Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 1a66326f098714ea75b13da70612ad5c22d18216 / . / ssl / ssl_test.cc
blob: bc89202a14ec14b10ec7cd04d7873dee6c2afb94 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]52namespace bssl {
53
54namespace {
55
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]56#define TRACED_CALL(code) \
57 do { \
58 SCOPED_TRACE("<- called from here"); \
59 code; \
60 if (::testing::Test::HasFatalFailure()) { \
61 return; \
62 } \
63 } while (false)
64
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]65struct VersionParam {
66 uint16_t version;
67 enum { is_tls, is_dtls } ssl_method;
68 const char name[8];
69};
70
71static const size_t kTicketKeyLen = 48;
72
73static const VersionParam kAllVersions[] = {
74 {SSL3_VERSION, VersionParam::is_tls, "SSL3"},
75 {TLS1_VERSION, VersionParam::is_tls, "TLS1"},
76 {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"},
77 {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"},
78// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
79#if !defined(BORINGSSL_ANDROID_SYSTEM)
80 {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"},
81#endif
82 {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"},
83 {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"},
84};
85
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]86struct ExpectedCipher {
87 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]88 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]89};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]90
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]91struct CipherTest {
92 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]93 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]94 // The list of expected ciphers, in order.
95 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]96 // True if this cipher list should fail in strict mode.
97 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]98};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]99
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]100struct CurveTest {
101 // The rule string to apply.
102 const char *rule;
103 // The list of expected curves, in order.
104 std::vector<uint16_t> expected;
105};
106
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]107static const CipherTest kCipherTests[] = {
108 // Selecting individual ciphers should work.
109 {
110 "ECDHE-ECDSA-CHACHA20-POLY1305:"
111 "ECDHE-RSA-CHACHA20-POLY1305:"
112 "ECDHE-ECDSA-AES128-GCM-SHA256:"
113 "ECDHE-RSA-AES128-GCM-SHA256",
114 {
115 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]116 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]117 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
118 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
119 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]120 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]121 },
122 // + reorders selected ciphers to the end, keeping their relative order.
123 {
124 "ECDHE-ECDSA-CHACHA20-POLY1305:"
125 "ECDHE-RSA-CHACHA20-POLY1305:"
126 "ECDHE-ECDSA-AES128-GCM-SHA256:"
127 "ECDHE-RSA-AES128-GCM-SHA256:"
128 "+aRSA",
129 {
130 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]131 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
132 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]133 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
134 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]135 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]136 },
137 // ! banishes ciphers from future selections.
138 {
139 "!aRSA:"
140 "ECDHE-ECDSA-CHACHA20-POLY1305:"
141 "ECDHE-RSA-CHACHA20-POLY1305:"
142 "ECDHE-ECDSA-AES128-GCM-SHA256:"
143 "ECDHE-RSA-AES128-GCM-SHA256",
144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
147 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]148 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]149 },
150 // Multiple masks can be ANDed in a single rule.
151 {
152 "kRSA+AESGCM+AES128",
153 {
154 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
155 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]156 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]157 },
158 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]159 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]160 // ECDHE_RSA.
161 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]162 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]163 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]164 "AESGCM+AES128+aRSA",
165 {
166 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]167 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
168 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]169 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]170 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]171 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]172 {
173 "ECDHE-ECDSA-CHACHA20-POLY1305:"
174 "ECDHE-RSA-CHACHA20-POLY1305:"
175 "ECDHE-ECDSA-AES128-GCM-SHA256:"
176 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]177 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]178 {
179 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]180 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]181 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
182 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
183 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]184 true,
185 },
186 // Unknown selectors are no-ops, except in strict mode.
187 {
188 "ECDHE-ECDSA-CHACHA20-POLY1305:"
189 "ECDHE-RSA-CHACHA20-POLY1305:"
190 "ECDHE-ECDSA-AES128-GCM-SHA256:"
191 "ECDHE-RSA-AES128-GCM-SHA256:"
192 "-BOGUS2:+BOGUS3:!BOGUS4",
193 {
194 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
195 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
196 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
197 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
198 },
199 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]200 },
201 // Square brackets specify equi-preference groups.
202 {
203 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
204 "[ECDHE-RSA-CHACHA20-POLY1305]:"
205 "ECDHE-RSA-AES128-GCM-SHA256",
206 {
207 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]208 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]209 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]210 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
211 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]212 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]213 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]214 // Standard names may be used instead of OpenSSL names.
215 {
216 "[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]217 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]218 "[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
219 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
220 {
221 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
222 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
223 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
224 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
225 },
226 false,
227 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]228 // @STRENGTH performs a stable strength-sort of the selected ciphers and
229 // only the selected ciphers.
230 {
231 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]232 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]233 "!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]234 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]235 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]236 // Select ECDHE ones and sort them by strength. Ties should resolve
237 // based on the order above.
238 "kECDHE:@STRENGTH:-ALL:"
239 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
240 // by strength. Then RSA, backwards by strength.
241 "aRSA",
242 {
243 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
244 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]245 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]246 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
247 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
248 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]249 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]250 },
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]251 // Additional masks after @STRENGTH get silently discarded.
252 //
253 // TODO(davidben): Make this an error. If not silently discarded, they get
254 // interpreted as + opcodes which are very different.
255 {
256 "ECDHE-RSA-AES128-GCM-SHA256:"
257 "ECDHE-RSA-AES256-GCM-SHA384:"
258 "@STRENGTH+AES256",
259 {
260 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
261 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
262 },
263 false,
264 },
265 {
266 "ECDHE-RSA-AES128-GCM-SHA256:"
267 "ECDHE-RSA-AES256-GCM-SHA384:"
268 "@STRENGTH+AES256:"
269 "ECDHE-RSA-CHACHA20-POLY1305",
270 {
271 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
272 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
273 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
274 },
275 false,
276 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]277 // Exact ciphers may not be used in multi-part rules; they are treated
278 // as unknown aliases.
279 {
280 "ECDHE-ECDSA-AES128-GCM-SHA256:"
281 "ECDHE-RSA-AES128-GCM-SHA256:"
282 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
283 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
284 {
285 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
286 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
287 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]288 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]289 },
290 // SSLv3 matches everything that existed before TLS 1.2.
291 {
292 "AES128-SHA:AES128-SHA256:!SSLv3",
293 {
294 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
295 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]296 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]297 },
298 // TLSv1.2 matches everything added in TLS 1.2.
299 {
300 "AES128-SHA:AES128-SHA256:!TLSv1.2",
301 {
302 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
303 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]304 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]305 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]306 // The two directives have no intersection. But each component is valid, so
307 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]308 {
309 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
310 {
311 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
312 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
313 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]314 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]315 },
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]316 // Spaces, semi-colons and commas are separators.
317 {
318 "AES128-SHA: AES128-SHA256 AES256-SHA ,AES256-SHA256 ; AES128-GCM-SHA256",
319 {
320 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
321 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
322 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
323 {TLS1_CK_RSA_WITH_AES_256_SHA256, 0},
324 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
325 },
326 // …but not in strict mode.
327 true,
328 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]329};
330
331static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]332 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]333 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
334 "RSA]",
335 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]336 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]337 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]338 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]339 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]340 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]341 "",
342 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]343 // COMPLEMENTOFDEFAULT is empty.
344 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]345 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]346 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]347 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]348 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
349 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
350 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
351 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]352 // Opcode supplied, but missing selector.
353 "+",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]354 // Spaces are forbidden in equal-preference groups.
355 "[AES128-SHA | AES128-SHA256]",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]356};
357
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]358static const char *kMustNotIncludeNull[] = {
359 "ALL",
360 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]361 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]362 "FIPS",
363 "SHA",
364 "SHA1",
365 "RSA",
366 "SSLv3",
367 "TLSv1",
368 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]369};
370
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]371static const CurveTest kCurveTests[] = {
372 {
373 "P-256",
374 { SSL_CURVE_SECP256R1 },
375 },
376 {
377 "P-256:P-384:P-521:X25519",
378 {
379 SSL_CURVE_SECP256R1,
380 SSL_CURVE_SECP384R1,
381 SSL_CURVE_SECP521R1,
382 SSL_CURVE_X25519,
383 },
384 },
385};
386
387static const char *kBadCurvesLists[] = {
388 "",
389 ":",
390 "::",
391 "P-256::X25519",
392 "RSA:P-256",
393 "P-256:RSA",
394 "X25519:P-256:",
395 ":X25519:P-256",
396};
397
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]398static std::string CipherListToString(SSL_CTX *ctx) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]399 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]400 std::string ret;
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]401 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
402 for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
403 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
404 if (!in_group && SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]405 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]406 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]407 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]408 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]409 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]410 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]411 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]412 ret += SSL_CIPHER_get_name(cipher);
413 ret += "\n";
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]414 if (in_group && !SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]415 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]416 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]417 }
418 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]419 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]420}
421
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]422static bool CipherListsEqual(SSL_CTX *ctx,
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]423 const std::vector<ExpectedCipher> &expected) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]424 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
425 if (sk_SSL_CIPHER_num(ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]426 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]427 }
428
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]429 for (size_t i = 0; i < expected.size(); i++) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]430 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]431 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]432 expected[i].in_group_flag != !!SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]433 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]434 }
435 }
436
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]437 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]438}
439
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]440TEST(SSLTest, CipherRules) {
441 for (const CipherTest &t : kCipherTests) {
442 SCOPED_TRACE(t.rule);
443 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
444 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]445
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]446 // Test lax mode.
447 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]448 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]449 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]450 << CipherListToString(ctx.get());
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]451
452 // Test strict mode.
453 if (t.strict_fail) {
454 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
455 } else {
456 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]457 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]458 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]459 << CipherListToString(ctx.get());
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]460 }
461 }
462
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]463 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]464 SCOPED_TRACE(rule);
465 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
466 ASSERT_TRUE(ctx);
467
468 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]469 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]470 }
471
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]472 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]473 SCOPED_TRACE(rule);
474 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
475 ASSERT_TRUE(ctx);
476
477 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]478 for (const SSL_CIPHER *cipher : SSL_CTX_get_ciphers(ctx.get())) {
479 EXPECT_FALSE(SSL_CIPHER_is_NULL(cipher));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]480 }
481 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]482}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]483
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]484TEST(SSLTest, CurveRules) {
485 for (const CurveTest &t : kCurveTests) {
486 SCOPED_TRACE(t.rule);
487 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
488 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]489
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]490 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
491 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
492 for (size_t i = 0; i < t.expected.size(); i++) {
493 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]494 }
495 }
496
497 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]498 SCOPED_TRACE(rule);
499 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
500 ASSERT_TRUE(ctx);
501
502 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]503 ERR_clear_error();
504 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]505}
506
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]507// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]508static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]509 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]510 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
511 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
512 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
513 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
514 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
515 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
516 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
517 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
518 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
519 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
520 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
521 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
522 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
523 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
524 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
525 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
526 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
527 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
528 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
529 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
530 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
531 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
532 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
533 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
534 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
535 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
536 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
537 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
538 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]539 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]540
541// kCustomSession is a custom serialized SSL_SESSION generated by
542// filling in missing fields from |kOpenSSLSession|. This includes
543// providing |peer_sha256|, so |peer| is not serialized.
544static const char kCustomSession[] =
545 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
546 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
547 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
548 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
549 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
550 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
551 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
552 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
553
554// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
555static const char kBoringSSLSession[] =
556 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
557 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
558 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
559 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
560 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
561 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
562 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
563 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
564 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
565 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
566 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
567 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
568 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
569 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
570 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
571 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
572 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
573 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
574 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
575 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
576 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
577 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
578 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
579 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
580 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
581 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
582 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
583 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
584 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
585 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
586 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
587 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
588 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
589 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
590 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
591 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
592 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
593 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
594 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
595 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
596 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
597 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
598 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
599 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
600 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
601 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
602 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
603 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
604 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
605 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
606 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
607 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
608 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
609 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
610 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
611 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
612 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
613 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
614 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
615 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
616 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
617 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
618 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
619 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
620 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
621 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
622 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
623 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
624 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
625 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
626 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
627 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
628 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
629 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
630 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
631 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
632 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
633 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
634 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
635 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
636 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
637 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
638 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
639 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
640 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
641 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
642 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
643 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
644 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
645 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
646 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
647 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
648 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
649 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
650 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
651
652// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
653// the final (optional) element of |kCustomSession| with tag number 30.
654static const char kBadSessionExtraField[] =
655 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
656 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
657 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
658 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
659 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
660 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
661 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
662 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
663
664// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
665// the version of |kCustomSession| with 2.
666static const char kBadSessionVersion[] =
667 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
668 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
669 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
670 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
671 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
672 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
673 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
674 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
675
676// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
677// appended.
678static const char kBadSessionTrailingData[] =
679 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
680 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
681 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
682 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
683 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
684 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
685 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
686 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
687
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]688static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]689 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 if (!EVP_DecodedLength(&len, strlen(in))) {
691 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]693 }
694
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]695 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]696 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]697 strlen(in))) {
698 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]699 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]700 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]701 out->resize(len);
702 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]703}
704
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]705static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 const uint8_t *cptr;
707 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]708
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]709 // Decode the input.
710 std::vector<uint8_t> input;
711 if (!DecodeBase64(&input, input_b64)) {
712 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]713 }
714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]716 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
717 if (!ssl_ctx) {
718 return false;
719 }
720 bssl::UniquePtr<SSL_SESSION> session(
721 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]722 if (!session) {
723 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]724 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]725 }
726
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]727 // Verify the SSL_SESSION encoding round-trips.
728 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]729 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]730 uint8_t *encoded_raw;
731 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]732 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]733 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]734 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]735 encoded.reset(encoded_raw);
736 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]737 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]738 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]739 hexdump(stderr, "Before: ", input.data(), input.size());
740 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]741 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]742 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]743
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]744 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]745 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]746 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]747 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]748 fprintf(stderr, "d2i_SSL_SESSION failed\n");
749 return false;
750 }
751
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]752 // Verify the SSL_SESSION encoding round-trips via the legacy API.
753 int len = i2d_SSL_SESSION(session.get(), NULL);
754 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]755 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]756 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]757 }
758
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]759 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
760 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]761 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]762 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]763 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]764
765 ptr = encoded.get();
766 len = i2d_SSL_SESSION(session.get(), &ptr);
767 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]768 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]769 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]770 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]771 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]772 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]773 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]774 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]775 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]776 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]777 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]778 }
779
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]780 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]781}
782
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]783static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
784 std::vector<uint8_t> input;
785 if (!DecodeBase64(&input, input_b64)) {
786 return false;
787 }
788
789 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]790 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
791 if (!ssl_ctx) {
792 return false;
793 }
794 bssl::UniquePtr<SSL_SESSION> session(
795 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]796 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]797 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]798 return false;
799 }
800 ERR_clear_error();
801 return true;
802}
803
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]804static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
805 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]806 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]807 ASSERT_TRUE(ctx);
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]808 EXPECT_EQ(min_version, ctx->conf_min_version);
809 EXPECT_EQ(max_version, ctx->conf_max_version);
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]810}
811
812TEST(SSLTest, DefaultVersion) {
813 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
814 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
815 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
816 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
817 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
818 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
819 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
820 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]821}
822
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]823TEST(SSLTest, CipherProperties) {
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]824 static const struct {
825 int id;
826 const char *standard_name;
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]827 int cipher_nid;
828 int digest_nid;
829 int kx_nid;
830 int auth_nid;
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]831 } kTests[] = {
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]832 {
833 SSL3_CK_RSA_DES_192_CBC3_SHA,
834 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
835 NID_des_ede3_cbc,
836 NID_sha1,
837 NID_kx_rsa,
838 NID_auth_rsa,
839 },
840 {
841 TLS1_CK_RSA_WITH_AES_128_SHA,
842 "TLS_RSA_WITH_AES_128_CBC_SHA",
843 NID_aes_128_cbc,
844 NID_sha1,
845 NID_kx_rsa,
846 NID_auth_rsa,
847 },
848 {
849 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
850 "TLS_PSK_WITH_AES_256_CBC_SHA",
851 NID_aes_256_cbc,
852 NID_sha1,
853 NID_kx_psk,
854 NID_auth_psk,
855 },
856 {
857 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
858 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
859 NID_aes_128_cbc,
860 NID_sha256,
861 NID_kx_ecdhe,
862 NID_auth_rsa,
863 },
864 {
865 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
866 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
867 NID_aes_256_cbc,
868 NID_sha384,
869 NID_kx_ecdhe,
870 NID_auth_rsa,
871 },
872 {
873 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
874 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
875 NID_aes_128_gcm,
876 NID_undef,
877 NID_kx_ecdhe,
878 NID_auth_rsa,
879 },
880 {
881 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
882 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
883 NID_aes_128_gcm,
884 NID_undef,
885 NID_kx_ecdhe,
886 NID_auth_ecdsa,
887 },
888 {
889 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
890 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
891 NID_aes_256_gcm,
892 NID_undef,
893 NID_kx_ecdhe,
894 NID_auth_ecdsa,
895 },
896 {
897 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
898 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
899 NID_aes_128_cbc,
900 NID_sha1,
901 NID_kx_ecdhe,
902 NID_auth_psk,
903 },
904 {
905 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
906 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
907 NID_chacha20_poly1305,
908 NID_undef,
909 NID_kx_ecdhe,
910 NID_auth_rsa,
911 },
912 {
913 TLS1_CK_AES_256_GCM_SHA384,
914 "TLS_AES_256_GCM_SHA384",
915 NID_aes_256_gcm,
916 NID_undef,
917 NID_kx_any,
918 NID_auth_any,
919 },
920 {
921 TLS1_CK_AES_128_GCM_SHA256,
922 "TLS_AES_128_GCM_SHA256",
923 NID_aes_128_gcm,
924 NID_undef,
925 NID_kx_any,
926 NID_auth_any,
927 },
928 {
929 TLS1_CK_CHACHA20_POLY1305_SHA256,
930 "TLS_CHACHA20_POLY1305_SHA256",
931 NID_chacha20_poly1305,
932 NID_undef,
933 NID_kx_any,
934 NID_auth_any,
935 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]936 };
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]937
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]938 for (const auto &t : kTests) {
939 SCOPED_TRACE(t.standard_name);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]940
941 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
942 ASSERT_TRUE(cipher);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]943 EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));
944
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]945 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
946 ASSERT_TRUE(rfc_name);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]947 EXPECT_STREQ(t.standard_name, rfc_name.get());
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]948
949 EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher));
950 EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher));
951 EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher));
952 EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher));
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]953 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]954}
955
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]956// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
957// version and ticket length or nullptr on failure.
958static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
959 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]960 std::vector<uint8_t> der;
961 if (!DecodeBase64(&der, kOpenSSLSession)) {
962 return nullptr;
963 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]964
965 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
966 if (!ssl_ctx) {
967 return nullptr;
968 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]969 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]970 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]971 if (!session) {
972 return nullptr;
973 }
974
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]975 session->ssl_version = version;
976
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]977 // Swap out the ticket for a garbage one.
978 OPENSSL_free(session->tlsext_tick);
979 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
980 if (session->tlsext_tick == nullptr) {
981 return nullptr;
982 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]983 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]984 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]985
986 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]987#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
988 session->time = 1234;
989#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]990 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]991#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]992 return session;
993}
994
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]995static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]996 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]997 if (!bio) {
998 return false;
999 }
1000 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]1001 BIO_up_ref(bio.get());
1002 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1003 int ret = SSL_connect(ssl);
1004 if (ret > 0) {
1005 // SSL_connect should fail without a BIO to write to.
1006 return false;
1007 }
1008 ERR_clear_error();
1009
1010 const uint8_t *client_hello;
1011 size_t client_hello_len;
1012 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
1013 return false;
1014 }
1015 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
1016 return true;
1017}
1018
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1019// GetClientHelloLen creates a client SSL connection with the specified version
1020// and ticket length. It returns the length of the ClientHello, not including
1021// the record header, on success and zero on error.
1022static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
1023 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1024 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1025 bssl::UniquePtr<SSL_SESSION> session =
1026 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1027 if (!ctx || !session) {
1028 return 0;
1029 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1030
1031 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1032 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1033 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]1034 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1035 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1036 return 0;
1037 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1038
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1039 std::vector<uint8_t> client_hello;
1040 if (!GetClientHello(ssl.get(), &client_hello) ||
1041 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1042 return 0;
1043 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1044
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1045 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1046}
1047
1048struct PaddingTest {
1049 size_t input_len, padded_len;
1050};
1051
1052static const PaddingTest kPaddingTests[] = {
1053 // ClientHellos of length below 0x100 do not require padding.
1054 {0xfe, 0xfe},
1055 {0xff, 0xff},
1056 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
1057 {0x100, 0x200},
1058 {0x123, 0x200},
1059 {0x1fb, 0x200},
1060 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
1061 // padding extension takes a minimum of four bytes plus one required content
1062 // byte. (To work around yet more server bugs, we avoid empty final
1063 // extensions.)
1064 {0x1fc, 0x201},
1065 {0x1fd, 0x202},
1066 {0x1fe, 0x203},
1067 {0x1ff, 0x204},
1068 // Finally, larger ClientHellos need no padding.
1069 {0x200, 0x200},
1070 {0x201, 0x201},
1071};
1072
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1073static bool TestPaddingExtension(uint16_t max_version,
1074 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1075 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1076 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1077 if (base_len == 0) {
1078 return false;
1079 }
1080
1081 for (const PaddingTest &test : kPaddingTests) {
1082 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1083 fprintf(stderr,
1084 "Baseline ClientHello too long (max_version = %04x, "
1085 "session_version = %04x).\n",
1086 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1087 return false;
1088 }
1089
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1090 size_t padded_len = GetClientHelloLen(max_version, session_version,
1091 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1092 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1093 fprintf(stderr,
1094 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1095 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1096 static_cast<unsigned>(test.input_len),
1097 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1098 static_cast<unsigned>(test.padded_len), max_version,
1099 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1100 return false;
1101 }
1102 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1103
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1104 return true;
1105}
1106
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1107// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1108// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1109TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1110 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1111 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1112 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1113 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1114
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]1115 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1116 ASSERT_TRUE(name);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1117
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]1118 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
1119 ASSERT_TRUE(name_dup);
1120
1121 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
1122 ASSERT_TRUE(stack);
1123
1124 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
1125 name_dup.release();
1126
1127 // |SSL_set_client_CA_list| takes ownership.
1128 SSL_set_client_CA_list(ssl.get(), stack.release());
1129
1130 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1131 ASSERT_TRUE(result);
1132 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1133 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1134}
1135
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1136static void AppendSession(SSL_SESSION *session, void *arg) {
1137 std::vector<SSL_SESSION*> *out =
1138 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1139 out->push_back(session);
1140}
1141
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1142// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1143// order.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1144static bool CacheEquals(SSL_CTX *ctx,
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1145 const std::vector<SSL_SESSION*> &expected) {
1146 // Check the linked list.
1147 SSL_SESSION *ptr = ctx->session_cache_head;
1148 for (SSL_SESSION *session : expected) {
1149 if (ptr != session) {
1150 return false;
1151 }
1152 // TODO(davidben): This is an absurd way to denote the end of the list.
1153 if (ptr->next ==
1154 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1155 ptr = nullptr;
1156 } else {
1157 ptr = ptr->next;
1158 }
1159 }
1160 if (ptr != nullptr) {
1161 return false;
1162 }
1163
1164 // Check the hash table.
1165 std::vector<SSL_SESSION*> actual, expected_copy;
1166 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1167 expected_copy = expected;
1168
1169 std::sort(actual.begin(), actual.end());
1170 std::sort(expected_copy.begin(), expected_copy.end());
1171
1172 return actual == expected_copy;
1173}
1174
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1175static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]1176 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1177 if (!ssl_ctx) {
1178 return nullptr;
1179 }
1180 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1181 if (!ret) {
1182 return nullptr;
1183 }
1184
1185 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1186 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1187 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1188 return ret;
1189}
1190
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1191// Test that the internal session cache behaves as expected.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1192TEST(SSLTest, InternalSessionCache) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1193 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1194 ASSERT_TRUE(ctx);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1195
1196 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1198 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1199 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1200 ASSERT_TRUE(session);
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1201 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1202 }
1203
1204 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1205
1206 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1207 for (const auto &session : sessions) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1208 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1209 }
1210
1211 // Only the last five should be in the list.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1212 ASSERT_TRUE(CacheEquals(
1213 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1214 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1215
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1216 // Inserting an element already in the cache should fail and leave the cache
1217 // unchanged.
1218 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1219 ASSERT_TRUE(CacheEquals(
1220 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1221 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1222
1223 // Although collisions should be impossible (256-bit session IDs), the cache
1224 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1225 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1226 ASSERT_TRUE(collision);
1227 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1228 ASSERT_TRUE(CacheEquals(
1229 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1230 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1231
1232 // Removing sessions behaves correctly.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1233 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1234 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1235 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1236
1237 // Removing sessions requires an exact match.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1238 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1239 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1240
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1241 // The cache remains unchanged.
1242 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1243 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1244}
1245
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1246static uint16_t EpochFromSequence(uint64_t seq) {
1247 return static_cast<uint16_t>(seq >> 48);
1248}
1249
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1250static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1251 static const char kCertPEM[] =
1252 "-----BEGIN CERTIFICATE-----\n"
1253 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1254 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1255 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1256 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1257 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1258 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1259 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1260 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1261 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1262 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1263 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1264 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1265 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1266 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1267 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1268 return bssl::UniquePtr<X509>(
1269 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1270}
1271
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1272static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1273 static const char kKeyPEM[] =
1274 "-----BEGIN RSA PRIVATE KEY-----\n"
1275 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1276 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1277 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1278 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1279 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1280 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1281 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1282 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1283 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1284 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1285 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1286 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1287 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1288 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1289 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1290 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1291 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1292}
1293
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1294static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1295 static const char kCertPEM[] =
1296 "-----BEGIN CERTIFICATE-----\n"
1297 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1298 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1299 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1300 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1301 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1302 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1303 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1304 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1305 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1306 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1307 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1308 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1309 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1310}
1311
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1312static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1313 static const char kKeyPEM[] =
1314 "-----BEGIN PRIVATE KEY-----\n"
1315 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1316 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1317 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1318 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1319 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1320 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1321 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1322}
1323
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1324static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1325 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1326 char *name, *header;
1327 uint8_t *data;
1328 long data_len;
1329 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1330 &data_len)) {
1331 return nullptr;
1332 }
1333 OPENSSL_free(name);
1334 OPENSSL_free(header);
1335
1336 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1337 CRYPTO_BUFFER_new(data, data_len, nullptr));
1338 OPENSSL_free(data);
1339 return ret;
1340}
1341
1342static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1343 static const char kCertPEM[] =
1344 "-----BEGIN CERTIFICATE-----\n"
1345 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1346 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1347 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1348 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1349 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1350 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1351 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1352 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1353 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1354 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1355 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1356 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1357 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1358 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1359 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1360 "1ngWZ7Ih\n"
1361 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1362 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1363}
1364
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1365static bssl::UniquePtr<X509> X509FromBuffer(
1366 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1367 if (!buffer) {
1368 return nullptr;
1369 }
1370 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1371 return bssl::UniquePtr<X509>(
1372 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1373}
1374
1375static bssl::UniquePtr<X509> GetChainTestCertificate() {
1376 return X509FromBuffer(GetChainTestCertificateBuffer());
1377}
1378
1379static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1380 static const char kCertPEM[] =
1381 "-----BEGIN CERTIFICATE-----\n"
1382 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1383 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1384 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1385 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1386 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1387 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1388 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1389 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1390 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1391 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1392 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1393 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1394 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1395 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1396 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1397 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1398 return BufferFromPEM(kCertPEM);
1399}
1400
1401static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1402 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1403}
1404
1405static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1406 static const char kKeyPEM[] =
1407 "-----BEGIN PRIVATE KEY-----\n"
1408 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1409 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1410 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1411 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1412 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1413 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1414 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1415 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1416 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1417 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1418 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1419 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1420 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1421 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1422 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1423 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1424 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1425 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1426 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1427 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1428 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1429 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1430 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1431 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1432 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1433 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1434 "-----END PRIVATE KEY-----\n";
1435 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1436 return bssl::UniquePtr<EVP_PKEY>(
1437 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1438}
1439
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]1440static const uint8_t kTestName[] = {
1441 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
1442 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1443 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
1444 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
1445 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
1446 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64,
1447};
1448
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1449static bool CompleteHandshakes(SSL *client, SSL *server) {
1450 // Drive both their handshakes to completion.
1451 for (;;) {
1452 int client_ret = SSL_do_handshake(client);
1453 int client_err = SSL_get_error(client, client_ret);
1454 if (client_err != SSL_ERROR_NONE &&
1455 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1456 client_err != SSL_ERROR_WANT_WRITE &&
1457 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1458 fprintf(stderr, "Client error: %d\n", client_err);
1459 return false;
1460 }
1461
1462 int server_ret = SSL_do_handshake(server);
1463 int server_err = SSL_get_error(server, server_ret);
1464 if (server_err != SSL_ERROR_NONE &&
1465 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1466 server_err != SSL_ERROR_WANT_WRITE &&
1467 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1468 fprintf(stderr, "Server error: %d\n", server_err);
1469 return false;
1470 }
1471
1472 if (client_ret == 1 && server_ret == 1) {
1473 break;
1474 }
1475 }
1476
1477 return true;
1478}
1479
1480static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1481 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1482 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1483 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1484 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1485 if (!client || !server) {
1486 return false;
1487 }
1488 SSL_set_connect_state(client.get());
1489 SSL_set_accept_state(server.get());
1490
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1491 SSL_set_session(client.get(), session);
1492
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1493 BIO *bio1, *bio2;
1494 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1495 return false;
1496 }
1497 // SSL_set_bio takes ownership.
1498 SSL_set_bio(client.get(), bio1, bio1);
1499 SSL_set_bio(server.get(), bio2, bio2);
1500
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1501 if (!CompleteHandshakes(client.get(), server.get())) {
1502 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1503 }
1504
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1505 *out_client = std::move(client);
1506 *out_server = std::move(server);
1507 return true;
1508}
1509
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1510/* SSLVersionTest executes its test cases under all available protocol versions.
1511 * Test cases call |Connect| to create a connection using context objects with
1512 * the protocol version fixed to the current version under test. */
1513class SSLVersionTest : public ::testing::TestWithParam<VersionParam> {
1514 protected:
1515 SSLVersionTest() : cert_(GetTestCertificate()), key_(GetTestKey()) {}
1516
1517 void SetUp() { ResetContexts(); }
1518
1519 bssl::UniquePtr<SSL_CTX> CreateContext() const {
1520 const SSL_METHOD *method = is_dtls() ? DTLS_method() : TLS_method();
1521 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1522 if (!ctx || !SSL_CTX_set_min_proto_version(ctx.get(), version()) ||
1523 !SSL_CTX_set_max_proto_version(ctx.get(), version())) {
1524 return nullptr;
1525 }
1526 return ctx;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1527 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1528
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1529 void ResetContexts() {
1530 ASSERT_TRUE(cert_);
1531 ASSERT_TRUE(key_);
1532 client_ctx_ = CreateContext();
1533 ASSERT_TRUE(client_ctx_);
1534 server_ctx_ = CreateContext();
1535 ASSERT_TRUE(server_ctx_);
1536 // Set up a server cert. Client certs can be set up explicitly.
1537 ASSERT_TRUE(UseCertAndKey(server_ctx_.get()));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1538 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1539
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1540 bool UseCertAndKey(SSL_CTX *ctx) const {
1541 return SSL_CTX_use_certificate(ctx, cert_.get()) &&
1542 SSL_CTX_use_PrivateKey(ctx, key_.get());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1543 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1544
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1545 bool Connect() {
1546 return ConnectClientAndServer(&client_, &server_, client_ctx_.get(),
1547 server_ctx_.get(), nullptr /* no session */);
1548 }
1549
1550 uint16_t version() const { return GetParam().version; }
1551
1552 bool is_dtls() const {
1553 return GetParam().ssl_method == VersionParam::is_dtls;
1554 }
1555
1556 bssl::UniquePtr<SSL> client_, server_;
1557 bssl::UniquePtr<SSL_CTX> server_ctx_, client_ctx_;
1558 bssl::UniquePtr<X509> cert_;
1559 bssl::UniquePtr<EVP_PKEY> key_;
1560};
1561
1562INSTANTIATE_TEST_CASE_P(WithVersion, SSLVersionTest,
1563 testing::ValuesIn(kAllVersions),
1564 [](const testing::TestParamInfo<VersionParam> &i) {
1565 return i.param.name;
1566 });
1567
1568TEST_P(SSLVersionTest, SequenceNumber) {
1569 ASSERT_TRUE(Connect());
1570
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1571 // Drain any post-handshake messages to ensure there are no unread records
1572 // on either end.
1573 uint8_t byte = 0;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1574 ASSERT_LE(SSL_read(client_.get(), &byte, 1), 0);
1575 ASSERT_LE(SSL_read(server_.get(), &byte, 1), 0);
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1576
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1577 uint64_t client_read_seq = SSL_get_read_sequence(client_.get());
1578 uint64_t client_write_seq = SSL_get_write_sequence(client_.get());
1579 uint64_t server_read_seq = SSL_get_read_sequence(server_.get());
1580 uint64_t server_write_seq = SSL_get_write_sequence(server_.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1581
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1582 if (is_dtls()) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1583 // Both client and server must be at epoch 1.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1584 EXPECT_EQ(EpochFromSequence(client_read_seq), 1);
1585 EXPECT_EQ(EpochFromSequence(client_write_seq), 1);
1586 EXPECT_EQ(EpochFromSequence(server_read_seq), 1);
1587 EXPECT_EQ(EpochFromSequence(server_write_seq), 1);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1588
1589 // The next record to be written should exceed the largest received.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1590 EXPECT_GT(client_write_seq, server_read_seq);
1591 EXPECT_GT(server_write_seq, client_read_seq);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1592 } else {
1593 // The next record to be written should equal the next to be received.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1594 EXPECT_EQ(client_write_seq, server_read_seq);
1595 EXPECT_EQ(server_write_seq, client_read_seq);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1596 }
1597
1598 // Send a record from client to server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1599 EXPECT_EQ(SSL_write(client_.get(), &byte, 1), 1);
1600 EXPECT_EQ(SSL_read(server_.get(), &byte, 1), 1);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1601
1602 // The client write and server read sequence numbers should have
1603 // incremented.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1604 EXPECT_EQ(client_write_seq + 1, SSL_get_write_sequence(client_.get()));
1605 EXPECT_EQ(server_read_seq + 1, SSL_get_read_sequence(server_.get()));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1606}
1607
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1608TEST_P(SSLVersionTest, OneSidedShutdown) {
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1609 // SSL_shutdown is a no-op in DTLS.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1610 if (is_dtls()) {
1611 return;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1612 }
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1613 ASSERT_TRUE(Connect());
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1614
1615 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1616 // one side has shut down.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1617 ASSERT_EQ(SSL_shutdown(client_.get()), 0);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1618
1619 // Reading from the server should consume the EOF.
1620 uint8_t byte;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1621 ASSERT_EQ(SSL_read(server_.get(), &byte, 1), 0);
1622 ASSERT_EQ(SSL_get_error(server_.get(), 0), SSL_ERROR_ZERO_RETURN);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1623
1624 // However, the server may continue to write data and then shut down the
1625 // connection.
1626 byte = 42;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1627 ASSERT_EQ(SSL_write(server_.get(), &byte, 1), 1);
1628 ASSERT_EQ(SSL_read(client_.get(), &byte, 1), 1);
1629 ASSERT_EQ(byte, 42);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1630
1631 // The server may then shutdown the connection.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1632 EXPECT_EQ(SSL_shutdown(server_.get()), 1);
1633 EXPECT_EQ(SSL_shutdown(client_.get()), 1);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1634}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1635
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1636TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1637 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1638 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1639 ASSERT_TRUE(client_ctx);
1640 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1641
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1642 bssl::UniquePtr<X509> cert = GetTestCertificate();
1643 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1644 ASSERT_TRUE(cert);
1645 ASSERT_TRUE(key);
1646 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1647 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1648
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1649 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1650 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1651 server_ctx.get(),
1652 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1653
1654 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjamin31b0c9b2017-07-20 14:49:15 -0400[diff] [blame]1655 bssl::UniquePtr<SSL_SESSION> session1 =
1656 bssl::SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1657 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1658
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1659 session1->not_resumable = 0;
1660
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1661 uint8_t *s0_bytes, *s1_bytes;
1662 size_t s0_len, s1_len;
1663
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1664 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1665 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1666
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1667 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1668 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1669
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1670 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1671}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1672
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1673static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]1674 EXPECT_EQ(rfd, SSL_get_fd(ssl));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1675 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1676 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1677
1678 // The wrapper BIOs are always equal when fds are equal, even if set
1679 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1680 if (rfd == wfd) {
1681 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1682 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1683}
1684
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1685TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1686 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1687 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1688
1689 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1690 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1691 ASSERT_TRUE(ssl);
1692 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1693 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1694 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1695
1696 // Test setting the same FD.
1697 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1698 ASSERT_TRUE(ssl);
1699 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1700 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1701
1702 // Test setting the same FD one side at a time.
1703 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1704 ASSERT_TRUE(ssl);
1705 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1706 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1707 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1708
1709 // Test setting the same FD in the other order.
1710 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1711 ASSERT_TRUE(ssl);
1712 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1713 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1714 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1715
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1716 // Test changing the read FD partway through.
1717 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1718 ASSERT_TRUE(ssl);
1719 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1720 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1721 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1722
1723 // Test changing the write FD partway through.
1724 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1725 ASSERT_TRUE(ssl);
1726 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1727 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1728 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1729
1730 // Test a no-op change to the read FD partway through.
1731 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1732 ASSERT_TRUE(ssl);
1733 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1734 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1735 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1736
1737 // Test a no-op change to the write FD partway through.
1738 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1739 ASSERT_TRUE(ssl);
1740 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1741 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1742 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1743
1744 // ASan builds will implicitly test that the internal |BIO| reference-counting
1745 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1746}
1747
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1748TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1749 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1750 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1751
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1752 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1753 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1754 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1755 ASSERT_TRUE(ssl);
1756 ASSERT_TRUE(bio1);
1757 ASSERT_TRUE(bio2);
1758 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1759
1760 // SSL_set_bio takes one reference when the parameters are the same.
1761 BIO_up_ref(bio1.get());
1762 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1763
1764 // Repeating the call does nothing.
1765 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1766
1767 // It takes one reference each when the parameters are different.
1768 BIO_up_ref(bio2.get());
1769 BIO_up_ref(bio3.get());
1770 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1771
1772 // Repeating the call does nothing.
1773 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1774
1775 // It takes one reference when changing only wbio.
1776 BIO_up_ref(bio1.get());
1777 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1778
1779 // It takes one reference when changing only rbio and the two are different.
1780 BIO_up_ref(bio3.get());
1781 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1782
1783 // If setting wbio to rbio, it takes no additional references.
1784 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1785
1786 // From there, wbio may be switched to something else.
1787 BIO_up_ref(bio1.get());
1788 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1789
1790 // If setting rbio to wbio, it takes no additional references.
1791 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1792
1793 // From there, rbio may be switched to something else, but, for historical
1794 // reasons, it takes a reference to both parameters.
1795 BIO_up_ref(bio1.get());
1796 BIO_up_ref(bio2.get());
1797 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1798
1799 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1800 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1801}
1802
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1803static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1804
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1805TEST_P(SSLVersionTest, GetPeerCertificate) {
1806 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1807
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1808 // Configure both client and server to accept any certificate.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1809 SSL_CTX_set_verify(client_ctx_.get(),
1810 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1811 nullptr);
1812 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
1813 SSL_CTX_set_verify(server_ctx_.get(),
1814 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1815 nullptr);
1816 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1817
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1818 ASSERT_TRUE(Connect());
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1819
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1820 // Client and server should both see the leaf certificate.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1821 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1822 ASSERT_TRUE(peer);
1823 ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1824
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1825 peer.reset(SSL_get_peer_certificate(client_.get()));
1826 ASSERT_TRUE(peer);
1827 ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1828
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1829 // However, for historical reasons, the X509 chain includes the leaf on the
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1830 // client, but does not on the server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1831 EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(client_.get())), 1u);
1832 EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client_.get())),
1833 1u);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1834
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1835 EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(server_.get())), 0u);
1836 EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server_.get())),
1837 1u);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1838}
1839
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1840TEST_P(SSLVersionTest, NoPeerCertificate) {
1841 SSL_CTX_set_verify(server_ctx_.get(), SSL_VERIFY_PEER, nullptr);
1842 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
1843 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1844
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1845 ASSERT_TRUE(Connect());
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1846
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1847 // Server should not see a peer certificate.
1848 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1849 ASSERT_FALSE(peer);
1850 ASSERT_FALSE(SSL_get0_peer_certificates(server_.get()));
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1851}
1852
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1853TEST_P(SSLVersionTest, RetainOnlySHA256OfCerts) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1854 uint8_t *cert_der = NULL;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1855 int cert_der_len = i2d_X509(cert_.get(), &cert_der);
1856 ASSERT_GE(cert_der_len, 0);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1857 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1858
1859 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1860 SHA256(cert_der, cert_der_len, cert_sha256);
1861
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1862 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
1863
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1864 // Configure both client and server to accept any certificate, but the
1865 // server must retain only the SHA-256 of the peer.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1866 SSL_CTX_set_verify(client_ctx_.get(),
1867 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1868 nullptr);
1869 SSL_CTX_set_verify(server_ctx_.get(),
1870 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1871 nullptr);
1872 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
1873 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
1874 SSL_CTX_set_retain_only_sha256_of_client_certs(server_ctx_.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1875
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1876 ASSERT_TRUE(Connect());
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1877
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1878 // The peer certificate has been dropped.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1879 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1880 EXPECT_FALSE(peer);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1881
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1882 SSL_SESSION *session = SSL_get_session(server_.get());
1883 EXPECT_TRUE(session->peer_sha256_valid);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1884
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]1885 EXPECT_EQ(Bytes(cert_sha256), Bytes(session->peer_sha256));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1886}
1887
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1888static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1889 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1890 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1891 // Our default cipher list varies by CPU capabilities, so manually place the
1892 // ChaCha20 ciphers in front.
Matthew Braithwaite7e06de52017-04-10 15:52:14 -0700[diff] [blame]1893 const char* cipher_list = "CHACHA20:ALL";
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1894 if (!ctx ||
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]1895 // SSLv3 is off by default.
1896 !SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1897 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1898 !SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list)) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1899 return false;
1900 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1901
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1902 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1903 if (!ssl) {
1904 return false;
1905 }
1906 std::vector<uint8_t> client_hello;
1907 if (!GetClientHello(ssl.get(), &client_hello)) {
1908 return false;
1909 }
1910
1911 // Zero the client_random.
1912 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1913 1 + 3 + // handshake message header
1914 2; // client_version
1915 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1916 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1917 return false;
1918 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1919 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1920
1921 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1922 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1923 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1924 fprintf(stderr, "Got:\n\t");
1925 for (size_t i = 0; i < client_hello.size(); i++) {
1926 fprintf(stderr, "0x%02x, ", client_hello[i]);
1927 }
1928 fprintf(stderr, "\nWanted:\n\t");
1929 for (size_t i = 0; i < expected_len; i++) {
1930 fprintf(stderr, "0x%02x, ", expected[i]);
1931 }
1932 fprintf(stderr, "\n");
1933 return false;
1934 }
1935
1936 return true;
1937}
1938
1939// Tests that our ClientHellos do not change unexpectedly.
1940static bool TestClientHello() {
1941 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1942 0x16,
1943 0x03, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1944 0x00, 0x3b,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1945 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1946 0x00, 0x00, 0x37,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1947 0x03, 0x00,
1948 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1949 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1950 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1951 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1952 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1953 0x00, 0x10,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1954 0xc0, 0x09,
1955 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1956 0xc0, 0x0a,
1957 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1958 0x00, 0x2f,
1959 0x00, 0x35,
1960 0x00, 0x0a,
1961 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1962 };
1963 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1964 sizeof(kSSL3ClientHello))) {
1965 return false;
1966 }
1967
1968 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1969 0x16,
1970 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1971 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1972 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1973 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1974 0x03, 0x01,
1975 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1976 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1977 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1978 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1979 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1980 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1981 0xc0, 0x09,
1982 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1983 0xc0, 0x0a,
1984 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1985 0x00, 0x2f,
1986 0x00, 0x35,
1987 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1988 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1989 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1990 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1991 };
1992 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1993 sizeof(kTLS1ClientHello))) {
1994 return false;
1995 }
1996
1997 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1998 0x16,
1999 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2000 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2001 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2002 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2003 0x03, 0x02,
2004 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2005 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2008 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2009 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2010 0xc0, 0x09,
2011 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2012 0xc0, 0x0a,
2013 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2014 0x00, 0x2f,
2015 0x00, 0x35,
2016 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2017 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2018 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2019 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
2020 };
2021 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
2022 sizeof(kTLS11ClientHello))) {
2023 return false;
2024 }
2025
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]2026 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
2027 // builds.
2028#if defined(BORINGSSL_ANDROID_SYSTEM)
2029 return true;
2030#endif
2031
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2032 static const uint8_t kTLS12ClientHello[] = {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2033 0x16,
2034 0x03, 0x01,
2035 0x00, 0x8e,
2036 0x01,
2037 0x00, 0x00, 0x8a,
2038 0x03, 0x03,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]2039 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2040 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2041 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2042 0x00, 0x2a,
2043 0xcc, 0xa9,
2044 0xcc, 0xa8,
2045 0xc0, 0x2b,
2046 0xc0, 0x2f,
2047 0xc0, 0x2c,
2048 0xc0, 0x30,
2049 0xc0, 0x09,
2050 0xc0, 0x23,
2051 0xc0, 0x13,
2052 0xc0, 0x27,
2053 0xc0, 0x0a,
2054 0xc0, 0x24,
2055 0xc0, 0x14,
2056 0xc0, 0x28,
2057 0x00, 0x9c,
2058 0x00, 0x9d,
2059 0x00, 0x2f,
2060 0x00, 0x3c,
2061 0x00, 0x35,
2062 0x00, 0x3d,
2063 0x00, 0x0a,
2064 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2065 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04,
2066 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08,
2067 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2068 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2069 };
2070 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
2071 sizeof(kTLS12ClientHello))) {
2072 return false;
2073 }
2074
2075 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
2076 // implementation has settled enough that it won't change.
2077
2078 return true;
2079}
2080
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2081static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2082
2083static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2084 // Save the most recent session.
2085 g_last_session.reset(session);
2086 return 1;
2087}
2088
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2089static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
Steven Valdeze831a812017-03-09 14:56:07 -0500[diff] [blame]2090 SSL_CTX *server_ctx) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2091 g_last_session = nullptr;
2092 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2093
2094 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2095 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2096 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2097 nullptr /* no session */)) {
2098 fprintf(stderr, "Failed to connect client and server.\n");
2099 return nullptr;
2100 }
2101
2102 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2103 SSL_read(client.get(), nullptr, 0);
2104
2105 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2106
2107 if (!g_last_session) {
2108 fprintf(stderr, "Client did not receive a session.\n");
2109 return nullptr;
2110 }
2111 return std::move(g_last_session);
2112}
2113
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2114static void ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2115 SSL_SESSION *session, bool want_reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2116 bssl::UniquePtr<SSL> client, server;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2117 EXPECT_TRUE(ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2118 session));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2119
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2120 EXPECT_EQ(SSL_session_reused(client.get()), SSL_session_reused(server.get()));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2121
2122 bool was_reused = !!SSL_session_reused(client.get());
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2123 EXPECT_EQ(was_reused, want_reused);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2124}
2125
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2126static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2127 SSL_CTX *server_ctx,
2128 SSL_SESSION *session) {
2129 g_last_session = nullptr;
2130 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2131
2132 bssl::UniquePtr<SSL> client, server;
2133 if (!ConnectClientAndServer(&client, &server, client_ctx,
2134 server_ctx, session)) {
2135 fprintf(stderr, "Failed to connect client and server.\n");
2136 return nullptr;
2137 }
2138
2139 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2140 fprintf(stderr, "Client and server were inconsistent.\n");
2141 return nullptr;
2142 }
2143
2144 if (!SSL_session_reused(client.get())) {
2145 fprintf(stderr, "Session was not reused.\n");
2146 return nullptr;
2147 }
2148
2149 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2150 SSL_read(client.get(), nullptr, 0);
2151
2152 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2153
2154 if (!g_last_session) {
2155 fprintf(stderr, "Client did not receive a renewed session.\n");
2156 return nullptr;
2157 }
2158 return std::move(g_last_session);
2159}
2160
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2161static void ExpectTicketKeyChanged(SSL_CTX *ctx, uint8_t *inout_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2162 bool changed) {
2163 uint8_t new_key[kTicketKeyLen];
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2164 /* May return 0, 1 or 48. */
2165 ASSERT_EQ(SSL_CTX_get_tlsext_ticket_keys(ctx, new_key, kTicketKeyLen), 1);
2166 if (changed) {
2167 ASSERT_NE(Bytes(inout_key, kTicketKeyLen), Bytes(new_key));
2168 } else {
2169 ASSERT_EQ(Bytes(inout_key, kTicketKeyLen), Bytes(new_key));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2170 }
2171 OPENSSL_memcpy(inout_key, new_key, kTicketKeyLen);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2172}
2173
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2174static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2175 static const uint8_t kContext[] = {3};
2176
2177 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2178 return SSL_TLSEXT_ERR_ALERT_FATAL;
2179 }
2180
2181 return SSL_TLSEXT_ERR_OK;
2182}
2183
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2184TEST_P(SSLVersionTest, SessionIDContext) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2185 static const uint8_t kContext1[] = {1};
2186 static const uint8_t kContext2[] = {2};
2187
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2188 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1,
2189 sizeof(kContext1)));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2190
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2191 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2192 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2193
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2194 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2195 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2196 ASSERT_TRUE(session);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2197
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2198 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2199 session.get(),
2200 true /* expect session reused */));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2201
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2202 // Change the session ID context.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2203 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext2,
2204 sizeof(kContext2)));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2205
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2206 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2207 session.get(),
2208 false /* expect session not reused */));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2209
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2210 // Change the session ID context back and install an SNI callback to switch
2211 // it.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2212 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1,
2213 sizeof(kContext1)));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2214
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2215 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(),
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2216 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2217
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2218 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2219 session.get(),
2220 false /* expect session not reused */));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2221
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2222 // Switch the session ID context with the early callback instead.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2223 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2224 SSL_CTX_set_select_certificate_cb(
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2225 server_ctx_.get(),
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2226 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2227 static const uint8_t kContext[] = {3};
2228
2229 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2230 sizeof(kContext))) {
2231 return ssl_select_cert_error;
2232 }
2233
2234 return ssl_select_cert_success;
2235 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2236
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2237 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2238 session.get(),
2239 false /* expect session not reused */));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2240}
2241
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2242static timeval g_current_time;
2243
2244static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2245 *out_clock = g_current_time;
2246}
2247
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2248static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2249 out_clock->tv_sec = 1000;
2250 out_clock->tv_usec = 0;
2251}
2252
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2253static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2254 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2255 int encrypt) {
2256 static const uint8_t kZeros[16] = {0};
2257
2258 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2259 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2260 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2261 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2262 return 0;
2263 }
2264
2265 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2266 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2267 return -1;
2268 }
2269
2270 // Returning two from the callback in decrypt mode renews the
2271 // session in TLS 1.2 and below.
2272 return encrypt ? 1 : 2;
2273}
2274
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2275static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2276 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2277 return false;
2278 }
2279
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2280 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2281 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2282 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2283
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2284#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2285 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2286 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2287#else
2288 static const uint8_t kZeros[16] = {0};
2289 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2290 bssl::ScopedEVP_CIPHER_CTX ctx;
2291 int len1, len2;
2292 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2293 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2294 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2295 return false;
2296 }
2297
2298 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2299#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2300
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2301 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2302 if (!ssl_ctx) {
2303 return false;
2304 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2305 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2306 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2307 if (!server_session) {
2308 return false;
2309 }
2310
2311 *out = server_session->time;
2312 return true;
2313}
2314
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2315TEST_P(SSLVersionTest, SessionTimeout) {
2316 for (bool server_test : {false, true}) {
2317 SCOPED_TRACE(server_test);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2318
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2319 ResetContexts();
2320 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2321 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
2322
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2323 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2324 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2325
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2326 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2327 // resumptions still perform ECDHE.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2328 const time_t timeout = version() == TLS1_3_VERSION
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2329 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2330 : SSL_DEFAULT_SESSION_TIMEOUT;
2331
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2332 // Both client and server must enforce session timeouts. We configure the
2333 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2334 if (server_test) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2335 SSL_CTX_set_current_time_cb(client_ctx_.get(), FrozenTimeCallback);
2336 SSL_CTX_set_current_time_cb(server_ctx_.get(), CurrentTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2337 } else {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2338 SSL_CTX_set_current_time_cb(client_ctx_.get(), CurrentTimeCallback);
2339 SSL_CTX_set_current_time_cb(server_ctx_.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2340 }
2341
2342 // Configure a ticket callback which renews tickets.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2343 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx_.get(), RenewTicketCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2344
2345 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2346 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2347 ASSERT_TRUE(session);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2348
2349 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2350 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2351
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2352 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2353 session.get(),
2354 true /* expect session reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2355
2356 // Advance the clock one more second.
2357 g_current_time.tv_sec++;
2358
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2359 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2360 session.get(),
2361 false /* expect session not reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2362
2363 // Rewind the clock to before the session was minted.
2364 g_current_time.tv_sec = kStartTime - 1;
2365
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2366 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2367 session.get(),
2368 false /* expect session not reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2369
2370 // SSL 3.0 cannot renew sessions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2371 if (version() == SSL3_VERSION) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2372 continue;
2373 }
2374
2375 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2376 time_t new_start_time = kStartTime + timeout - 10;
2377 g_current_time.tv_sec = new_start_time;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2378 bssl::UniquePtr<SSL_SESSION> new_session = ExpectSessionRenewed(
2379 client_ctx_.get(), server_ctx_.get(), session.get());
2380 ASSERT_TRUE(new_session);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2381
2382 // This new session is not the same object as before.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2383 EXPECT_NE(session.get(), new_session.get());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2384
2385 // Check the sessions have timestamps measured from issuance.
2386 long session_time = 0;
2387 if (server_test) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2388 ASSERT_TRUE(GetServerTicketTime(&session_time, new_session.get()));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2389 } else {
2390 session_time = new_session->time;
2391 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2392
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2393 ASSERT_EQ(session_time, g_current_time.tv_sec);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2394
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2395 if (version() == TLS1_3_VERSION) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2396 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2397 // lifetime TLS 1.3.
2398 g_current_time.tv_sec = new_start_time + timeout - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2399 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2400 new_session.get(),
2401 true /* expect session reused */));
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2402
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2403 // The new session expires after the new timeout.
2404 g_current_time.tv_sec = new_start_time + timeout + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2405 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2406 new_session.get(),
2407 false /* expect session ot reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2408
2409 // Renew the session until it begins just past the auth timeout.
2410 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2411 while (new_start_time < auth_end_time - 1000) {
2412 // Get as close as possible to target start time.
2413 new_start_time =
2414 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2415 g_current_time.tv_sec = new_start_time;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2416 new_session = ExpectSessionRenewed(client_ctx_.get(), server_ctx_.get(),
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2417 new_session.get());
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2418 ASSERT_TRUE(new_session);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2419 }
2420
2421 // Now the session's lifetime is bound by the auth timeout.
2422 g_current_time.tv_sec = auth_end_time - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2423 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2424 new_session.get(),
2425 true /* expect session reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2426
2427 g_current_time.tv_sec = auth_end_time + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2428 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2429 new_session.get(),
2430 false /* expect session ot reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2431 } else {
2432 // The new session is usable just before the old expiration.
2433 g_current_time.tv_sec = kStartTime + timeout - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2434 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2435 new_session.get(),
2436 true /* expect session reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2437
2438 // Renewal does not extend the lifetime, so it is not usable beyond the
2439 // old expiration.
2440 g_current_time.tv_sec = kStartTime + timeout + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2441 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2442 new_session.get(),
2443 false /* expect session not reused */));
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2444 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2445 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2446}
2447
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2448TEST_P(SSLVersionTest, DefaultTicketKeyInitialization) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2449 static const uint8_t kZeroKey[kTicketKeyLen] = {};
2450 uint8_t ticket_key[kTicketKeyLen];
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2451 ASSERT_EQ(1, SSL_CTX_get_tlsext_ticket_keys(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2452 kTicketKeyLen));
2453 ASSERT_NE(0, OPENSSL_memcmp(ticket_key, kZeroKey, kTicketKeyLen));
2454}
2455
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2456TEST_P(SSLVersionTest, DefaultTicketKeyRotation) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2457 if (GetParam().version == SSL3_VERSION) {
2458 return;
2459 }
2460
2461 static const time_t kStartTime = 1001;
2462 g_current_time.tv_sec = kStartTime;
2463 uint8_t ticket_key[kTicketKeyLen];
2464
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2465 /* We use session reuse as a proxy for ticket decryption success, hence
2466 * disable session timeouts. */
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2467 SSL_CTX_set_timeout(server_ctx_.get(), std::numeric_limits<uint32_t>::max());
2468 SSL_CTX_set_session_psk_dhe_timeout(server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2469 std::numeric_limits<uint32_t>::max());
2470
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2471 SSL_CTX_set_current_time_cb(client_ctx_.get(), FrozenTimeCallback);
2472 SSL_CTX_set_current_time_cb(server_ctx_.get(), CurrentTimeCallback);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2473
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2474 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2475 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_OFF);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2476
2477 /* Initialize ticket_key with the current key. */
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2478 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2479 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2480
2481 /* Verify ticket resumption actually works. */
2482 bssl::UniquePtr<SSL> client, server;
2483 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2484 CreateClientSession(client_ctx_.get(), server_ctx_.get());
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2485 ASSERT_TRUE(session);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2486 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2487 session.get(), true /* reused */));
2488
2489 /* Advance time to just before key rotation. */
2490 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2491 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2492 session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2493 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2494 false /* NOT changed */));
2495
2496 /* Force key rotation. */
2497 g_current_time.tv_sec += 1;
2498 bssl::UniquePtr<SSL_SESSION> new_session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2499 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2500 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2501 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2502
2503 /* Resumption with both old and new ticket should work. */
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2504 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2505 session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2506 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2507 new_session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2508 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2509 false /* NOT changed */));
2510
2511 /* Force key rotation again. Resumption with the old ticket now fails. */
2512 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2513 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2514 session.get(), false /* NOT reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2515 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2516 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2517
2518 /* But resumption with the newer session still works. */
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2519 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2520 new_session.get(), true /* reused */));
2521}
2522
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2523static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2524 SSL_CTX *ctx = reinterpret_cast<SSL_CTX *>(arg);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2525 SSL_set_SSL_CTX(ssl, ctx);
2526 return SSL_TLSEXT_ERR_OK;
2527}
2528
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2529TEST_P(SSLVersionTest, SNICallback) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2530 // SSL 3.0 lacks extensions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2531 if (version() == SSL3_VERSION) {
2532 return;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2533 }
2534
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2535 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2536 ASSERT_TRUE(cert2);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2537 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2538 ASSERT_TRUE(key2);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2539
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2540 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2541 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2542
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2543 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2544 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2545
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2546 bssl::UniquePtr<SSL_CTX> server_ctx2 = CreateContext();
2547 ASSERT_TRUE(server_ctx2);
2548 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()));
2549 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()));
2550 ASSERT_TRUE(SSL_CTX_set_signed_cert_timestamp_list(
2551 server_ctx2.get(), kSCTList, sizeof(kSCTList)));
2552 ASSERT_TRUE(SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2553 sizeof(kOCSPResponse)));
2554 // Historically signing preferences would be lost in some cases with the
2555 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2556 // this doesn't happen when |version| is TLS 1.2, configure the private
2557 // key to only sign SHA-256.
2558 ASSERT_TRUE(SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
2559 &kECDSAWithSHA256, 1));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2560
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2561 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), SwitchContext);
2562 SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2563
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2564 SSL_CTX_enable_signed_cert_timestamps(client_ctx_.get());
2565 SSL_CTX_enable_ocsp_stapling(client_ctx_.get());
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2566
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2567 ASSERT_TRUE(Connect());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2568
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2569 // The client should have received |cert2|.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2570 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client_.get()));
2571 ASSERT_TRUE(peer);
2572 EXPECT_EQ(X509_cmp(peer.get(), cert2.get()), 0);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2573
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2574 // The client should have received |server_ctx2|'s SCT list.
2575 const uint8_t *data;
2576 size_t len;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2577 SSL_get0_signed_cert_timestamp_list(client_.get(), &data, &len);
2578 EXPECT_EQ(Bytes(kSCTList), Bytes(data, len));
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2579
2580 // The client should have received |server_ctx2|'s OCSP response.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2581 SSL_get0_ocsp_response(client_.get(), &data, &len);
2582 EXPECT_EQ(Bytes(kOCSPResponse), Bytes(data, len));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2583}
2584
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2585// Test that the early callback can swap the maximum version.
2586TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2587 bssl::UniquePtr<X509> cert = GetTestCertificate();
2588 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2589 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2590 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2591 ASSERT_TRUE(cert);
2592 ASSERT_TRUE(key);
2593 ASSERT_TRUE(server_ctx);
2594 ASSERT_TRUE(client_ctx);
2595 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2596 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2597 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2598 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2599
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2600 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2601 server_ctx.get(),
2602 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2603 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2604 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2605 }
2606
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2607 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2608 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2609
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2610 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2611 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2612 server_ctx.get(), nullptr));
2613 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2614}
2615
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2616TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2617 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2618 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2619
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2620 // Set valid TLS versions.
2621 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2622 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2623 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2624 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2625
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2626 // Invalid TLS versions are rejected.
2627 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2628 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2629 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2630 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2631 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2632 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2633
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2634 // Zero is the default version.
2635 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2636 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2637 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2638 EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2639
2640 // SSL 3.0 and TLS 1.3 are available, but not by default.
2641 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2642 EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2643 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2644 EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2645
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2646 // TLS1_3_DRAFT_VERSION is not an API-level version.
2647 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT_VERSION));
2648 ERR_clear_error();
2649
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2650 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2651 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2652
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2653 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2654 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2655 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2656 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2657
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2658 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2659 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2660 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2661 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2662 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2663 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2664 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2665 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2666
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2667 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2668 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2669 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2670 EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2671}
2672
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2673static const char *GetVersionName(uint16_t version) {
2674 switch (version) {
2675 case SSL3_VERSION:
2676 return "SSLv3";
2677 case TLS1_VERSION:
2678 return "TLSv1";
2679 case TLS1_1_VERSION:
2680 return "TLSv1.1";
2681 case TLS1_2_VERSION:
2682 return "TLSv1.2";
2683 case TLS1_3_VERSION:
2684 return "TLSv1.3";
2685 case DTLS1_VERSION:
2686 return "DTLSv1";
2687 case DTLS1_2_VERSION:
2688 return "DTLSv1.2";
2689 default:
2690 return "???";
2691 }
2692}
2693
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2694TEST_P(SSLVersionTest, Version) {
2695 ASSERT_TRUE(Connect());
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2696
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2697 EXPECT_EQ(SSL_version(client_.get()), version());
2698 EXPECT_EQ(SSL_version(server_.get()), version());
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2699
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2700 // Test the version name is reported as expected.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2701 const char *version_name = GetVersionName(version());
2702 EXPECT_EQ(strcmp(version_name, SSL_get_version(client_.get())), 0);
2703 EXPECT_EQ(strcmp(version_name, SSL_get_version(server_.get())), 0);
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2704
2705 // Test SSL_SESSION reports the same name.
2706 const char *client_name =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2707 SSL_SESSION_get_version(SSL_get_session(client_.get()));
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2708 const char *server_name =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2709 SSL_SESSION_get_version(SSL_get_session(server_.get()));
2710 EXPECT_EQ(strcmp(version_name, client_name), 0);
2711 EXPECT_EQ(strcmp(version_name, server_name), 0);
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2712}
2713
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2714// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2715// selection callback.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2716TEST_P(SSLVersionTest, ALPNCipherAvailable) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2717 // SSL 3.0 lacks extensions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2718 if (version() == SSL3_VERSION) {
2719 return;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2720 }
2721
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2722 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2723
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2724 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2725 ASSERT_EQ(SSL_CTX_set_alpn_protos(client_ctx_.get(), kALPNProtos,
2726 sizeof(kALPNProtos)),
2727 0);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2728
2729 // The ALPN callback does not fail the handshake on error, so have the
2730 // callback write a boolean.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2731 std::pair<uint16_t, bool> callback_state(version(), false);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2732 SSL_CTX_set_alpn_select_cb(
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2733 server_ctx_.get(),
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2734 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2735 unsigned in_len, void *arg) -> int {
2736 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2737 if (SSL_get_pending_cipher(ssl) != nullptr &&
2738 SSL_version(ssl) == state->first) {
2739 state->second = true;
2740 }
2741 return SSL_TLSEXT_ERR_NOACK;
2742 },
2743 &callback_state);
2744
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2745 ASSERT_TRUE(Connect());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2746
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2747 ASSERT_TRUE(callback_state.second);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2748}
2749
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2750TEST_P(SSLVersionTest, SSLClearSessionResumption) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2751 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2752 // API pattern.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2753 if (version() == TLS1_3_VERSION) {
2754 return;
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2755 }
2756
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2757 ASSERT_TRUE(Connect());
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2758
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2759 EXPECT_FALSE(SSL_session_reused(client_.get()));
2760 EXPECT_FALSE(SSL_session_reused(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2761
2762 // Reset everything.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2763 ASSERT_TRUE(SSL_clear(client_.get()));
2764 ASSERT_TRUE(SSL_clear(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2765
2766 // Attempt to connect a second time.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2767 ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2768
2769 // |SSL_clear| should implicitly offer the previous session to the server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2770 EXPECT_TRUE(SSL_session_reused(client_.get()));
2771 EXPECT_TRUE(SSL_session_reused(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2772}
2773
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2774static bool ChainsEqual(STACK_OF(X509) * chain,
2775 const std::vector<X509 *> &expected) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2776 if (sk_X509_num(chain) != expected.size()) {
2777 return false;
2778 }
2779
2780 for (size_t i = 0; i < expected.size(); i++) {
2781 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2782 return false;
2783 }
2784 }
2785
2786 return true;
2787}
2788
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2789TEST_P(SSLVersionTest, AutoChain) {
2790 cert_ = GetChainTestCertificate();
2791 ASSERT_TRUE(cert_);
2792 key_ = GetChainTestKey();
2793 ASSERT_TRUE(key_);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2794 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2795 ASSERT_TRUE(intermediate);
2796
2797 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2798 ASSERT_TRUE(UseCertAndKey(server_ctx_.get()));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2799
2800 // Configure both client and server to accept any certificate. Add
2801 // |intermediate| to the cert store.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2802 ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(client_ctx_.get()),
2803 intermediate.get()));
2804 ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(server_ctx_.get()),
2805 intermediate.get()));
2806 SSL_CTX_set_verify(client_ctx_.get(),
2807 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2808 nullptr);
2809 SSL_CTX_set_verify(server_ctx_.get(),
2810 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2811 nullptr);
2812 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
2813 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2814
2815 // By default, the client and server should each only send the leaf.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2816 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2817
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2818 EXPECT_TRUE(
2819 ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()), {cert_.get()}));
2820 EXPECT_TRUE(
2821 ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()), {cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2822
2823 // If auto-chaining is enabled, then the intermediate is sent.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2824 SSL_CTX_clear_mode(client_ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
2825 SSL_CTX_clear_mode(server_ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
2826 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2827
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2828 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()),
2829 {cert_.get(), intermediate.get()}));
2830 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()),
2831 {cert_.get(), intermediate.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2832
2833 // Auto-chaining does not override explicitly-configured intermediates.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2834 ASSERT_TRUE(SSL_CTX_add1_chain_cert(client_ctx_.get(), cert_.get()));
2835 ASSERT_TRUE(SSL_CTX_add1_chain_cert(server_ctx_.get(), cert_.get()));
2836 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2837
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2838 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()),
2839 {cert_.get(), cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2840
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2841 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()),
2842 {cert_.get(), cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2843}
2844
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2845static bool ExpectBadWriteRetry() {
2846 int err = ERR_get_error();
2847 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2848 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2849 char buf[ERR_ERROR_STRING_BUF_LEN];
2850 ERR_error_string_n(err, buf, sizeof(buf));
2851 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2852 return false;
2853 }
2854
2855 if (ERR_peek_error() != 0) {
2856 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2857 return false;
2858 }
2859
2860 return true;
2861}
2862
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2863TEST_P(SSLVersionTest, SSLWriteRetry) {
2864 if (is_dtls()) {
2865 return;
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2866 }
2867
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2868 for (bool enable_partial_write : {false, true}) {
2869 SCOPED_TRACE(enable_partial_write);
2870
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2871 // Connect a client and server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2872 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2873
2874 ASSERT_TRUE(Connect());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2875
2876 if (enable_partial_write) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2877 SSL_set_mode(client_.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2878 }
2879
2880 // Write without reading until the buffer is full and we have an unfinished
2881 // write. Keep a count so we may reread it again later. "hello!" will be
2882 // written in two chunks, "hello" and "!".
2883 char data[] = "hello!";
2884 static const int kChunkLen = 5; // The length of "hello".
2885 unsigned count = 0;
2886 for (;;) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2887 int ret = SSL_write(client_.get(), data, kChunkLen);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2888 if (ret <= 0) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2889 ASSERT_EQ(SSL_get_error(client_.get(), ret), SSL_ERROR_WANT_WRITE);
2890 break;
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2891 }
2892
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2893 ASSERT_EQ(ret, 5);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2894
2895 count++;
2896 }
2897
2898 // Retrying with the same parameters is legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2899 ASSERT_EQ(
2900 SSL_get_error(client_.get(), SSL_write(client_.get(), data, kChunkLen)),
2901 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2902
2903 // Retrying with the same buffer but shorter length is not legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2904 ASSERT_EQ(SSL_get_error(client_.get(),
2905 SSL_write(client_.get(), data, kChunkLen - 1)),
2906 SSL_ERROR_SSL);
2907 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2908
2909 // Retrying with a different buffer pointer is not legal.
2910 char data2[] = "hello";
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2911 ASSERT_EQ(SSL_get_error(client_.get(),
2912 SSL_write(client_.get(), data2, kChunkLen)),
2913 SSL_ERROR_SSL);
2914 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2915
2916 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2917 SSL_set_mode(client_.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2918 ASSERT_EQ(SSL_get_error(client_.get(),
2919 SSL_write(client_.get(), data2, kChunkLen)),
2920 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2921
2922 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2923 ASSERT_EQ(SSL_get_error(client_.get(),
2924 SSL_write(client_.get(), data2, kChunkLen - 1)),
2925 SSL_ERROR_SSL);
2926 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2927
2928 // Retrying with a larger buffer is legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2929 ASSERT_EQ(SSL_get_error(client_.get(),
2930 SSL_write(client_.get(), data, kChunkLen + 1)),
2931 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2932
2933 // Drain the buffer.
2934 char buf[20];
2935 for (unsigned i = 0; i < count; i++) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2936 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), kChunkLen);
2937 ASSERT_EQ(OPENSSL_memcmp(buf, "hello", kChunkLen), 0);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2938 }
2939
2940 // Now that there is space, a retry with a larger buffer should flush the
2941 // pending record, skip over that many bytes of input (on assumption they
2942 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
2943 // is set, this will complete in two steps.
2944 char data3[] = "_____!";
2945 if (enable_partial_write) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2946 ASSERT_EQ(SSL_write(client_.get(), data3, kChunkLen + 1), kChunkLen);
2947 ASSERT_EQ(SSL_write(client_.get(), data3 + kChunkLen, 1), 1);
2948 } else {
2949 ASSERT_EQ(SSL_write(client_.get(), data3, kChunkLen + 1), kChunkLen + 1);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2950 }
2951
2952 // Check the last write was correct. The data will be spread over two
2953 // records, so SSL_read returns twice.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2954 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), kChunkLen);
2955 ASSERT_EQ(OPENSSL_memcmp(buf, "hello", kChunkLen), 0);
2956 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), 1);
2957 ASSERT_EQ(buf[0], '!');
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2958 }
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2959}
2960
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2961TEST_P(SSLVersionTest, RecordCallback) {
2962 for (bool test_server : {true, false}) {
2963 SCOPED_TRACE(test_server);
2964 ResetContexts();
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]2965
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2966 bool read_seen = false;
2967 bool write_seen = false;
2968 auto cb = [&](int is_write, int cb_version, int cb_type, const void *buf,
2969 size_t len, SSL *ssl) {
2970 if (cb_type != SSL3_RT_HEADER) {
2971 return;
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2972 }
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]2973
2974 // The callback does not report a version for records.
2975 EXPECT_EQ(0, cb_version);
2976
2977 if (is_write) {
2978 write_seen = true;
2979 } else {
2980 read_seen = true;
2981 }
2982
2983 // Sanity-check that the record header is plausible.
2984 CBS cbs;
2985 CBS_init(&cbs, reinterpret_cast<const uint8_t *>(buf), len);
2986 uint8_t type;
2987 uint16_t record_version, length;
2988 ASSERT_TRUE(CBS_get_u8(&cbs, &type));
2989 ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
2990 EXPECT_TRUE(record_version == version() ||
2991 record_version == (is_dtls() ? DTLS1_VERSION : TLS1_VERSION))
2992 << "Invalid record version: " << record_version;
2993 if (is_dtls()) {
2994 uint16_t epoch;
2995 ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
2996 EXPECT_TRUE(epoch == 0 || epoch == 1) << "Invalid epoch: " << epoch;
2997 ASSERT_TRUE(CBS_skip(&cbs, 6));
2998 }
2999 ASSERT_TRUE(CBS_get_u16(&cbs, &length));
3000 EXPECT_EQ(0u, CBS_len(&cbs));
3001 };
3002 using CallbackType = decltype(cb);
3003 SSL_CTX *ctx = test_server ? server_ctx_.get() : client_ctx_.get();
3004 SSL_CTX_set_msg_callback(
3005 ctx, [](int is_write, int cb_version, int cb_type, const void *buf,
3006 size_t len, SSL *ssl, void *arg) {
3007 CallbackType *cb_ptr = reinterpret_cast<CallbackType *>(arg);
3008 (*cb_ptr)(is_write, cb_version, cb_type, buf, len, ssl);
3009 });
3010 SSL_CTX_set_msg_callback_arg(ctx, &cb);
3011
3012 ASSERT_TRUE(Connect());
3013
3014 EXPECT_TRUE(read_seen);
3015 EXPECT_TRUE(write_seen);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3016 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3017}
3018
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3019TEST(SSLTest, AddChainCertHack) {
3020 // Ensure that we don't accidently break the hack that we have in place to
3021 // keep curl and serf happy when they use an |X509| even after transfering
3022 // ownership.
3023
3024 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3025 ASSERT_TRUE(ctx);
3026 X509 *cert = GetTestCertificate().release();
3027 ASSERT_TRUE(cert);
3028 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3029
3030 // This should not trigger a use-after-free.
3031 X509_cmp(cert, cert);
3032}
3033
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3034TEST(SSLTest, GetCertificate) {
3035 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3036 ASSERT_TRUE(ctx);
3037 bssl::UniquePtr<X509> cert = GetTestCertificate();
3038 ASSERT_TRUE(cert);
3039 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3040 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3041 ASSERT_TRUE(ssl);
3042
3043 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3044 ASSERT_TRUE(cert2);
3045 X509 *cert3 = SSL_get_certificate(ssl.get());
3046 ASSERT_TRUE(cert3);
3047
3048 // The old and new certificates must be identical.
3049 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3050 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3051
3052 uint8_t *der = nullptr;
3053 long der_len = i2d_X509(cert.get(), &der);
3054 ASSERT_LT(0, der_len);
3055 bssl::UniquePtr<uint8_t> free_der(der);
3056
3057 uint8_t *der2 = nullptr;
3058 long der2_len = i2d_X509(cert2, &der2);
3059 ASSERT_LT(0, der2_len);
3060 bssl::UniquePtr<uint8_t> free_der2(der2);
3061
3062 uint8_t *der3 = nullptr;
3063 long der3_len = i2d_X509(cert3, &der3);
3064 ASSERT_LT(0, der3_len);
3065 bssl::UniquePtr<uint8_t> free_der3(der3);
3066
3067 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3068 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3069 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3070}
3071
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3072TEST(SSLTest, SetChainAndKeyMismatch) {
3073 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3074 ASSERT_TRUE(ctx);
3075
3076 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3077 ASSERT_TRUE(key);
3078 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3079 ASSERT_TRUE(leaf);
3080 std::vector<CRYPTO_BUFFER*> chain = {
3081 leaf.get(),
3082 };
3083
3084 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3085 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3086 key.get(), nullptr));
3087 ERR_clear_error();
3088}
3089
3090TEST(SSLTest, SetChainAndKey) {
3091 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3092 ASSERT_TRUE(client_ctx);
3093 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3094 ASSERT_TRUE(server_ctx);
3095
3096 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3097 ASSERT_TRUE(key);
3098 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3099 ASSERT_TRUE(leaf);
3100 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3101 GetChainTestIntermediateBuffer();
3102 ASSERT_TRUE(intermediate);
3103 std::vector<CRYPTO_BUFFER*> chain = {
3104 leaf.get(), intermediate.get(),
3105 };
3106 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3107 chain.size(), key.get(), nullptr));
3108
David Benjamin3a1dd462017-07-11 16:13:10 -0400[diff] [blame]3109 SSL_CTX_set_custom_verify(
3110 client_ctx.get(), SSL_VERIFY_PEER,
3111 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3112 return ssl_verify_ok;
3113 });
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3114
3115 bssl::UniquePtr<SSL> client, server;
3116 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3117 server_ctx.get(),
3118 nullptr /* no session */));
3119}
3120
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3121TEST(SSLTest, ClientCABuffers) {
3122 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3123 ASSERT_TRUE(client_ctx);
3124 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3125 ASSERT_TRUE(server_ctx);
3126
3127 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3128 ASSERT_TRUE(key);
3129 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3130 ASSERT_TRUE(leaf);
3131 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3132 GetChainTestIntermediateBuffer();
3133 ASSERT_TRUE(intermediate);
3134 std::vector<CRYPTO_BUFFER *> chain = {
3135 leaf.get(),
3136 intermediate.get(),
3137 };
3138 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3139 chain.size(), key.get(), nullptr));
3140
3141 bssl::UniquePtr<CRYPTO_BUFFER> ca_name(
3142 CRYPTO_BUFFER_new(kTestName, sizeof(kTestName), nullptr));
3143 ASSERT_TRUE(ca_name);
3144 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names(
3145 sk_CRYPTO_BUFFER_new_null());
3146 ASSERT_TRUE(ca_names);
3147 ASSERT_TRUE(sk_CRYPTO_BUFFER_push(ca_names.get(), ca_name.get()));
3148 ca_name.release();
3149 SSL_CTX_set0_client_CAs(server_ctx.get(), ca_names.release());
3150
3151 // Configure client and server to accept all certificates.
3152 SSL_CTX_set_custom_verify(
3153 client_ctx.get(), SSL_VERIFY_PEER,
3154 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3155 return ssl_verify_ok;
3156 });
3157 SSL_CTX_set_custom_verify(
3158 server_ctx.get(), SSL_VERIFY_PEER,
3159 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3160 return ssl_verify_ok;
3161 });
3162
3163 bool cert_cb_called = false;
3164 SSL_CTX_set_cert_cb(
3165 client_ctx.get(),
3166 [](SSL *ssl, void *arg) -> int {
3167 STACK_OF(CRYPTO_BUFFER) *peer_names =
3168 SSL_get0_server_requested_CAs(ssl);
3169 EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
3170 CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
3171 EXPECT_EQ(Bytes(kTestName), Bytes(CRYPTO_BUFFER_data(peer_name),
3172 CRYPTO_BUFFER_len(peer_name)));
3173 *reinterpret_cast<bool *>(arg) = true;
3174 return 1;
3175 },
3176 &cert_cb_called);
3177
3178 bssl::UniquePtr<SSL> client, server;
3179 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3180 server_ctx.get(),
3181 nullptr /* no session */));
3182 EXPECT_TRUE(cert_cb_called);
3183}
3184
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3185// Configuring the empty cipher list, though an error, should still modify the
3186// configuration.
3187TEST(SSLTest, EmptyCipherList) {
3188 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3189 ASSERT_TRUE(ctx);
3190
3191 // Initially, the cipher list is not empty.
3192 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3193
3194 // Configuring the empty cipher list fails.
3195 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3196 ERR_clear_error();
3197
3198 // But the cipher list is still updated to empty.
3199 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3200}
3201
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3202// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3203// test |SSL_TICKET_AEAD_METHOD| can fail.
3204enum ssl_test_ticket_aead_failure_mode {
3205 ssl_test_ticket_aead_ok = 0,
3206 ssl_test_ticket_aead_seal_fail,
3207 ssl_test_ticket_aead_open_soft_fail,
3208 ssl_test_ticket_aead_open_hard_fail,
3209};
3210
3211struct ssl_test_ticket_aead_state {
3212 unsigned retry_count;
3213 ssl_test_ticket_aead_failure_mode failure_mode;
3214};
3215
3216static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3217 const CRYPTO_EX_DATA *from,
3218 void **from_d, int index,
3219 long argl, void *argp) {
3220 abort();
3221}
3222
3223static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3224 CRYPTO_EX_DATA *ad, int index,
3225 long argl, void *argp) {
3226 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3227 if (state == nullptr) {
3228 return;
3229 }
3230
3231 OPENSSL_free(state);
3232}
3233
3234static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3235static int g_ssl_test_ticket_aead_ex_index;
3236
3237static int ssl_test_ticket_aead_get_ex_index() {
3238 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3239 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3240 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3241 ssl_test_ticket_aead_ex_index_free);
3242 });
3243 return g_ssl_test_ticket_aead_ex_index;
3244}
3245
3246static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3247 return 1;
3248}
3249
3250static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3251 size_t max_out_len, const uint8_t *in,
3252 size_t in_len) {
3253 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3254 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3255
3256 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3257 max_out_len < in_len + 1) {
3258 return 0;
3259 }
3260
3261 OPENSSL_memmove(out, in, in_len);
3262 out[in_len] = 0xff;
3263 *out_len = in_len + 1;
3264
3265 return 1;
3266}
3267
3268static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3269 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3270 const uint8_t *in, size_t in_len) {
3271 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3272 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3273
3274 if (state->retry_count > 0) {
3275 state->retry_count--;
3276 return ssl_ticket_aead_retry;
3277 }
3278
3279 switch (state->failure_mode) {
3280 case ssl_test_ticket_aead_ok:
3281 break;
3282 case ssl_test_ticket_aead_seal_fail:
3283 // If |seal| failed then there shouldn't be any ticket to try and
3284 // decrypt.
3285 abort();
3286 break;
3287 case ssl_test_ticket_aead_open_soft_fail:
3288 return ssl_ticket_aead_ignore_ticket;
3289 case ssl_test_ticket_aead_open_hard_fail:
3290 return ssl_ticket_aead_error;
3291 }
3292
3293 if (in_len == 0 || in[in_len - 1] != 0xff) {
3294 return ssl_ticket_aead_ignore_ticket;
3295 }
3296
3297 if (max_out_len < in_len - 1) {
3298 return ssl_ticket_aead_error;
3299 }
3300
3301 OPENSSL_memmove(out, in, in_len - 1);
3302 *out_len = in_len - 1;
3303 return ssl_ticket_aead_success;
3304}
3305
3306static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3307 ssl_test_ticket_aead_max_overhead,
3308 ssl_test_ticket_aead_seal,
3309 ssl_test_ticket_aead_open,
3310};
3311
3312static void ConnectClientAndServerWithTicketMethod(
3313 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3314 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3315 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3316 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3317 ASSERT_TRUE(client);
3318 ASSERT_TRUE(server);
3319 SSL_set_connect_state(client.get());
3320 SSL_set_accept_state(server.get());
3321
3322 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3323 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3324 ASSERT_TRUE(state);
3325 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3326 state->retry_count = retry_count;
3327 state->failure_mode = failure_mode;
3328
3329 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3330 state));
3331
3332 SSL_set_session(client.get(), session);
3333
3334 BIO *bio1, *bio2;
3335 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3336
3337 // SSL_set_bio takes ownership.
3338 SSL_set_bio(client.get(), bio1, bio1);
3339 SSL_set_bio(server.get(), bio2, bio2);
3340
3341 if (CompleteHandshakes(client.get(), server.get())) {
3342 *out_client = std::move(client);
3343 *out_server = std::move(server);
3344 } else {
3345 out_client->reset();
3346 out_server->reset();
3347 }
3348}
3349
3350class TicketAEADMethodTest
3351 : public ::testing::TestWithParam<testing::tuple<
3352 uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>> {};
3353
3354TEST_P(TicketAEADMethodTest, Resume) {
3355 bssl::UniquePtr<X509> cert = GetTestCertificate();
3356 ASSERT_TRUE(cert);
3357 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3358 ASSERT_TRUE(key);
3359
3360 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3361 ASSERT_TRUE(server_ctx);
3362 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3363 ASSERT_TRUE(client_ctx);
3364
3365 const uint16_t version = testing::get<0>(GetParam());
3366 const unsigned retry_count = testing::get<1>(GetParam());
3367 const ssl_test_ticket_aead_failure_mode failure_mode =
3368 testing::get<2>(GetParam());
3369
3370 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3371 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3372 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3373 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3374 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3375 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3376
3377 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3378 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3379 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3380 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3381 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3382
3383 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3384
3385 bssl::UniquePtr<SSL> client, server;
3386 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3387 server_ctx.get(), retry_count,
3388 failure_mode, nullptr);
3389 switch (failure_mode) {
3390 case ssl_test_ticket_aead_ok:
3391 case ssl_test_ticket_aead_open_hard_fail:
3392 case ssl_test_ticket_aead_open_soft_fail:
3393 ASSERT_TRUE(client);
3394 break;
3395 case ssl_test_ticket_aead_seal_fail:
3396 EXPECT_FALSE(client);
3397 return;
3398 }
3399 EXPECT_FALSE(SSL_session_reused(client.get()));
3400 EXPECT_FALSE(SSL_session_reused(server.get()));
3401
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3402 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3403 SSL_read(client.get(), nullptr, 0);
3404
3405 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3406 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3407 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3408 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3409 switch (failure_mode) {
3410 case ssl_test_ticket_aead_ok:
3411 ASSERT_TRUE(client);
3412 EXPECT_TRUE(SSL_session_reused(client.get()));
3413 EXPECT_TRUE(SSL_session_reused(server.get()));
3414 break;
3415 case ssl_test_ticket_aead_seal_fail:
3416 abort();
3417 break;
3418 case ssl_test_ticket_aead_open_hard_fail:
3419 EXPECT_FALSE(client);
3420 break;
3421 case ssl_test_ticket_aead_open_soft_fail:
3422 ASSERT_TRUE(client);
3423 EXPECT_FALSE(SSL_session_reused(client.get()));
3424 EXPECT_FALSE(SSL_session_reused(server.get()));
3425 }
3426}
3427
3428INSTANTIATE_TEST_CASE_P(
3429 TicketAEADMethodTests, TicketAEADMethodTest,
3430 testing::Combine(
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3431 testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3432 testing::Values(0, 1, 2),
3433 testing::Values(ssl_test_ticket_aead_ok,
3434 ssl_test_ticket_aead_seal_fail,
3435 ssl_test_ticket_aead_open_soft_fail,
3436 ssl_test_ticket_aead_open_hard_fail)));
3437
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3438TEST(SSLTest, SSL3Method) {
3439 bssl::UniquePtr<X509> cert = GetTestCertificate();
3440 ASSERT_TRUE(cert);
3441
3442 // For compatibility, SSLv3_method should work up to SSL_CTX_new and SSL_new.
3443 bssl::UniquePtr<SSL_CTX> ssl3_ctx(SSL_CTX_new(SSLv3_method()));
3444 ASSERT_TRUE(ssl3_ctx);
3445 ASSERT_TRUE(SSL_CTX_use_certificate(ssl3_ctx.get(), cert.get()));
3446 bssl::UniquePtr<SSL> ssl(SSL_new(ssl3_ctx.get()));
3447 EXPECT_TRUE(ssl);
3448
3449 // Create a normal TLS context to test against.
3450 bssl::UniquePtr<SSL_CTX> tls_ctx(SSL_CTX_new(TLS_method()));
3451 ASSERT_TRUE(tls_ctx);
3452 ASSERT_TRUE(SSL_CTX_use_certificate(tls_ctx.get(), cert.get()));
3453
3454 // However, handshaking an SSLv3_method server should fail to resolve the
3455 // version range. Explicit calls to SSL_CTX_set_min_proto_version are the only
3456 // way to enable SSL 3.0.
3457 bssl::UniquePtr<SSL> client, server;
3458 EXPECT_FALSE(ConnectClientAndServer(&client, &server, tls_ctx.get(),
3459 ssl3_ctx.get(),
3460 nullptr /* no session */));
3461 uint32_t err = ERR_get_error();
3462 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3463 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3464
3465 // Likewise for SSLv3_method clients.
3466 EXPECT_FALSE(ConnectClientAndServer(&client, &server, ssl3_ctx.get(),
3467 tls_ctx.get(),
3468 nullptr /* no session */));
3469 err = ERR_get_error();
3470 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3471 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3472}
3473
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]3474TEST(SSLTest, SelectNextProto) {
3475 uint8_t *result;
3476 uint8_t result_len;
3477
3478 // If there is an overlap, it should be returned.
3479 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3480 SSL_select_next_proto(&result, &result_len,
3481 (const uint8_t *)"\1a\2bb\3ccc", 9,
3482 (const uint8_t *)"\1x\1y\1a\1z", 8));
3483 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3484
3485 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3486 SSL_select_next_proto(&result, &result_len,
3487 (const uint8_t *)"\1a\2bb\3ccc", 9,
3488 (const uint8_t *)"\1x\1y\2bb\1z", 9));
3489 EXPECT_EQ(Bytes("bb"), Bytes(result, result_len));
3490
3491 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3492 SSL_select_next_proto(&result, &result_len,
3493 (const uint8_t *)"\1a\2bb\3ccc", 9,
3494 (const uint8_t *)"\1x\1y\3ccc\1z", 10));
3495 EXPECT_EQ(Bytes("ccc"), Bytes(result, result_len));
3496
3497 // Peer preference order takes precedence over local.
3498 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3499 SSL_select_next_proto(&result, &result_len,
3500 (const uint8_t *)"\1a\2bb\3ccc", 9,
3501 (const uint8_t *)"\3ccc\2bb\1a", 9));
3502 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3503
3504 // If there is no overlap, return the first local protocol.
3505 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3506 SSL_select_next_proto(&result, &result_len,
3507 (const uint8_t *)"\1a\2bb\3ccc", 9,
3508 (const uint8_t *)"\1x\2yy\3zzz", 9));
3509 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3510
3511 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3512 SSL_select_next_proto(&result, &result_len, nullptr, 0,
3513 (const uint8_t *)"\1x\2yy\3zzz", 9));
3514 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3515}
3516
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3517TEST(SSLTest, SealRecord) {
3518 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3519 server_ctx(SSL_CTX_new(TLS_method()));
3520 ASSERT_TRUE(client_ctx);
3521 ASSERT_TRUE(server_ctx);
3522
3523 bssl::UniquePtr<X509> cert = GetTestCertificate();
3524 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3525 ASSERT_TRUE(cert);
3526 ASSERT_TRUE(key);
3527 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3528 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3529
3530 bssl::UniquePtr<SSL> client, server;
3531 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3532 server_ctx.get(),
3533 nullptr /* no session */));
3534
3535 const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3536 std::vector<uint8_t> prefix(
3537 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3538 body(record.size()),
3539 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3540 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3541 bssl::MakeSpan(body), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3542 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3543
3544 std::vector<uint8_t> sealed;
3545 sealed.insert(sealed.end(), prefix.begin(), prefix.end());
3546 sealed.insert(sealed.end(), body.begin(), body.end());
3547 sealed.insert(sealed.end(), suffix.begin(), suffix.end());
3548 std::vector<uint8_t> sealed_copy = sealed;
3549
3550 bssl::Span<uint8_t> plaintext;
3551 size_t record_len;
3552 uint8_t alert = 255;
3553 EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
3554 bssl::MakeSpan(sealed)),
3555 bssl::OpenRecordResult::kOK);
3556 EXPECT_EQ(record_len, sealed.size());
3557 EXPECT_EQ(plaintext, record);
3558 EXPECT_EQ(255, alert);
3559}
3560
3561TEST(SSLTest, SealRecordInPlace) {
3562 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3563 server_ctx(SSL_CTX_new(TLS_method()));
3564 ASSERT_TRUE(client_ctx);
3565 ASSERT_TRUE(server_ctx);
3566
3567 bssl::UniquePtr<X509> cert = GetTestCertificate();
3568 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3569 ASSERT_TRUE(cert);
3570 ASSERT_TRUE(key);
3571 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3572 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3573
3574 bssl::UniquePtr<SSL> client, server;
3575 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3576 server_ctx.get(),
3577 nullptr /* no session */));
3578
3579 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3580 std::vector<uint8_t> record = plaintext;
3581 std::vector<uint8_t> prefix(
3582 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3583 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3584 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3585 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3586 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3587 record.insert(record.begin(), prefix.begin(), prefix.end());
3588 record.insert(record.end(), suffix.begin(), suffix.end());
3589
3590 bssl::Span<uint8_t> result;
3591 size_t record_len;
3592 uint8_t alert;
3593 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3594 bssl::MakeSpan(record)),
3595 bssl::OpenRecordResult::kOK);
3596 EXPECT_EQ(record_len, record.size());
3597 EXPECT_EQ(plaintext, result);
3598}
3599
3600TEST(SSLTest, SealRecordTrailingData) {
3601 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3602 server_ctx(SSL_CTX_new(TLS_method()));
3603 ASSERT_TRUE(client_ctx);
3604 ASSERT_TRUE(server_ctx);
3605
3606 bssl::UniquePtr<X509> cert = GetTestCertificate();
3607 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3608 ASSERT_TRUE(cert);
3609 ASSERT_TRUE(key);
3610 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3611 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3612
3613 bssl::UniquePtr<SSL> client, server;
3614 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3615 server_ctx.get(),
3616 nullptr /* no session */));
3617
3618 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3619 std::vector<uint8_t> record = plaintext;
3620 std::vector<uint8_t> prefix(
3621 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3622 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3623 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3624 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3625 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3626 record.insert(record.begin(), prefix.begin(), prefix.end());
3627 record.insert(record.end(), suffix.begin(), suffix.end());
3628 record.insert(record.end(), {5, 4, 3, 2, 1});
3629
3630 bssl::Span<uint8_t> result;
3631 size_t record_len;
3632 uint8_t alert;
3633 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3634 bssl::MakeSpan(record)),
3635 bssl::OpenRecordResult::kOK);
3636 EXPECT_EQ(record_len, record.size() - 5);
3637 EXPECT_EQ(plaintext, result);
3638}
3639
3640TEST(SSLTest, SealRecordInvalidSpanSize) {
3641 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3642 server_ctx(SSL_CTX_new(TLS_method()));
3643 ASSERT_TRUE(client_ctx);
3644 ASSERT_TRUE(server_ctx);
3645
3646 bssl::UniquePtr<X509> cert = GetTestCertificate();
3647 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3648 ASSERT_TRUE(cert);
3649 ASSERT_TRUE(key);
3650 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3651 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3652
3653 bssl::UniquePtr<SSL> client, server;
3654 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3655 server_ctx.get(),
3656 nullptr /* no session */));
3657
3658 std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3659 std::vector<uint8_t> prefix(
3660 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3661 body(record.size()),
3662 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3663
3664 auto expect_err = []() {
3665 int err = ERR_get_error();
3666 EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
3667 EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
3668 ERR_clear_error();
3669 };
3670 EXPECT_FALSE(bssl::SealRecord(
3671 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3672 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3673 expect_err();
3674 EXPECT_FALSE(bssl::SealRecord(
3675 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3676 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3677 expect_err();
3678
3679 EXPECT_FALSE(
3680 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3681 bssl::MakeSpan(record.data(), record.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3682 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3683 expect_err();
3684 EXPECT_FALSE(
3685 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3686 bssl::MakeSpan(record.data(), record.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3687 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3688 expect_err();
3689
3690 EXPECT_FALSE(bssl::SealRecord(
3691 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3692 bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3693 expect_err();
3694 EXPECT_FALSE(bssl::SealRecord(
3695 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3696 bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3697 expect_err();
3698}
3699
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3700// TODO(davidben): Convert this file to GTest properly.
3701TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]3702 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3703 !TestSSL_SESSIONEncoding(kCustomSession) ||
3704 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3705 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3706 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3707 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3708 // Test the padding extension at TLS 1.2.
3709 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3710 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3711 // will be no PSK binder after the padding extension.
3712 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3713 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3714 // will be a PSK binder after the padding extension.
3715 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame^]3716 !TestClientHello()) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3717 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3718 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3719}
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]3720
3721} // namespace
3722} // namespace bssl