL_version(client.get()), SSL_version(server.get()), version);
2997 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2998 }
2999
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]3000 // Test the version name is reported as expected.
3001 const char *version_name = GetVersionName(version);
3002 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
3003 strcmp(version_name, SSL_get_version(server.get())) != 0) {
3004 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
3005 SSL_get_version(client.get()), SSL_get_version(server.get()),
3006 version_name);
3007 return false;
3008 }
3009
3010 // Test SSL_SESSION reports the same name.
3011 const char *client_name =
3012 SSL_SESSION_get_version(SSL_get_session(client.get()));
3013 const char *server_name =
3014 SSL_SESSION_get_version(SSL_get_session(server.get()));
3015 if (strcmp(version_name, client_name) != 0 ||
3016 strcmp(version_name, server_name) != 0) {
3017 fprintf(stderr,
3018 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
3019 client_name, server_name, version_name);
3020 return false;
3021 }
3022
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]3023 return true;
3024}
3025
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3026// Tests that that |SSL_get_pending_cipher| is available during the ALPN
3027// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3028static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
3029 uint16_t version) {
3030 // SSL 3.0 lacks extensions.
3031 if (version == SSL3_VERSION) {
3032 return true;
3033 }
3034
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3035 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
3036
3037 bssl::UniquePtr<X509> cert = GetTestCertificate();
3038 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3039 if (!cert || !key) {
3040 return false;
3041 }
3042
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3043 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3044 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3045 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3046 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3047 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
3048 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
3049 0) {
3050 return false;
3051 }
3052
3053 // The ALPN callback does not fail the handshake on error, so have the
3054 // callback write a boolean.
3055 std::pair<uint16_t, bool> callback_state(version, false);
3056 SSL_CTX_set_alpn_select_cb(
3057 ctx.get(),
3058 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
3059 unsigned in_len, void *arg) -> int {
3060 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
3061 if (SSL_get_pending_cipher(ssl) != nullptr &&
3062 SSL_version(ssl) == state->first) {
3063 state->second = true;
3064 }
3065 return SSL_TLSEXT_ERR_NOACK;
3066 },
3067 &callback_state);
3068
3069 bssl::UniquePtr<SSL> client, server;
3070 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3071 nullptr /* no session */)) {
3072 return false;
3073 }
3074
3075 if (!callback_state.second) {
3076 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
3077 return false;
3078 }
3079
3080 return true;
3081}
3082
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3083static bool TestSSLClearSessionResumption(bool is_dtls,
3084 const SSL_METHOD *method,
3085 uint16_t version) {
3086 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
3087 // API pattern.
3088 if (version == TLS1_3_VERSION) {
3089 return true;
3090 }
3091
3092 bssl::UniquePtr<X509> cert = GetTestCertificate();
3093 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3094 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
3095 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
3096 if (!cert || !key || !server_ctx || !client_ctx ||
3097 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
3098 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
3099 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
3100 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
3101 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
3102 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
3103 return false;
3104 }
3105
3106 // Connect a client and a server.
3107 bssl::UniquePtr<SSL> client, server;
3108 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
3109 server_ctx.get(), nullptr /* no session */)) {
3110 return false;
3111 }
3112
3113 if (SSL_session_reused(client.get()) ||
3114 SSL_session_reused(server.get())) {
3115 fprintf(stderr, "Session unexpectedly reused.\n");
3116 return false;
3117 }
3118
3119 // Reset everything.
3120 if (!SSL_clear(client.get()) ||
3121 !SSL_clear(server.get())) {
3122 fprintf(stderr, "SSL_clear failed.\n");
3123 return false;
3124 }
3125
3126 // Attempt to connect a second time.
3127 if (!CompleteHandshakes(client.get(), server.get())) {
3128 fprintf(stderr, "Could not reuse SSL objects.\n");
3129 return false;
3130 }
3131
3132 // |SSL_clear| should implicitly offer the previous session to the server.
3133 if (!SSL_session_reused(client.get()) ||
3134 !SSL_session_reused(server.get())) {
3135 fprintf(stderr, "Session was not reused in second try.\n");
3136 return false;
3137 }
3138
3139 return true;
3140}
3141
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3142static bool ChainsEqual(STACK_OF(X509) *chain,
3143 const std::vector<X509 *> &expected) {
3144 if (sk_X509_num(chain) != expected.size()) {
3145 return false;
3146 }
3147
3148 for (size_t i = 0; i < expected.size(); i++) {
3149 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
3150 return false;
3151 }
3152 }
3153
3154 return true;
3155}
3156
3157static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
3158 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3159 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
3160 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
3161 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3162 if (!cert || !intermediate || !key) {
3163 return false;
3164 }
3165
3166 // Configure both client and server to accept any certificate. Add
3167 // |intermediate| to the cert store.
3168 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3169 if (!ctx ||
3170 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3171 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3172 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3173 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
3174 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
3175 intermediate.get())) {
3176 return false;
3177 }
3178 SSL_CTX_set_verify(
3179 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
3180 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
3181
3182 // By default, the client and server should each only send the leaf.
3183 bssl::UniquePtr<SSL> client, server;
3184 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3185 nullptr /* no session */)) {
3186 return false;
3187 }
3188
3189 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
3190 fprintf(stderr, "Client-received chain did not match.\n");
3191 return false;
3192 }
3193
3194 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
3195 fprintf(stderr, "Server-received chain did not match.\n");
3196 return false;
3197 }
3198
3199 // If auto-chaining is enabled, then the intermediate is sent.
3200 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
3201 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3202 nullptr /* no session */)) {
3203 return false;
3204 }
3205
3206 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
3207 {cert.get(), intermediate.get()})) {
3208 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
3209 return false;
3210 }
3211
3212 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
3213 {cert.get(), intermediate.get()})) {
3214 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
3215 return false;
3216 }
3217
3218 // Auto-chaining does not override explicitly-configured intermediates.
3219 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
3220 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3221 nullptr /* no session */)) {
3222 return false;
3223 }
3224
3225 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
3226 {cert.get(), cert.get()})) {
3227 fprintf(stderr,
3228 "Client-received chain did not match (auto-chaining, explicit "
3229 "intermediate).\n");
3230 return false;
3231 }
3232
3233 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
3234 {cert.get(), cert.get()})) {
3235 fprintf(stderr,
3236 "Server-received chain did not match (auto-chaining, explicit "
3237 "intermediate).\n");
3238 return false;
3239 }
3240
3241 return true;
3242}
3243
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3244static bool ExpectBadWriteRetry() {
3245 int err = ERR_get_error();
3246 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
3247 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
3248 char buf[ERR_ERROR_STRING_BUF_LEN];
3249 ERR_error_string_n(err, buf, sizeof(buf));
3250 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
3251 return false;
3252 }
3253
3254 if (ERR_peek_error() != 0) {
3255 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
3256 return false;
3257 }
3258
3259 return true;
3260}
3261
3262static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
3263 uint16_t version) {
3264 if (is_dtls) {
3265 return true;
3266 }
3267
3268 for (bool enable_partial_write : std::vector<bool>{false, true}) {
3269 // Connect a client and server.
3270 bssl::UniquePtr<X509> cert = GetTestCertificate();
3271 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3272 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3273 bssl::UniquePtr<SSL> client, server;
3274 if (!cert || !key || !ctx ||
3275 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3276 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3277 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3278 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
3279 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3280 nullptr /* no session */)) {
3281 return false;
3282 }
3283
3284 if (enable_partial_write) {
3285 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
3286 }
3287
3288 // Write without reading until the buffer is full and we have an unfinished
3289 // write. Keep a count so we may reread it again later. "hello!" will be
3290 // written in two chunks, "hello" and "!".
3291 char data[] = "hello!";
3292 static const int kChunkLen = 5; // The length of "hello".
3293 unsigned count = 0;
3294 for (;;) {
3295 int ret = SSL_write(client.get(), data, kChunkLen);
3296 if (ret <= 0) {
3297 int err = SSL_get_error(client.get(), ret);
3298 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
3299 break;
3300 }
3301 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
3302 return false;
3303 }
3304
3305 if (ret != 5) {
3306 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
3307 return false;
3308 }
3309
3310 count++;
3311 }
3312
3313 // Retrying with the same parameters is legal.
3314 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
3315 SSL_ERROR_WANT_WRITE) {
3316 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3317 return false;
3318 }
3319
3320 // Retrying with the same buffer but shorter length is not legal.
3321 if (SSL_get_error(client.get(),
3322 SSL_write(client.get(), data, kChunkLen - 1)) !=
3323 SSL_ERROR_SSL ||
3324 !ExpectBadWriteRetry()) {
3325 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3326 return false;
3327 }
3328
3329 // Retrying with a different buffer pointer is not legal.
3330 char data2[] = "hello";
3331 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
3332 kChunkLen)) != SSL_ERROR_SSL ||
3333 !ExpectBadWriteRetry()) {
3334 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3335 return false;
3336 }
3337
3338 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
3339 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
3340 if (SSL_get_error(client.get(),
3341 SSL_write(client.get(), data2, kChunkLen)) !=
3342 SSL_ERROR_WANT_WRITE) {
3343 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3344 return false;
3345 }
3346
3347 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
3348 if (SSL_get_error(client.get(),
3349 SSL_write(client.get(), data2, kChunkLen - 1)) !=
3350 SSL_ERROR_SSL ||
3351 !ExpectBadWriteRetry()) {
3352 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3353 return false;
3354 }
3355
3356 // Retrying with a larger buffer is legal.
3357 if (SSL_get_error(client.get(),
3358 SSL_write(client.get(), data, kChunkLen + 1)) !=
3359 SSL_ERROR_WANT_WRITE) {
3360 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3361 return false;
3362 }
3363
3364 // Drain the buffer.
3365 char buf[20];
3366 for (unsigned i = 0; i < count; i++) {
3367 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3368 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
3369 fprintf(stderr, "Failed to read initial records.\n");
3370 return false;
3371 }
3372 }
3373
3374 // Now that there is space, a retry with a larger buffer should flush the
3375 // pending record, skip over that many bytes of input (on assumption they
3376 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
3377 // is set, this will complete in two steps.
3378 char data3[] = "_____!";
3379 if (enable_partial_write) {
3380 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
3381 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
3382 fprintf(stderr, "SSL_write retry failed.\n");
3383 return false;
3384 }
3385 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3386 fprintf(stderr, "SSL_write retry failed.\n");
3387 return false;
3388 }
3389
3390 // Check the last write was correct. The data will be spread over two
3391 // records, so SSL_read returns twice.
3392 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3393 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3394 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3395 buf[0] != '!') {
3396 fprintf(stderr, "Failed to read write retry.\n");
3397 return false;
3398 }
3399 }
3400
3401 return true;
3402}
3403
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]3404static bool TestRecordCallback(bool is_dtls, const SSL_METHOD *method,
3405 uint16_t version) {
3406 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
3407 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
3408 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3409 if (!cert || !intermediate || !key) {
3410 return false;
3411 }
3412
3413 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3414 if (!ctx ||
3415 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3416 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3417 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3418 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
3419 return false;
3420 }
3421
3422 bool read_seen = false;
3423 bool write_seen = false;
3424 auto cb = [&](int is_write, int cb_version, int cb_type, const void *buf,
3425 size_t len, SSL *ssl) {
3426 if (cb_type != SSL3_RT_HEADER) {
3427 return;
3428 }
3429
3430 // The callback does not report a version for records.
3431 EXPECT_EQ(0, cb_version);
3432
3433 if (is_write) {
3434 write_seen = true;
3435 } else {
3436 read_seen = true;
3437 }
3438
3439 // Sanity-check that the record header is plausible.
3440 CBS cbs;
3441 CBS_init(&cbs, reinterpret_cast<const uint8_t *>(buf), len);
3442 uint8_t type;
3443 uint16_t record_version, length;
3444 ASSERT_TRUE(CBS_get_u8(&cbs, &type));
3445 ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
3446 EXPECT_TRUE(record_version == version ||
3447 record_version == (is_dtls ? DTLS1_VERSION : TLS1_VERSION))
3448 << "Invalid record version: " << record_version;
3449 if (is_dtls) {
3450 uint16_t epoch;
3451 ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
3452 EXPECT_TRUE(epoch == 0 || epoch == 1) << "Invalid epoch: " << epoch;
3453 ASSERT_TRUE(CBS_skip(&cbs, 6));
3454 }
3455 ASSERT_TRUE(CBS_get_u16(&cbs, &length));
3456 EXPECT_EQ(0u, CBS_len(&cbs));
3457 };
3458 using CallbackType = decltype(cb);
3459 SSL_CTX_set_msg_callback(
3460 ctx.get(), [](int is_write, int cb_version, int cb_type, const void *buf,
3461 size_t len, SSL *ssl, void *arg) {
3462 CallbackType *cb_ptr = reinterpret_cast<CallbackType *>(arg);
3463 (*cb_ptr)(is_write, cb_version, cb_type, buf, len, ssl);
3464 });
3465 SSL_CTX_set_msg_callback_arg(ctx.get(), &cb);
3466
3467 bssl::UniquePtr<SSL> client, server;
3468 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3469 nullptr /* no session */)) {
3470 return false;
3471 }
3472
3473 EXPECT_TRUE(read_seen);
3474 EXPECT_TRUE(write_seen);
3475 return true;
3476}
3477
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3478static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3479 const SSL_METHOD *method,
3480 uint16_t version)) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]3481 for (auto version : kAllVersions) {
3482 const bool is_dtls = version.ssl_method == VersionParam::is_dtls;
3483 const SSL_METHOD *method = is_dtls ? DTLS_method() : TLS_method();
3484 if (!test_func(is_dtls, method, version.version)) {
3485 if (is_dtls) {
3486 fprintf(stderr, "Test failed at DTLS version %04x.\n", version.version);
3487 } else {
3488 fprintf(stderr, "Test failed at TLS version %04x.\n", version.version);
3489 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3490 return false;
3491 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3492 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3493 return true;
3494}
3495
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3496TEST(SSLTest, AddChainCertHack) {
3497 // Ensure that we don't accidently break the hack that we have in place to
3498 // keep curl and serf happy when they use an |X509| even after transfering
3499 // ownership.
3500
3501 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3502 ASSERT_TRUE(ctx);
3503 X509 *cert = GetTestCertificate().release();
3504 ASSERT_TRUE(cert);
3505 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3506
3507 // This should not trigger a use-after-free.
3508 X509_cmp(cert, cert);
3509}
3510
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3511TEST(SSLTest, GetCertificate) {
3512 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3513 ASSERT_TRUE(ctx);
3514 bssl::UniquePtr<X509> cert = GetTestCertificate();
3515 ASSERT_TRUE(cert);
3516 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3517 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3518 ASSERT_TRUE(ssl);
3519
3520 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3521 ASSERT_TRUE(cert2);
3522 X509 *cert3 = SSL_get_certificate(ssl.get());
3523 ASSERT_TRUE(cert3);
3524
3525 // The old and new certificates must be identical.
3526 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3527 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3528
3529 uint8_t *der = nullptr;
3530 long der_len = i2d_X509(cert.get(), &der);
3531 ASSERT_LT(0, der_len);
3532 bssl::UniquePtr<uint8_t> free_der(der);
3533
3534 uint8_t *der2 = nullptr;
3535 long der2_len = i2d_X509(cert2, &der2);
3536 ASSERT_LT(0, der2_len);
3537 bssl::UniquePtr<uint8_t> free_der2(der2);
3538
3539 uint8_t *der3 = nullptr;
3540 long der3_len = i2d_X509(cert3, &der3);
3541 ASSERT_LT(0, der3_len);
3542 bssl::UniquePtr<uint8_t> free_der3(der3);
3543
3544 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3545 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3546 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3547}
3548
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3549TEST(SSLTest, SetChainAndKeyMismatch) {
3550 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3551 ASSERT_TRUE(ctx);
3552
3553 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3554 ASSERT_TRUE(key);
3555 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3556 ASSERT_TRUE(leaf);
3557 std::vector<CRYPTO_BUFFER*> chain = {
3558 leaf.get(),
3559 };
3560
3561 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3562 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3563 key.get(), nullptr));
3564 ERR_clear_error();
3565}
3566
3567TEST(SSLTest, SetChainAndKey) {
3568 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3569 ASSERT_TRUE(client_ctx);
3570 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3571 ASSERT_TRUE(server_ctx);
3572
3573 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3574 ASSERT_TRUE(key);
3575 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3576 ASSERT_TRUE(leaf);
3577 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3578 GetChainTestIntermediateBuffer();
3579 ASSERT_TRUE(intermediate);
3580 std::vector<CRYPTO_BUFFER*> chain = {
3581 leaf.get(), intermediate.get(),
3582 };
3583 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3584 chain.size(), key.get(), nullptr));
3585
David Benjamin3a1dd462017-07-11 16:13:10 -0400[diff] [blame]3586 SSL_CTX_set_custom_verify(
3587 client_ctx.get(), SSL_VERIFY_PEER,
3588 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3589 return ssl_verify_ok;
3590 });
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3591
3592 bssl::UniquePtr<SSL> client, server;
3593 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3594 server_ctx.get(),
3595 nullptr /* no session */));
3596}
3597
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3598TEST(SSLTest, ClientCABuffers) {
3599 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3600 ASSERT_TRUE(client_ctx);
3601 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3602 ASSERT_TRUE(server_ctx);
3603
3604 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3605 ASSERT_TRUE(key);
3606 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3607 ASSERT_TRUE(leaf);
3608 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3609 GetChainTestIntermediateBuffer();
3610 ASSERT_TRUE(intermediate);
3611 std::vector<CRYPTO_BUFFER *> chain = {
3612 leaf.get(),
3613 intermediate.get(),
3614 };
3615 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3616 chain.size(), key.get(), nullptr));
3617
3618 bssl::UniquePtr<CRYPTO_BUFFER> ca_name(
3619 CRYPTO_BUFFER_new(kTestName, sizeof(kTestName), nullptr));
3620 ASSERT_TRUE(ca_name);
3621 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names(
3622 sk_CRYPTO_BUFFER_new_null());
3623 ASSERT_TRUE(ca_names);
3624 ASSERT_TRUE(sk_CRYPTO_BUFFER_push(ca_names.get(), ca_name.get()));
3625 ca_name.release();
3626 SSL_CTX_set0_client_CAs(server_ctx.get(), ca_names.release());
3627
3628 // Configure client and server to accept all certificates.
3629 SSL_CTX_set_custom_verify(
3630 client_ctx.get(), SSL_VERIFY_PEER,
3631 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3632 return ssl_verify_ok;
3633 });
3634 SSL_CTX_set_custom_verify(
3635 server_ctx.get(), SSL_VERIFY_PEER,
3636 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3637 return ssl_verify_ok;
3638 });
3639
3640 bool cert_cb_called = false;
3641 SSL_CTX_set_cert_cb(
3642 client_ctx.get(),
3643 [](SSL *ssl, void *arg) -> int {
3644 STACK_OF(CRYPTO_BUFFER) *peer_names =
3645 SSL_get0_server_requested_CAs(ssl);
3646 EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
3647 CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
3648 EXPECT_EQ(Bytes(kTestName), Bytes(CRYPTO_BUFFER_data(peer_name),
3649 CRYPTO_BUFFER_len(peer_name)));
3650 *reinterpret_cast<bool *>(arg) = true;
3651 return 1;
3652 },
3653 &cert_cb_called);
3654
3655 bssl::UniquePtr<SSL> client, server;
3656 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3657 server_ctx.get(),
3658 nullptr /* no session */));
3659 EXPECT_TRUE(cert_cb_called);
3660}
3661
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3662// Configuring the empty cipher list, though an error, should still modify the
3663// configuration.
3664TEST(SSLTest, EmptyCipherList) {
3665 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3666 ASSERT_TRUE(ctx);
3667
3668 // Initially, the cipher list is not empty.
3669 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3670
3671 // Configuring the empty cipher list fails.
3672 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3673 ERR_clear_error();
3674
3675 // But the cipher list is still updated to empty.
3676 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3677}
3678
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3679// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3680// test |SSL_TICKET_AEAD_METHOD| can fail.
3681enum ssl_test_ticket_aead_failure_mode {
3682 ssl_test_ticket_aead_ok = 0,
3683 ssl_test_ticket_aead_seal_fail,
3684 ssl_test_ticket_aead_open_soft_fail,
3685 ssl_test_ticket_aead_open_hard_fail,
3686};
3687
3688struct ssl_test_ticket_aead_state {
3689 unsigned retry_count;
3690 ssl_test_ticket_aead_failure_mode failure_mode;
3691};
3692
3693static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3694 const CRYPTO_EX_DATA *from,
3695 void **from_d, int index,
3696 long argl, void *argp) {
3697 abort();
3698}
3699
3700static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3701 CRYPTO_EX_DATA *ad, int index,
3702 long argl, void *argp) {
3703 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3704 if (state == nullptr) {
3705 return;
3706 }
3707
3708 OPENSSL_free(state);
3709}
3710
3711static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3712static int g_ssl_test_ticket_aead_ex_index;
3713
3714static int ssl_test_ticket_aead_get_ex_index() {
3715 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3716 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3717 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3718 ssl_test_ticket_aead_ex_index_free);
3719 });
3720 return g_ssl_test_ticket_aead_ex_index;
3721}
3722
3723static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3724 return 1;
3725}
3726
3727static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3728 size_t max_out_len, const uint8_t *in,
3729 size_t in_len) {
3730 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3731 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3732
3733 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3734 max_out_len < in_len + 1) {
3735 return 0;
3736 }
3737
3738 OPENSSL_memmove(out, in, in_len);
3739 out[in_len] = 0xff;
3740 *out_len = in_len + 1;
3741
3742 return 1;
3743}
3744
3745static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3746 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3747 const uint8_t *in, size_t in_len) {
3748 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3749 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3750
3751 if (state->retry_count > 0) {
3752 state->retry_count--;
3753 return ssl_ticket_aead_retry;
3754 }
3755
3756 switch (state->failure_mode) {
3757 case ssl_test_ticket_aead_ok:
3758 break;
3759 case ssl_test_ticket_aead_seal_fail:
3760 // If |seal| failed then there shouldn't be any ticket to try and
3761 // decrypt.
3762 abort();
3763 break;
3764 case ssl_test_ticket_aead_open_soft_fail:
3765 return ssl_ticket_aead_ignore_ticket;
3766 case ssl_test_ticket_aead_open_hard_fail:
3767 return ssl_ticket_aead_error;
3768 }
3769
3770 if (in_len == 0 || in[in_len - 1] != 0xff) {
3771 return ssl_ticket_aead_ignore_ticket;
3772 }
3773
3774 if (max_out_len < in_len - 1) {
3775 return ssl_ticket_aead_error;
3776 }
3777
3778 OPENSSL_memmove(out, in, in_len - 1);
3779 *out_len = in_len - 1;
3780 return ssl_ticket_aead_success;
3781}
3782
3783static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3784 ssl_test_ticket_aead_max_overhead,
3785 ssl_test_ticket_aead_seal,
3786 ssl_test_ticket_aead_open,
3787};
3788
3789static void ConnectClientAndServerWithTicketMethod(
3790 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3791 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3792 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3793 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3794 ASSERT_TRUE(client);
3795 ASSERT_TRUE(server);
3796 SSL_set_connect_state(client.get());
3797 SSL_set_accept_state(server.get());
3798
3799 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3800 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3801 ASSERT_TRUE(state);
3802 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3803 state->retry_count = retry_count;
3804 state->failure_mode = failure_mode;
3805
3806 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3807 state));
3808
3809 SSL_set_session(client.get(), session);
3810
3811 BIO *bio1, *bio2;
3812 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3813
3814 // SSL_set_bio takes ownership.
3815 SSL_set_bio(client.get(), bio1, bio1);
3816 SSL_set_bio(server.get(), bio2, bio2);
3817
3818 if (CompleteHandshakes(client.get(), server.get())) {
3819 *out_client = std::move(client);
3820 *out_server = std::move(server);
3821 } else {
3822 out_client->reset();
3823 out_server->reset();
3824 }
3825}
3826
3827class TicketAEADMethodTest
3828 : public ::testing::TestWithParam<testing::tuple<
3829 uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>> {};
3830
3831TEST_P(TicketAEADMethodTest, Resume) {
3832 bssl::UniquePtr<X509> cert = GetTestCertificate();
3833 ASSERT_TRUE(cert);
3834 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3835 ASSERT_TRUE(key);
3836
3837 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3838 ASSERT_TRUE(server_ctx);
3839 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3840 ASSERT_TRUE(client_ctx);
3841
3842 const uint16_t version = testing::get<0>(GetParam());
3843 const unsigned retry_count = testing::get<1>(GetParam());
3844 const ssl_test_ticket_aead_failure_mode failure_mode =
3845 testing::get<2>(GetParam());
3846
3847 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3848 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3849 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3850 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3851 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3852 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3853
3854 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3855 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3856 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3857 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3858 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3859
3860 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3861
3862 bssl::UniquePtr<SSL> client, server;
3863 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3864 server_ctx.get(), retry_count,
3865 failure_mode, nullptr);
3866 switch (failure_mode) {
3867 case ssl_test_ticket_aead_ok:
3868 case ssl_test_ticket_aead_open_hard_fail:
3869 case ssl_test_ticket_aead_open_soft_fail:
3870 ASSERT_TRUE(client);
3871 break;
3872 case ssl_test_ticket_aead_seal_fail:
3873 EXPECT_FALSE(client);
3874 return;
3875 }
3876 EXPECT_FALSE(SSL_session_reused(client.get()));
3877 EXPECT_FALSE(SSL_session_reused(server.get()));
3878
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3879 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3880 SSL_read(client.get(), nullptr, 0);
3881
3882 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3883 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3884 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3885 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3886 switch (failure_mode) {
3887 case ssl_test_ticket_aead_ok:
3888 ASSERT_TRUE(client);
3889 EXPECT_TRUE(SSL_session_reused(client.get()));
3890 EXPECT_TRUE(SSL_session_reused(server.get()));
3891 break;
3892 case ssl_test_ticket_aead_seal_fail:
3893 abort();
3894 break;
3895 case ssl_test_ticket_aead_open_hard_fail:
3896 EXPECT_FALSE(client);
3897 break;
3898 case ssl_test_ticket_aead_open_soft_fail:
3899 ASSERT_TRUE(client);
3900 EXPECT_FALSE(SSL_session_reused(client.get()));
3901 EXPECT_FALSE(SSL_session_reused(server.get()));
3902 }
3903}
3904
3905INSTANTIATE_TEST_CASE_P(
3906 TicketAEADMethodTests, TicketAEADMethodTest,
3907 testing::Combine(
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3908 testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3909 testing::Values(0, 1, 2),
3910 testing::Values(ssl_test_ticket_aead_ok,
3911 ssl_test_ticket_aead_seal_fail,
3912 ssl_test_ticket_aead_open_soft_fail,
3913 ssl_test_ticket_aead_open_hard_fail)));
3914
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3915TEST(SSLTest, SSL3Method) {
3916 bssl::UniquePtr<X509> cert = GetTestCertificate();
3917 ASSERT_TRUE(cert);
3918
3919 // For compatibility, SSLv3_method should work up to SSL_CTX_new and SSL_new.
3920 bssl::UniquePtr<SSL_CTX> ssl3_ctx(SSL_CTX_new(SSLv3_method()));
3921 ASSERT_TRUE(ssl3_ctx);
3922 ASSERT_TRUE(SSL_CTX_use_certificate(ssl3_ctx.get(), cert.get()));
3923 bssl::UniquePtr<SSL> ssl(SSL_new(ssl3_ctx.get()));
3924 EXPECT_TRUE(ssl);
3925
3926 // Create a normal TLS context to test against.
3927 bssl::UniquePtr<SSL_CTX> tls_ctx(SSL_CTX_new(TLS_method()));
3928 ASSERT_TRUE(tls_ctx);
3929 ASSERT_TRUE(SSL_CTX_use_certificate(tls_ctx.get(), cert.get()));
3930
3931 // However, handshaking an SSLv3_method server should fail to resolve the
3932 // version range. Explicit calls to SSL_CTX_set_min_proto_version are the only
3933 // way to enable SSL 3.0.
3934 bssl::UniquePtr<SSL> client, server;
3935 EXPECT_FALSE(ConnectClientAndServer(&client, &server, tls_ctx.get(),
3936 ssl3_ctx.get(),
3937 nullptr /* no session */));
3938 uint32_t err = ERR_get_error();
3939 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3940 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3941
3942 // Likewise for SSLv3_method clients.
3943 EXPECT_FALSE(ConnectClientAndServer(&client, &server, ssl3_ctx.get(),
3944 tls_ctx.get(),
3945 nullptr /* no session */));
3946 err = ERR_get_error();
3947 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3948 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3949}
3950
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]3951TEST(SSLTest, SelectNextProto) {
3952 uint8_t *result;
3953 uint8_t result_len;
3954
3955 // If there is an overlap, it should be returned.
3956 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3957 SSL_select_next_proto(&result, &result_len,
3958 (const uint8_t *)"\1a\2bb\3ccc", 9,
3959 (const uint8_t *)"\1x\1y\1a\1z", 8));
3960 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3961
3962 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3963 SSL_select_next_proto(&result, &result_len,
3964 (const uint8_t *)"\1a\2bb\3ccc", 9,
3965 (const uint8_t *)"\1x\1y\2bb\1z", 9));
3966 EXPECT_EQ(Bytes("bb"), Bytes(result, result_len));
3967
3968 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3969 SSL_select_next_proto(&result, &result_len,
3970 (const uint8_t *)"\1a\2bb\3ccc", 9,
3971 (const uint8_t *)"\1x\1y\3ccc\1z", 10));
3972 EXPECT_EQ(Bytes("ccc"), Bytes(result, result_len));
3973
3974 // Peer preference order takes precedence over local.
3975 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3976 SSL_select_next_proto(&result, &result_len,
3977 (const uint8_t *)"\1a\2bb\3ccc", 9,
3978 (const uint8_t *)"\3ccc\2bb\1a", 9));
3979 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3980
3981 // If there is no overlap, return the first local protocol.
3982 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3983 SSL_select_next_proto(&result, &result_len,
3984 (const uint8_t *)"\1a\2bb\3ccc", 9,
3985 (const uint8_t *)"\1x\2yy\3zzz", 9));
3986 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3987
3988 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3989 SSL_select_next_proto(&result, &result_len, nullptr, 0,
3990 (const uint8_t *)"\1x\2yy\3zzz", 9));
3991 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3992}
3993
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3994TEST(SSLTest, SealRecord) {
3995 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3996 server_ctx(SSL_CTX_new(TLS_method()));
3997 ASSERT_TRUE(client_ctx);
3998 ASSERT_TRUE(server_ctx);
3999
4000 bssl::UniquePtr<X509> cert = GetTestCertificate();
4001 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
4002 ASSERT_TRUE(cert);
4003 ASSERT_TRUE(key);
4004 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
4005 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
4006
4007 bssl::UniquePtr<SSL> client, server;
4008 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
4009 server_ctx.get(),
4010 nullptr /* no session */));
4011
4012 const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
4013 std::vector<uint8_t> prefix(
4014 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4015 body(record.size()),
4016 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4017 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
4018 bssl::MakeSpan(body), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4019 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4020
4021 std::vector<uint8_t> sealed;
4022 sealed.insert(sealed.end(), prefix.begin(), prefix.end());
4023 sealed.insert(sealed.end(), body.begin(), body.end());
4024 sealed.insert(sealed.end(), suffix.begin(), suffix.end());
4025 std::vector<uint8_t> sealed_copy = sealed;
4026
4027 bssl::Span<uint8_t> plaintext;
4028 size_t record_len;
4029 uint8_t alert = 255;
4030 EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
4031 bssl::MakeSpan(sealed)),
4032 bssl::OpenRecordResult::kOK);
4033 EXPECT_EQ(record_len, sealed.size());
4034 EXPECT_EQ(plaintext, record);
4035 EXPECT_EQ(255, alert);
4036}
4037
4038TEST(SSLTest, SealRecordInPlace) {
4039 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
4040 server_ctx(SSL_CTX_new(TLS_method()));
4041 ASSERT_TRUE(client_ctx);
4042 ASSERT_TRUE(server_ctx);
4043
4044 bssl::UniquePtr<X509> cert = GetTestCertificate();
4045 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
4046 ASSERT_TRUE(cert);
4047 ASSERT_TRUE(key);
4048 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
4049 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
4050
4051 bssl::UniquePtr<SSL> client, server;
4052 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
4053 server_ctx.get(),
4054 nullptr /* no session */));
4055
4056 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
4057 std::vector<uint8_t> record = plaintext;
4058 std::vector<uint8_t> prefix(
4059 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4060 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4061 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
4062 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4063 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4064 record.insert(record.begin(), prefix.begin(), prefix.end());
4065 record.insert(record.end(), suffix.begin(), suffix.end());
4066
4067 bssl::Span<uint8_t> result;
4068 size_t record_len;
4069 uint8_t alert;
4070 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
4071 bssl::MakeSpan(record)),
4072 bssl::OpenRecordResult::kOK);
4073 EXPECT_EQ(record_len, record.size());
4074 EXPECT_EQ(plaintext, result);
4075}
4076
4077TEST(SSLTest, SealRecordTrailingData) {
4078 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
4079 server_ctx(SSL_CTX_new(TLS_method()));
4080 ASSERT_TRUE(client_ctx);
4081 ASSERT_TRUE(server_ctx);
4082
4083 bssl::UniquePtr<X509> cert = GetTestCertificate();
4084 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
4085 ASSERT_TRUE(cert);
4086 ASSERT_TRUE(key);
4087 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
4088 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
4089
4090 bssl::UniquePtr<SSL> client, server;
4091 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
4092 server_ctx.get(),
4093 nullptr /* no session */));
4094
4095 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
4096 std::vector<uint8_t> record = plaintext;
4097 std::vector<uint8_t> prefix(
4098 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4099 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4100 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
4101 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4102 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4103 record.insert(record.begin(), prefix.begin(), prefix.end());
4104 record.insert(record.end(), suffix.begin(), suffix.end());
4105 record.insert(record.end(), {5, 4, 3, 2, 1});
4106
4107 bssl::Span<uint8_t> result;
4108 size_t record_len;
4109 uint8_t alert;
4110 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
4111 bssl::MakeSpan(record)),
4112 bssl::OpenRecordResult::kOK);
4113 EXPECT_EQ(record_len, record.size() - 5);
4114 EXPECT_EQ(plaintext, result);
4115}
4116
4117TEST(SSLTest, SealRecordInvalidSpanSize) {
4118 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
4119 server_ctx(SSL_CTX_new(TLS_method()));
4120 ASSERT_TRUE(client_ctx);
4121 ASSERT_TRUE(server_ctx);
4122
4123 bssl::UniquePtr<X509> cert = GetTestCertificate();
4124 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
4125 ASSERT_TRUE(cert);
4126 ASSERT_TRUE(key);
4127 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
4128 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
4129
4130 bssl::UniquePtr<SSL> client, server;
4131 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
4132 server_ctx.get(),
4133 nullptr /* no session */));
4134
4135 std::vector<uint8_t> record = {1, 2, 3, 4, 5};
4136 std::vector<uint8_t> prefix(
4137 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4138 body(record.size()),
4139 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4140
4141 auto expect_err = []() {
4142 int err = ERR_get_error();
4143 EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
4144 EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
4145 ERR_clear_error();
4146 };
4147 EXPECT_FALSE(bssl::SealRecord(
4148 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4149 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4150 expect_err();
4151 EXPECT_FALSE(bssl::SealRecord(
4152 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4153 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4154 expect_err();
4155
4156 EXPECT_FALSE(
4157 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
4158 bssl::MakeSpan(record.data(), record.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4159 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4160 expect_err();
4161 EXPECT_FALSE(
4162 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
4163 bssl::MakeSpan(record.data(), record.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4164 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4165 expect_err();
4166
4167 EXPECT_FALSE(bssl::SealRecord(
4168 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4169 bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4170 expect_err();
4171 EXPECT_FALSE(bssl::SealRecord(
4172 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4173 bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4174 expect_err();
4175}
4176
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]4177// TODO(davidben): Convert this file to GTest properly.
4178TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]4179 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]4180 !TestSSL_SESSIONEncoding(kCustomSession) ||
4181 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
4182 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
4183 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
4184 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]4185 // Test the padding extension at TLS 1.2.
4186 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
4187 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
4188 // will be no PSK binder after the padding extension.
4189 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
4190 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
4191 // will be a PSK binder after the padding extension.
4192 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4193 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]4194 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4195 !ForEachVersion(TestGetPeerCertificate) ||
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]4196 !ForEachVersion(TestNoPeerCertificate) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4197 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]4198 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4199 !ForEachVersion(TestSessionIDContext) ||
4200 !ForEachVersion(TestSessionTimeout) ||
4201 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4202 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]4203 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]4204 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]4205 !ForEachVersion(TestAutoChain) ||
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]4206 !ForEachVersion(TestSSLWriteRetry) ||
4207 !ForEachVersion(TestRecordCallback)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]4208 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]4209 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]4210}
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]4211
4212} // namespace
4213} // namespace bssl