Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 2dc0204603f777597e2f97662e42887d1af5013f / . / ssl / ssl_test.cc
blob: 4c4c0f47c61ee80972d660740ab3748f6615c97b [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]24#include <openssl/base64.h>
25#include <openssl/bio.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]26#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]27#include <openssl/err.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]28#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]29#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/ssl.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]31#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]32
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]33#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]34#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]35#include "../crypto/test/test_util.h"
36
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]37#if defined(OPENSSL_WINDOWS)
38/* Windows defines struct timeval in winsock2.h. */
39OPENSSL_MSVC_PRAGMA(warning(push, 3))
40#include <winsock2.h>
41OPENSSL_MSVC_PRAGMA(warning(pop))
42#else
43#include <sys/time.h>
44#endif
45
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]46
47struct ExpectedCipher {
48 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]49 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]50};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]51
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]52struct CipherTest {
53 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]55 // The list of expected ciphers, in order.
56 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]58
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]59static const CipherTest kCipherTests[] = {
60 // Selecting individual ciphers should work.
61 {
62 "ECDHE-ECDSA-CHACHA20-POLY1305:"
63 "ECDHE-RSA-CHACHA20-POLY1305:"
64 "ECDHE-ECDSA-AES128-GCM-SHA256:"
65 "ECDHE-RSA-AES128-GCM-SHA256",
66 {
67 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
68 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
69 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
70 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
71 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
72 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
73 },
74 },
75 // + reorders selected ciphers to the end, keeping their relative order.
76 {
77 "ECDHE-ECDSA-CHACHA20-POLY1305:"
78 "ECDHE-RSA-CHACHA20-POLY1305:"
79 "ECDHE-ECDSA-AES128-GCM-SHA256:"
80 "ECDHE-RSA-AES128-GCM-SHA256:"
81 "+aRSA",
82 {
83 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
84 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
85 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
86 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
87 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
88 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
89 },
90 },
91 // ! banishes ciphers from future selections.
92 {
93 "!aRSA:"
94 "ECDHE-ECDSA-CHACHA20-POLY1305:"
95 "ECDHE-RSA-CHACHA20-POLY1305:"
96 "ECDHE-ECDSA-AES128-GCM-SHA256:"
97 "ECDHE-RSA-AES128-GCM-SHA256",
98 {
99 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
100 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
101 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
102 },
103 },
104 // Multiple masks can be ANDed in a single rule.
105 {
106 "kRSA+AESGCM+AES128",
107 {
108 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
109 },
110 },
111 // - removes selected ciphers, but preserves their order for future
112 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
113 // ECDHE_RSA.
114 {
115 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
116 "AESGCM+AES128+aRSA",
117 {
118 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
119 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
120 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
122 },
123 // Unknown selectors are no-ops.
124 {
125 "ECDHE-ECDSA-CHACHA20-POLY1305:"
126 "ECDHE-RSA-CHACHA20-POLY1305:"
127 "ECDHE-ECDSA-AES128-GCM-SHA256:"
128 "ECDHE-RSA-AES128-GCM-SHA256:"
129 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
130 {
131 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
132 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
133 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
134 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
135 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
136 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
137 },
138 },
139 // Square brackets specify equi-preference groups.
140 {
141 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
142 "[ECDHE-RSA-CHACHA20-POLY1305]:"
143 "ECDHE-RSA-AES128-GCM-SHA256",
144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
146 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1},
147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1},
149 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
150 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
151 },
152 },
153 // @STRENGTH performs a stable strength-sort of the selected ciphers and
154 // only the selected ciphers.
155 {
156 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]157 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]158 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
159 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]160 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 // Select ECDHE ones and sort them by strength. Ties should resolve
162 // based on the order above.
163 "kECDHE:@STRENGTH:-ALL:"
164 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
165 // by strength. Then RSA, backwards by strength.
166 "aRSA",
167 {
168 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
169 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
170 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]171 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]172 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
173 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
174 },
175 },
176 // Exact ciphers may not be used in multi-part rules; they are treated
177 // as unknown aliases.
178 {
179 "ECDHE-ECDSA-AES128-GCM-SHA256:"
180 "ECDHE-RSA-AES128-GCM-SHA256:"
181 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
182 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
183 {
184 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
185 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
186 },
187 },
188 // SSLv3 matches everything that existed before TLS 1.2.
189 {
190 "AES128-SHA:AES128-SHA256:!SSLv3",
191 {
192 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
193 },
194 },
195 // TLSv1.2 matches everything added in TLS 1.2.
196 {
197 "AES128-SHA:AES128-SHA256:!TLSv1.2",
198 {
199 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
200 },
201 },
202 // The two directives have no intersection.
203 {
204 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
205 {
206 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
207 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
208 },
209 },
210 // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher
211 // name and not an alias. It may not be used in a multipart rule. (That the
212 // shared name works is covered by the standard tests.)
213 {
214 "ECDHE-ECDSA-CHACHA20-POLY1305:"
215 "ECDHE-RSA-CHACHA20-POLY1305:"
216 "!ECDHE-RSA-CHACHA20-POLY1305+RSA:"
217 "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305",
218 {
219 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
220 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
221 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
222 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
223 },
224 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]225};
226
227static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]228 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]229 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
230 "RSA]",
231 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]232 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]233 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]234 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]235 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]236 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]237 "",
238 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]239 // COMPLEMENTOFDEFAULT is empty.
240 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]241 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]242 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]243 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]244 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
245 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
246 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
247 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]248};
249
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]250static const char *kMustNotIncludeNull[] = {
251 "ALL",
252 "DEFAULT",
253 "ALL:!eNULL",
254 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]255 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]256 "FIPS",
257 "SHA",
258 "SHA1",
259 "RSA",
260 "SSLv3",
261 "TLSv1",
262 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]263};
264
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]265static const char *kMustNotIncludeCECPQ1[] = {
266 "ALL",
267 "DEFAULT",
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]268 "HIGH",
269 "FIPS",
270 "SHA",
271 "SHA1",
272 "SHA256",
273 "SHA384",
274 "RSA",
275 "SSLv3",
276 "TLSv1",
277 "TLSv1.2",
278 "aRSA",
279 "RSA",
280 "aECDSA",
281 "ECDSA",
282 "AES",
283 "AES128",
284 "AES256",
285 "AESGCM",
286 "CHACHA20",
287};
288
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]289static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
290 bool in_group = false;
291 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]292 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
293 if (!in_group && list->in_group_flags[i]) {
294 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]295 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]296 }
297 fprintf(stderr, "\t");
298 if (in_group) {
299 fprintf(stderr, " ");
300 }
301 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
302 if (in_group && !list->in_group_flags[i]) {
303 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]304 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]305 }
306 }
307}
308
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]309static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]310 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]311 if (!ctx) {
312 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]313 }
314
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]315 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
316 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]317 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]318 }
319
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]320 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]321 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
322 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
323 PrintCipherPreferenceList(ctx->cipher_list);
324 return false;
325 }
326
327 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]328 const SSL_CIPHER *cipher =
329 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]330 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
331 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
332 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]333 PrintCipherPreferenceList(ctx->cipher_list);
334 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]335 }
336 }
337
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]338 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]339}
340
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]341static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]342 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]343 if (!ctx) {
344 return false;
345 }
346 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
347 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
348 return false;
349 }
350 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
351 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
352 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
353 return false;
354 }
355 }
356 return true;
357}
358
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]359static bool TestRuleDoesNotIncludeCECPQ1(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]360 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]361 if (!ctx) {
362 return false;
363 }
364 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
365 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
366 return false;
367 }
368 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
369 if (SSL_CIPHER_is_CECPQ1(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
370 fprintf(stderr, "Error: cipher rule '%s' includes CECPQ1\n",rule);
371 return false;
372 }
373 }
374 return true;
375}
376
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]377static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]378 for (const CipherTest &test : kCipherTests) {
379 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]380 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]381 }
382 }
383
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]384 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]385 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]386 if (!ctx) {
387 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]388 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]389 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
390 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]391 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]392 }
393 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]394 }
395
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]396 for (const char *rule : kMustNotIncludeNull) {
397 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]398 return false;
399 }
400 }
401
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]402 for (const char *rule : kMustNotIncludeCECPQ1) {
403 if (!TestRuleDoesNotIncludeCECPQ1(rule)) {
404 return false;
405 }
406 }
407
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]408 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]409}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]410
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]411// kOpenSSLSession is a serialized SSL_SESSION generated from openssl
412// s_client -sess_out.
413static const char kOpenSSLSession[] =
414 "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
415 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
416 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
417 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
418 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
419 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
420 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
421 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
422 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
423 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
424 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
425 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
426 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
427 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
428 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
429 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
430 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
431 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
432 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
433 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
434 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
435 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
436 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
437 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
438 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
439 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
440 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
441 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
442 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
443 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
444 "i4gv7Y5oliyn";
445
446// kCustomSession is a custom serialized SSL_SESSION generated by
447// filling in missing fields from |kOpenSSLSession|. This includes
448// providing |peer_sha256|, so |peer| is not serialized.
449static const char kCustomSession[] =
450 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
451 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
452 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
453 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
454 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
455 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
456 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
457 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
458
459// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
460static const char kBoringSSLSession[] =
461 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
462 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
463 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
464 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
465 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
466 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
467 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
468 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
469 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
470 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
471 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
472 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
473 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
474 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
475 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
476 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
477 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
478 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
479 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
480 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
481 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
482 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
483 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
484 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
485 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
486 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
487 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
488 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
489 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
490 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
491 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
492 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
493 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
494 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
495 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
496 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
497 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
498 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
499 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
500 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
501 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
502 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
503 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
504 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
505 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
506 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
507 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
508 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
509 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
510 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
511 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
512 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
513 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
514 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
515 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
516 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
517 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
518 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
519 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
520 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
521 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
522 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
523 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
524 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
525 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
526 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
527 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
528 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
529 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
530 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
531 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
532 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
533 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
534 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
535 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
536 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
537 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
538 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
539 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
540 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
541 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
542 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
543 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
544 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
545 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
546 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
547 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
548 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
549 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
550 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
551 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
552 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
553 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
554 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
555 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
556
557// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
558// the final (optional) element of |kCustomSession| with tag number 30.
559static const char kBadSessionExtraField[] =
560 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
561 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
562 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
563 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
564 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
565 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
566 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
567 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
568
569// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
570// the version of |kCustomSession| with 2.
571static const char kBadSessionVersion[] =
572 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
573 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
574 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
575 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
576 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
577 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
578 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
579 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
580
581// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
582// appended.
583static const char kBadSessionTrailingData[] =
584 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
585 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
586 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
587 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
588 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
589 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
590 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
591 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
592
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]593static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]594 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]595 if (!EVP_DecodedLength(&len, strlen(in))) {
596 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]597 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]598 }
599
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]600 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]601 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]602 strlen(in))) {
603 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]604 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]605 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]606 out->resize(len);
607 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]608}
609
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]610static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]611 const uint8_t *cptr;
612 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]613
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]614 // Decode the input.
615 std::vector<uint8_t> input;
616 if (!DecodeBase64(&input, input_b64)) {
617 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]618 }
619
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]620 // Verify the SSL_SESSION decodes.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]621 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]622 if (!session) {
623 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]624 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]625 }
626
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]627 // Verify the SSL_SESSION encoding round-trips.
628 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]629 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]630 uint8_t *encoded_raw;
631 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]632 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]633 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]634 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]635 encoded.reset(encoded_raw);
636 if (encoded_len != input.size() ||
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]637 memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]638 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]639 hexdump(stderr, "Before: ", input.data(), input.size());
640 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]641 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]642 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]643
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]644 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]645 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]646 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]647 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]648 fprintf(stderr, "d2i_SSL_SESSION failed\n");
649 return false;
650 }
651
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]652 // Verify the SSL_SESSION encoding round-trips via the legacy API.
653 int len = i2d_SSL_SESSION(session.get(), NULL);
654 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]655 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]656 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]657 }
658
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]659 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
660 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]661 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]662 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]663 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]664
665 ptr = encoded.get();
666 len = i2d_SSL_SESSION(session.get(), &ptr);
667 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]668 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]669 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]670 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]671 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]672 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]673 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]674 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]675 if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]676 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]677 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]678 }
679
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]680 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]681}
682
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]683static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
684 std::vector<uint8_t> input;
685 if (!DecodeBase64(&input, input_b64)) {
686 return false;
687 }
688
689 // Verify that the SSL_SESSION fails to decode.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]690 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]691 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]692 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]693 return false;
694 }
695 ERR_clear_error();
696 return true;
697}
698
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]699static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]700 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]701 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]702 if (!ctx) {
703 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]704 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]705 if (ctx->min_version != min_version || ctx->max_version != max_version) {
706 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
707 ctx->min_version, ctx->max_version, min_version, max_version);
708 return false;
709 }
710 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]711}
712
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]713static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]714 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
715 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]716 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]717 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]718 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]719 if (!rfc_name) {
720 return false;
721 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]722 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]723 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]724}
725
726typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]727 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]728 const char *rfc_name;
729} CIPHER_RFC_NAME_TEST;
730
731static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]732 { SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]733 { TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA" },
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]734 { TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
735 { TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
736 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" },
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]737 { TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
738 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" },
739 { TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
740 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" },
741 { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
742 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" },
743 { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
744 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" },
745 { TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
746 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" },
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]747 { TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
748 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" },
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]749 { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
750 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]751 // These names are non-standard:
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]752 { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]753 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]754 { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]755 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" },
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]756};
757
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]758static bool TestCipherGetRFCName(void) {
759 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]760 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]761 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]762 std::string rfc_name;
763 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
764 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
765 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]766 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]767 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]768 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]769 rfc_name.c_str(), test->rfc_name);
770 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]771 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]772 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]773 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]774}
775
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]776// CreateSessionWithTicket returns a sample |SSL_SESSION| with the ticket
777// replaced for one of length |ticket_len| or nullptr on failure.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]778static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]779 std::vector<uint8_t> der;
780 if (!DecodeBase64(&der, kOpenSSLSession)) {
781 return nullptr;
782 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]783 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]784 if (!session) {
785 return nullptr;
786 }
787
788 // Swap out the ticket for a garbage one.
789 OPENSSL_free(session->tlsext_tick);
790 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
791 if (session->tlsext_tick == nullptr) {
792 return nullptr;
793 }
794 memset(session->tlsext_tick, 'a', ticket_len);
795 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]796
797 // Fix up the timeout.
798 session->time = time(NULL);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]799 return session;
800}
801
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]802static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]803 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]804 if (!bio) {
805 return false;
806 }
807 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]808 BIO_up_ref(bio.get());
809 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]810 int ret = SSL_connect(ssl);
811 if (ret > 0) {
812 // SSL_connect should fail without a BIO to write to.
813 return false;
814 }
815 ERR_clear_error();
816
817 const uint8_t *client_hello;
818 size_t client_hello_len;
819 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
820 return false;
821 }
822 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
823 return true;
824}
825
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]826// GetClientHelloLen creates a client SSL connection with a ticket of length
827// |ticket_len| and records the ClientHello. It returns the length of the
828// ClientHello, not including the record header, on success and zero on error.
829static size_t GetClientHelloLen(size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]830 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
831 bssl::UniquePtr<SSL_SESSION> session = CreateSessionWithTicket(ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]832 if (!ctx || !session) {
833 return 0;
834 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]835 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]836 if (!ssl || !SSL_set_session(ssl.get(), session.get())) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]837 return 0;
838 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]839 std::vector<uint8_t> client_hello;
840 if (!GetClientHello(ssl.get(), &client_hello) ||
841 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]842 return 0;
843 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]844 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]845}
846
847struct PaddingTest {
848 size_t input_len, padded_len;
849};
850
851static const PaddingTest kPaddingTests[] = {
852 // ClientHellos of length below 0x100 do not require padding.
853 {0xfe, 0xfe},
854 {0xff, 0xff},
855 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
856 {0x100, 0x200},
857 {0x123, 0x200},
858 {0x1fb, 0x200},
859 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
860 // padding extension takes a minimum of four bytes plus one required content
861 // byte. (To work around yet more server bugs, we avoid empty final
862 // extensions.)
863 {0x1fc, 0x201},
864 {0x1fd, 0x202},
865 {0x1fe, 0x203},
866 {0x1ff, 0x204},
867 // Finally, larger ClientHellos need no padding.
868 {0x200, 0x200},
869 {0x201, 0x201},
870};
871
872static bool TestPaddingExtension() {
873 // Sample a baseline length.
874 size_t base_len = GetClientHelloLen(1);
875 if (base_len == 0) {
876 return false;
877 }
878
879 for (const PaddingTest &test : kPaddingTests) {
880 if (base_len > test.input_len) {
881 fprintf(stderr, "Baseline ClientHello too long.\n");
882 return false;
883 }
884
885 size_t padded_len = GetClientHelloLen(1 + test.input_len - base_len);
886 if (padded_len != test.padded_len) {
887 fprintf(stderr, "%u-byte ClientHello padded to %u bytes, not %u.\n",
888 static_cast<unsigned>(test.input_len),
889 static_cast<unsigned>(padded_len),
890 static_cast<unsigned>(test.padded_len));
891 return false;
892 }
893 }
894 return true;
895}
896
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]897// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
898// before configuring as a server.
899static bool TestClientCAList() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]900 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]901 if (!ctx) {
902 return false;
903 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]904 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]905 if (!ssl) {
906 return false;
907 }
908
909 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
910 if (stack == nullptr) {
911 return false;
912 }
913 // |SSL_set_client_CA_list| takes ownership.
914 SSL_set_client_CA_list(ssl.get(), stack);
915
916 return SSL_get_client_CA_list(ssl.get()) == stack;
917}
918
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]919static void AppendSession(SSL_SESSION *session, void *arg) {
920 std::vector<SSL_SESSION*> *out =
921 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
922 out->push_back(session);
923}
924
925// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
926// order.
927static bool ExpectCache(SSL_CTX *ctx,
928 const std::vector<SSL_SESSION*> &expected) {
929 // Check the linked list.
930 SSL_SESSION *ptr = ctx->session_cache_head;
931 for (SSL_SESSION *session : expected) {
932 if (ptr != session) {
933 return false;
934 }
935 // TODO(davidben): This is an absurd way to denote the end of the list.
936 if (ptr->next ==
937 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
938 ptr = nullptr;
939 } else {
940 ptr = ptr->next;
941 }
942 }
943 if (ptr != nullptr) {
944 return false;
945 }
946
947 // Check the hash table.
948 std::vector<SSL_SESSION*> actual, expected_copy;
949 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
950 expected_copy = expected;
951
952 std::sort(actual.begin(), actual.end());
953 std::sort(expected_copy.begin(), expected_copy.end());
954
955 return actual == expected_copy;
956}
957
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]958static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
959 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new());
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]960 if (!ret) {
961 return nullptr;
962 }
963
964 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
965 memset(ret->session_id, 0, ret->session_id_length);
966 memcpy(ret->session_id, &number, sizeof(number));
967 return ret;
968}
969
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]970// Test that the internal session cache behaves as expected.
971static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]972 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]973 if (!ctx) {
974 return false;
975 }
976
977 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]978 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]979 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]980 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]981 if (!session) {
982 return false;
983 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]984 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]985 }
986
987 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
988
989 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]990 for (const auto &session : sessions) {
991 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]992 return false;
993 }
994 }
995
996 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]997 std::vector<SSL_SESSION*> expected = {
998 sessions[9].get(),
999 sessions[8].get(),
1000 sessions[7].get(),
1001 sessions[6].get(),
1002 sessions[5].get(),
1003 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1004 if (!ExpectCache(ctx.get(), expected)) {
1005 return false;
1006 }
1007
1008 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1009 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1010 !ExpectCache(ctx.get(), expected)) {
1011 return false;
1012 }
1013
1014 // Although collisions should be impossible (256-bit session IDs), the cache
1015 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1016 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1017 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1018 return false;
1019 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1020 expected = {
1021 collision.get(),
1022 sessions[9].get(),
1023 sessions[8].get(),
1024 sessions[6].get(),
1025 sessions[5].get(),
1026 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1027 if (!ExpectCache(ctx.get(), expected)) {
1028 return false;
1029 }
1030
1031 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1032 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1033 return false;
1034 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1035 expected = {
1036 collision.get(),
1037 sessions[9].get(),
1038 sessions[8].get(),
1039 sessions[5].get(),
1040 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1041 if (!ExpectCache(ctx.get(), expected)) {
1042 return false;
1043 }
1044
1045 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1046 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1047 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1048 !ExpectCache(ctx.get(), expected)) {
1049 return false;
1050 }
1051
1052 return true;
1053}
1054
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1055static uint16_t EpochFromSequence(uint64_t seq) {
1056 return static_cast<uint16_t>(seq >> 48);
1057}
1058
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1059static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1060 static const char kCertPEM[] =
1061 "-----BEGIN CERTIFICATE-----\n"
1062 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1063 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1064 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1065 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1066 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1067 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1068 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1069 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1070 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1071 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1072 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1073 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1074 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1075 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1076 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1077 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1078}
1079
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1080static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1081 static const char kKeyPEM[] =
1082 "-----BEGIN RSA PRIVATE KEY-----\n"
1083 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1084 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1085 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1086 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1087 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1088 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1089 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1090 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1091 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1092 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1093 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1094 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1095 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1096 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1097 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1098 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1099 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1100}
1101
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1102static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1103 static const char kCertPEM[] =
1104 "-----BEGIN CERTIFICATE-----\n"
1105 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1106 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1107 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1108 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1109 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1110 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1111 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1112 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1113 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1114 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1115 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1116 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1117 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1118}
1119
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1120static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1121 static const char kKeyPEM[] =
1122 "-----BEGIN PRIVATE KEY-----\n"
1123 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1124 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1125 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1126 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1127 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1128 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1129 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1130}
1131
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1132static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1133 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1134 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1135 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1136 if (!client || !server) {
1137 return false;
1138 }
1139 SSL_set_connect_state(client.get());
1140 SSL_set_accept_state(server.get());
1141
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1142 SSL_set_session(client.get(), session);
1143
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1144 BIO *bio1, *bio2;
1145 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1146 return false;
1147 }
1148 // SSL_set_bio takes ownership.
1149 SSL_set_bio(client.get(), bio1, bio1);
1150 SSL_set_bio(server.get(), bio2, bio2);
1151
1152 // Drive both their handshakes to completion.
1153 for (;;) {
1154 int client_ret = SSL_do_handshake(client.get());
1155 int client_err = SSL_get_error(client.get(), client_ret);
1156 if (client_err != SSL_ERROR_NONE &&
1157 client_err != SSL_ERROR_WANT_READ &&
1158 client_err != SSL_ERROR_WANT_WRITE) {
1159 fprintf(stderr, "Client error: %d\n", client_err);
1160 return false;
1161 }
1162
1163 int server_ret = SSL_do_handshake(server.get());
1164 int server_err = SSL_get_error(server.get(), server_ret);
1165 if (server_err != SSL_ERROR_NONE &&
1166 server_err != SSL_ERROR_WANT_READ &&
1167 server_err != SSL_ERROR_WANT_WRITE) {
1168 fprintf(stderr, "Server error: %d\n", server_err);
1169 return false;
1170 }
1171
1172 if (client_ret == 1 && server_ret == 1) {
1173 break;
1174 }
1175 }
1176
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1177 *out_client = std::move(client);
1178 *out_server = std::move(server);
1179 return true;
1180}
1181
1182static bool TestSequenceNumber(bool dtls) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1183 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(dtls ? DTLS_method() : TLS_method()));
1184 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(dtls ? DTLS_method() : TLS_method()));
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1185 if (!client_ctx || !server_ctx) {
1186 return false;
1187 }
1188
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1189 bssl::UniquePtr<X509> cert = GetTestCertificate();
1190 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1191 if (!cert || !key ||
1192 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1193 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1194 return false;
1195 }
1196
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1198 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1199 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1200 return false;
1201 }
1202
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1203 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1204 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1205 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1206 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
1207
1208 if (dtls) {
1209 // Both client and server must be at epoch 1.
1210 if (EpochFromSequence(client_read_seq) != 1 ||
1211 EpochFromSequence(client_write_seq) != 1 ||
1212 EpochFromSequence(server_read_seq) != 1 ||
1213 EpochFromSequence(server_write_seq) != 1) {
1214 fprintf(stderr, "Bad epochs.\n");
1215 return false;
1216 }
1217
1218 // The next record to be written should exceed the largest received.
1219 if (client_write_seq <= server_read_seq ||
1220 server_write_seq <= client_read_seq) {
1221 fprintf(stderr, "Inconsistent sequence numbers.\n");
1222 return false;
1223 }
1224 } else {
1225 // The next record to be written should equal the next to be received.
1226 if (client_write_seq != server_read_seq ||
1227 server_write_seq != client_write_seq) {
1228 fprintf(stderr, "Inconsistent sequence numbers.\n");
1229 return false;
1230 }
1231 }
1232
1233 // Send a record from client to server.
1234 uint8_t byte = 0;
1235 if (SSL_write(client.get(), &byte, 1) != 1 ||
1236 SSL_read(server.get(), &byte, 1) != 1) {
1237 fprintf(stderr, "Could not send byte.\n");
1238 return false;
1239 }
1240
1241 // The client write and server read sequence numbers should have incremented.
1242 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1243 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1244 fprintf(stderr, "Sequence numbers did not increment.\n");\
1245 return false;
1246 }
1247
1248 return true;
1249}
1250
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1251static bool TestOneSidedShutdown() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1252 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1253 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1254 if (!client_ctx || !server_ctx) {
1255 return false;
1256 }
1257
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1258 bssl::UniquePtr<X509> cert = GetTestCertificate();
1259 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1260 if (!cert || !key ||
1261 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1262 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1263 return false;
1264 }
1265
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1266 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1267 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1268 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1269 return false;
1270 }
1271
1272 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1273 // one side has shut down.
1274 if (SSL_shutdown(client.get()) != 0) {
1275 fprintf(stderr, "Could not shutdown.\n");
1276 return false;
1277 }
1278
1279 // Reading from the server should consume the EOF.
1280 uint8_t byte;
1281 if (SSL_read(server.get(), &byte, 1) != 0 ||
1282 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1283 fprintf(stderr, "Connection was not shut down cleanly.\n");
1284 return false;
1285 }
1286
1287 // However, the server may continue to write data and then shut down the
1288 // connection.
1289 byte = 42;
1290 if (SSL_write(server.get(), &byte, 1) != 1 ||
1291 SSL_read(client.get(), &byte, 1) != 1 ||
1292 byte != 42) {
1293 fprintf(stderr, "Could not send byte.\n");
1294 return false;
1295 }
1296
1297 // The server may then shutdown the connection.
1298 if (SSL_shutdown(server.get()) != 1 ||
1299 SSL_shutdown(client.get()) != 1) {
1300 fprintf(stderr, "Could not complete shutdown.\n");
1301 return false;
1302 }
1303
1304 return true;
1305}
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1306static bool TestSessionDuplication() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1307 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1308 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1309 if (!client_ctx || !server_ctx) {
1310 return false;
1311 }
1312
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1313 bssl::UniquePtr<X509> cert = GetTestCertificate();
1314 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1315 if (!cert || !key ||
1316 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1317 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1318 return false;
1319 }
1320
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1321 bssl::UniquePtr<SSL> client, server;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1322 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1323 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1324 return false;
1325 }
1326
1327 SSL_SESSION *session0 = SSL_get_session(client.get());
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1328 bssl::UniquePtr<SSL_SESSION> session1(SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1329 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1330 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1331 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1332
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1333 session1->not_resumable = 0;
1334
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1335 uint8_t *s0_bytes, *s1_bytes;
1336 size_t s0_len, s1_len;
1337
1338 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1339 return false;
1340 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1341 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1342
1343 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1344 return false;
1345 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1346 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1347
1348 return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
1349}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1350
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1351static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1352 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1353 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1354 SSL_get_wfd(ssl), rfd, wfd);
1355 return false;
1356 }
1357
1358 // The wrapper BIOs are always equal when fds are equal, even if set
1359 // individually.
1360 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1361 fprintf(stderr, "rbio and wbio did not match.\n");
1362 return false;
1363 }
1364
1365 return true;
1366}
1367
1368static bool TestSetFD() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1369 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1370 if (!ctx) {
1371 return false;
1372 }
1373
1374 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1375 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1376 if (!ssl ||
1377 !SSL_set_rfd(ssl.get(), 1) ||
1378 !SSL_set_wfd(ssl.get(), 2) ||
1379 !ExpectFDs(ssl.get(), 1, 2)) {
1380 return false;
1381 }
1382
1383 // Test setting the same FD.
1384 ssl.reset(SSL_new(ctx.get()));
1385 if (!ssl ||
1386 !SSL_set_fd(ssl.get(), 1) ||
1387 !ExpectFDs(ssl.get(), 1, 1)) {
1388 return false;
1389 }
1390
1391 // Test setting the same FD one side at a time.
1392 ssl.reset(SSL_new(ctx.get()));
1393 if (!ssl ||
1394 !SSL_set_rfd(ssl.get(), 1) ||
1395 !SSL_set_wfd(ssl.get(), 1) ||
1396 !ExpectFDs(ssl.get(), 1, 1)) {
1397 return false;
1398 }
1399
1400 // Test setting the same FD in the other order.
1401 ssl.reset(SSL_new(ctx.get()));
1402 if (!ssl ||
1403 !SSL_set_wfd(ssl.get(), 1) ||
1404 !SSL_set_rfd(ssl.get(), 1) ||
1405 !ExpectFDs(ssl.get(), 1, 1)) {
1406 return false;
1407 }
1408
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1409 // Test changing the read FD partway through.
1410 ssl.reset(SSL_new(ctx.get()));
1411 if (!ssl ||
1412 !SSL_set_fd(ssl.get(), 1) ||
1413 !SSL_set_rfd(ssl.get(), 2) ||
1414 !ExpectFDs(ssl.get(), 2, 1)) {
1415 return false;
1416 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1417
1418 // Test changing the write FD partway through.
1419 ssl.reset(SSL_new(ctx.get()));
1420 if (!ssl ||
1421 !SSL_set_fd(ssl.get(), 1) ||
1422 !SSL_set_wfd(ssl.get(), 2) ||
1423 !ExpectFDs(ssl.get(), 1, 2)) {
1424 return false;
1425 }
1426
1427 // Test a no-op change to the read FD partway through.
1428 ssl.reset(SSL_new(ctx.get()));
1429 if (!ssl ||
1430 !SSL_set_fd(ssl.get(), 1) ||
1431 !SSL_set_rfd(ssl.get(), 1) ||
1432 !ExpectFDs(ssl.get(), 1, 1)) {
1433 return false;
1434 }
1435
1436 // Test a no-op change to the write FD partway through.
1437 ssl.reset(SSL_new(ctx.get()));
1438 if (!ssl ||
1439 !SSL_set_fd(ssl.get(), 1) ||
1440 !SSL_set_wfd(ssl.get(), 1) ||
1441 !ExpectFDs(ssl.get(), 1, 1)) {
1442 return false;
1443 }
1444
1445 // ASan builds will implicitly test that the internal |BIO| reference-counting
1446 // is correct.
1447
1448 return true;
1449}
1450
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1451static bool TestSetBIO() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1452 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1453 if (!ctx) {
1454 return false;
1455 }
1456
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1457 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1458 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1459 bio3(BIO_new(BIO_s_mem()));
1460 if (!ssl || !bio1 || !bio2 || !bio3) {
1461 return false;
1462 }
1463
1464 // SSL_set_bio takes one reference when the parameters are the same.
1465 BIO_up_ref(bio1.get());
1466 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1467
1468 // Repeating the call does nothing.
1469 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1470
1471 // It takes one reference each when the parameters are different.
1472 BIO_up_ref(bio2.get());
1473 BIO_up_ref(bio3.get());
1474 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1475
1476 // Repeating the call does nothing.
1477 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1478
1479 // It takes one reference when changing only wbio.
1480 BIO_up_ref(bio1.get());
1481 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1482
1483 // It takes one reference when changing only rbio and the two are different.
1484 BIO_up_ref(bio3.get());
1485 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1486
1487 // If setting wbio to rbio, it takes no additional references.
1488 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1489
1490 // From there, wbio may be switched to something else.
1491 BIO_up_ref(bio1.get());
1492 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1493
1494 // If setting rbio to wbio, it takes no additional references.
1495 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1496
1497 // From there, rbio may be switched to something else, but, for historical
1498 // reasons, it takes a reference to both parameters.
1499 BIO_up_ref(bio1.get());
1500 BIO_up_ref(bio2.get());
1501 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1502
1503 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1504 // is correct.
1505 return true;
1506}
1507
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1508static uint16_t kVersions[] = {
1509 SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION,
1510};
1511
1512static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1513
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1514static bool TestGetPeerCertificate() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1515 bssl::UniquePtr<X509> cert = GetTestCertificate();
1516 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1517 if (!cert || !key) {
1518 return false;
1519 }
1520
1521 for (uint16_t version : kVersions) {
1522 // Configure both client and server to accept any certificate.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1523 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1524 if (!ctx ||
1525 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]1526 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1527 !SSL_CTX_set_min_version(ctx.get(), version) ||
1528 !SSL_CTX_set_max_version(ctx.get(), version)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1529 return false;
1530 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1531 SSL_CTX_set_verify(
1532 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1533 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1534
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1535 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1536 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1537 nullptr /* no session */)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1538 return false;
1539 }
1540
1541 // Client and server should both see the leaf certificate.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1542 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1543 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1544 fprintf(stderr, "%x: Server peer certificate did not match.\n", version);
1545 return false;
1546 }
1547
1548 peer.reset(SSL_get_peer_certificate(client.get()));
1549 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1550 fprintf(stderr, "%x: Client peer certificate did not match.\n", version);
1551 return false;
1552 }
1553
1554 // However, for historical reasons, the chain includes the leaf on the
1555 // client, but does not on the server.
1556 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1557 fprintf(stderr, "%x: Client peer chain was incorrect.\n", version);
1558 return false;
1559 }
1560
1561 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1562 fprintf(stderr, "%x: Server peer chain was incorrect.\n", version);
1563 return false;
1564 }
1565 }
1566
1567 return true;
1568}
1569
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1570static bool TestRetainOnlySHA256OfCerts() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1571 bssl::UniquePtr<X509> cert = GetTestCertificate();
1572 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1573 if (!cert || !key) {
1574 return false;
1575 }
1576
1577 uint8_t *cert_der = NULL;
1578 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1579 if (cert_der_len < 0) {
1580 return false;
1581 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1582 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1583
1584 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1585 SHA256(cert_der, cert_der_len, cert_sha256);
1586
1587 for (uint16_t version : kVersions) {
1588 // Configure both client and server to accept any certificate, but the
1589 // server must retain only the SHA-256 of the peer.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1590 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1591 if (!ctx ||
1592 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]1593 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1594 !SSL_CTX_set_min_version(ctx.get(), version) ||
1595 !SSL_CTX_set_max_version(ctx.get(), version)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1596 return false;
1597 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1598 SSL_CTX_set_verify(
1599 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1600 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1601 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
1602
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1603 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1604 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1605 nullptr /* no session */)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1606 return false;
1607 }
1608
1609 // The peer certificate has been dropped.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1610 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1611 if (peer) {
1612 fprintf(stderr, "%x: Peer certificate was retained.\n", version);
1613 return false;
1614 }
1615
1616 SSL_SESSION *session = SSL_get_session(server.get());
1617 if (!session->peer_sha256_valid) {
1618 fprintf(stderr, "%x: peer_sha256_valid was not set.\n", version);
1619 return false;
1620 }
1621
1622 if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
1623 fprintf(stderr, "%x: peer_sha256 did not match.\n", version);
1624 return false;
1625 }
1626 }
1627
1628 return true;
1629}
1630
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1631static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1632 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1633 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]1634 if (!ctx ||
1635 !SSL_CTX_set_max_version(ctx.get(), version) ||
1636 // Our default cipher list varies by CPU capabilities, so manually place
1637 // the ChaCha20 ciphers in front.
1638 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1639 return false;
1640 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]1641
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1642 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1643 if (!ssl) {
1644 return false;
1645 }
1646 std::vector<uint8_t> client_hello;
1647 if (!GetClientHello(ssl.get(), &client_hello)) {
1648 return false;
1649 }
1650
1651 // Zero the client_random.
1652 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1653 1 + 3 + // handshake message header
1654 2; // client_version
1655 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1656 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1657 return false;
1658 }
1659 memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
1660
1661 if (client_hello.size() != expected_len ||
1662 memcmp(client_hello.data(), expected, expected_len) != 0) {
1663 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1664 fprintf(stderr, "Got:\n\t");
1665 for (size_t i = 0; i < client_hello.size(); i++) {
1666 fprintf(stderr, "0x%02x, ", client_hello[i]);
1667 }
1668 fprintf(stderr, "\nWanted:\n\t");
1669 for (size_t i = 0; i < expected_len; i++) {
1670 fprintf(stderr, "0x%02x, ", expected[i]);
1671 }
1672 fprintf(stderr, "\n");
1673 return false;
1674 }
1675
1676 return true;
1677}
1678
1679// Tests that our ClientHellos do not change unexpectedly.
1680static bool TestClientHello() {
1681 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1682 0x16,
1683 0x03, 0x00,
1684 0x00, 0x3f,
1685 0x01,
1686 0x00, 0x00, 0x3b,
1687 0x03, 0x00,
1688 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1689 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1690 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1691 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1692 0x00,
1693 0x00, 0x14,
1694 0xc0, 0x09,
1695 0xc0, 0x13,
1696 0x00, 0x33,
1697 0xc0, 0x0a,
1698 0xc0, 0x14,
1699 0x00, 0x39,
1700 0x00, 0x2f,
1701 0x00, 0x35,
1702 0x00, 0x0a,
1703 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1704 };
1705 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1706 sizeof(kSSL3ClientHello))) {
1707 return false;
1708 }
1709
1710 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1711 0x16,
1712 0x03, 0x01,
1713 0x00, 0x5e,
1714 0x01,
1715 0x00, 0x00, 0x5a,
1716 0x03, 0x01,
1717 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1718 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1719 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1720 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1721 0x00,
1722 0x00, 0x12,
1723 0xc0, 0x09,
1724 0xc0, 0x13,
1725 0x00, 0x33,
1726 0xc0, 0x0a,
1727 0xc0, 0x14,
1728 0x00, 0x39,
1729 0x00, 0x2f,
1730 0x00, 0x35,
1731 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1732 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1733 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1734 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1735 };
1736 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1737 sizeof(kTLS1ClientHello))) {
1738 return false;
1739 }
1740
1741 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1742 0x16,
1743 0x03, 0x01,
1744 0x00, 0x5e,
1745 0x01,
1746 0x00, 0x00, 0x5a,
1747 0x03, 0x02,
1748 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1749 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1750 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1751 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1752 0x00,
1753 0x00, 0x12,
1754 0xc0, 0x09,
1755 0xc0, 0x13,
1756 0x00, 0x33,
1757 0xc0, 0x0a,
1758 0xc0, 0x14,
1759 0x00, 0x39,
1760 0x00, 0x2f,
1761 0x00, 0x35,
1762 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1763 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1764 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1765 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1766 };
1767 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1768 sizeof(kTLS11ClientHello))) {
1769 return false;
1770 }
1771
1772 static const uint8_t kTLS12ClientHello[] = {
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1773 0x16, 0x03, 0x01, 0x00, 0xa2, 0x01, 0x00, 0x00, 0x9e, 0x03, 0x03, 0x00,
1774 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1775 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1776 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0xcc, 0xa9,
1777 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
1778 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13,
1779 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1780 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
1781 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x3b,
1782 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00,
1783 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x07, 0x02, 0x06, 0x01, 0x06,
1784 0x03, 0x07, 0x01, 0x05, 0x01, 0x05, 0x03, 0x07, 0x00, 0x04, 0x01, 0x04,
1785 0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1786 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1787 };
1788 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1789 sizeof(kTLS12ClientHello))) {
1790 return false;
1791 }
1792
1793 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1794 // implementation has settled enough that it won't change.
1795
1796 return true;
1797}
1798
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1799static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1800
1801static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1802 // Save the most recent session.
1803 g_last_session.reset(session);
1804 return 1;
1805}
1806
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1807static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1808 SSL_CTX *server_ctx) {
1809 g_last_session = nullptr;
1810 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1811
1812 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1813 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1814 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1815 nullptr /* no session */)) {
1816 fprintf(stderr, "Failed to connect client and server.\n");
1817 return nullptr;
1818 }
1819
1820 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1821 SSL_read(client.get(), nullptr, 0);
1822
1823 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1824
1825 if (!g_last_session) {
1826 fprintf(stderr, "Client did not receive a session.\n");
1827 return nullptr;
1828 }
1829 return std::move(g_last_session);
1830}
1831
1832static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1833 SSL_SESSION *session,
1834 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1835 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1836 if (!ConnectClientAndServer(&client, &server, client_ctx,
1837 server_ctx, session)) {
1838 fprintf(stderr, "Failed to connect client and server.\n");
1839 return false;
1840 }
1841
1842 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1843 fprintf(stderr, "Client and server were inconsistent.\n");
1844 return false;
1845 }
1846
1847 bool was_reused = !!SSL_session_reused(client.get());
1848 if (was_reused != reused) {
1849 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1850 was_reused ? "" : " not");
1851 return false;
1852 }
1853
1854 return true;
1855}
1856
1857static bool TestSessionIDContext() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1858 bssl::UniquePtr<X509> cert = GetTestCertificate();
1859 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1860 if (!cert || !key) {
1861 return false;
1862 }
1863
1864 static const uint8_t kContext1[] = {1};
1865 static const uint8_t kContext2[] = {2};
1866
1867 for (uint16_t version : kVersions) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1868 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
1869 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1870 if (!server_ctx || !client_ctx ||
1871 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1872 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
1873 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]1874 sizeof(kContext1)) ||
1875 !SSL_CTX_set_min_version(client_ctx.get(), version) ||
1876 !SSL_CTX_set_max_version(client_ctx.get(), version) ||
1877 !SSL_CTX_set_min_version(server_ctx.get(), version) ||
1878 !SSL_CTX_set_max_version(server_ctx.get(), version)) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1879 return false;
1880 }
1881
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1882 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1883 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
1884
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1885 bssl::UniquePtr<SSL_SESSION> session =
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1886 CreateClientSession(client_ctx.get(), server_ctx.get());
1887 if (!session) {
1888 fprintf(stderr, "Error getting session (version = %04x).\n", version);
1889 return false;
1890 }
1891
1892 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1893 true /* expect session reused */)) {
1894 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1895 return false;
1896 }
1897
1898 // Change the session ID context.
1899 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
1900 sizeof(kContext2))) {
1901 return false;
1902 }
1903
1904 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1905 false /* expect session not reused */)) {
1906 fprintf(stderr,
1907 "Error connection with different context (version = %04x).\n",
1908 version);
1909 return false;
1910 }
1911 }
1912
1913 return true;
1914}
1915
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1916static timeval g_current_time;
1917
1918static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
1919 *out_clock = g_current_time;
1920}
1921
1922static bool TestSessionTimeout() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1923 bssl::UniquePtr<X509> cert = GetTestCertificate();
1924 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1925 if (!cert || !key) {
1926 return false;
1927 }
1928
1929 for (uint16_t version : kVersions) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1930 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
1931 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1932 if (!server_ctx || !client_ctx ||
1933 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]1934 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
1935 !SSL_CTX_set_min_version(client_ctx.get(), version) ||
1936 !SSL_CTX_set_max_version(client_ctx.get(), version) ||
1937 !SSL_CTX_set_min_version(server_ctx.get(), version) ||
1938 !SSL_CTX_set_max_version(server_ctx.get(), version)) {
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1939 return false;
1940 }
1941
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1942 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
1943
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1944 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
1945 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
1946
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1947 bssl::UniquePtr<SSL_SESSION> session =
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1948 CreateClientSession(client_ctx.get(), server_ctx.get());
1949 if (!session) {
1950 fprintf(stderr, "Error getting session (version = %04x).\n", version);
1951 return false;
1952 }
1953
1954 // Advance the clock just behind the timeout.
1955 g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT;
1956
1957 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1958 true /* expect session reused */)) {
1959 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1960 return false;
1961 }
1962
1963 // Advance the clock one more second.
1964 g_current_time.tv_sec++;
1965
1966 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1967 false /* expect session not reused */)) {
1968 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1969 return false;
1970 }
1971 }
1972
1973 return true;
1974}
1975
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1976static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
1977 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
1978 SSL_set_SSL_CTX(ssl, ctx);
1979 return SSL_TLSEXT_ERR_OK;
1980}
1981
1982static bool TestSNICallback() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1983 bssl::UniquePtr<X509> cert = GetTestCertificate();
1984 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1985 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
1986 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1987 if (!cert || !key || !cert2 || !key2) {
1988 return false;
1989 }
1990
1991 // At each version, test that switching the |SSL_CTX| at the SNI callback
1992 // behaves correctly.
1993 for (uint16_t version : kVersions) {
1994 if (version == SSL3_VERSION) {
1995 continue;
1996 }
1997
1998 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
1999
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2000 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2001 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(TLS_method()));
2002 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2003 if (!server_ctx || !server_ctx2 || !client_ctx ||
2004 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2005 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2006 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2007 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2008 // Historically signing preferences would be lost in some cases with the
2009 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2010 // this doesn't happen when |version| is TLS 1.2, configure the private
2011 // key to only sign SHA-256.
2012 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]2013 &kECDSAWithSHA256, 1) ||
2014 !SSL_CTX_set_min_version(client_ctx.get(), version) ||
2015 !SSL_CTX_set_max_version(client_ctx.get(), version) ||
2016 !SSL_CTX_set_min_version(server_ctx.get(), version) ||
2017 !SSL_CTX_set_max_version(server_ctx.get(), version) ||
2018 !SSL_CTX_set_min_version(server_ctx2.get(), version) ||
2019 !SSL_CTX_set_max_version(server_ctx2.get(), version)) {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2020 return false;
2021 }
2022
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2023 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2024 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
2025
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2026 bssl::UniquePtr<SSL> client, server;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2027 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2028 server_ctx.get(), nullptr)) {
2029 fprintf(stderr, "Handshake failed at version %04x.\n", version);
2030 return false;
2031 }
2032
2033 // The client should have received |cert2|.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2034 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2035 if (!peer ||
2036 X509_cmp(peer.get(), cert2.get()) != 0) {
2037 fprintf(stderr, "Incorrect certificate received at version %04x.\n",
2038 version);
2039 return false;
2040 }
2041 }
2042
2043 return true;
2044}
2045
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2046static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]2047 if (!SSL_set_max_version(ctx->ssl, TLS1_2_VERSION)) {
2048 return -1;
2049 }
2050
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2051 return 1;
2052}
2053
2054// TestEarlyCallbackVersionSwitch tests that the early callback can swap the
2055// maximum version.
2056static bool TestEarlyCallbackVersionSwitch() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2057 bssl::UniquePtr<X509> cert = GetTestCertificate();
2058 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2059 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2060 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2061 if (!cert || !key || !server_ctx || !client_ctx ||
2062 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]2063 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2064 !SSL_CTX_set_max_version(client_ctx.get(), TLS1_3_VERSION) ||
2065 !SSL_CTX_set_max_version(server_ctx.get(), TLS1_3_VERSION)) {
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2066 return false;
2067 }
2068
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2069 SSL_CTX_set_select_certificate_cb(server_ctx.get(), SetMaxVersion);
2070
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2071 bssl::UniquePtr<SSL> client, server;
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2072 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2073 server_ctx.get(), nullptr)) {
2074 return false;
2075 }
2076
2077 if (SSL_version(client.get()) != TLS1_2_VERSION) {
2078 fprintf(stderr, "Early callback failed to switch the maximum version.\n");
2079 return false;
2080 }
2081
2082 return true;
2083}
2084
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]2085static bool TestSetVersion() {
2086 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2087 if (!ctx) {
2088 return false;
2089 }
2090
2091 if (!SSL_CTX_set_max_version(ctx.get(), TLS1_VERSION) ||
2092 !SSL_CTX_set_max_version(ctx.get(), TLS1_1_VERSION) ||
2093 !SSL_CTX_set_min_version(ctx.get(), TLS1_VERSION) ||
2094 !SSL_CTX_set_min_version(ctx.get(), TLS1_1_VERSION)) {
2095 fprintf(stderr, "Could not set valid TLS version.\n");
2096 return false;
2097 }
2098
2099 if (SSL_CTX_set_max_version(ctx.get(), DTLS1_VERSION) ||
2100 SSL_CTX_set_max_version(ctx.get(), 0x0200) ||
2101 SSL_CTX_set_max_version(ctx.get(), 0x1234) ||
2102 SSL_CTX_set_min_version(ctx.get(), DTLS1_VERSION) ||
2103 SSL_CTX_set_min_version(ctx.get(), 0x0200) ||
2104 SSL_CTX_set_min_version(ctx.get(), 0x1234)) {
2105 fprintf(stderr, "Unexpectedly set invalid TLS version.\n");
2106 return false;
2107 }
2108
2109 ctx.reset(SSL_CTX_new(DTLS_method()));
2110 if (!ctx) {
2111 return false;
2112 }
2113
2114 if (!SSL_CTX_set_max_version(ctx.get(), DTLS1_VERSION) ||
2115 !SSL_CTX_set_max_version(ctx.get(), DTLS1_2_VERSION) ||
2116 !SSL_CTX_set_min_version(ctx.get(), DTLS1_VERSION) ||
2117 !SSL_CTX_set_min_version(ctx.get(), DTLS1_2_VERSION)) {
2118 fprintf(stderr, "Could not set valid DTLS version.\n");
2119 return false;
2120 }
2121
2122 if (SSL_CTX_set_max_version(ctx.get(), TLS1_VERSION) ||
2123 SSL_CTX_set_max_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2124 SSL_CTX_set_max_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2125 SSL_CTX_set_max_version(ctx.get(), 0x1234) ||
2126 SSL_CTX_set_min_version(ctx.get(), TLS1_VERSION) ||
2127 SSL_CTX_set_min_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2128 SSL_CTX_set_min_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2129 SSL_CTX_set_min_version(ctx.get(), 0x1234)) {
2130 fprintf(stderr, "Unexpectedly set invalid DTLS version.\n");
2131 return false;
2132 }
2133
2134 return true;
2135}
2136
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]2137int main() {
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]2138 CRYPTO_library_init();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2139
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2140 if (!TestCipherRules() ||
2141 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
2142 !TestSSL_SESSIONEncoding(kCustomSession) ||
2143 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
2144 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
2145 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
2146 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]2147 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2148 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
2149 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
2150 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
2151 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
2152 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
2153 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
2154 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
2155 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
2156 !TestCipherGetRFCName() ||
2157 !TestPaddingExtension() ||
2158 !TestClientCAList() ||
2159 !TestInternalSessionCache() ||
2160 !TestSequenceNumber(false /* TLS */) ||
2161 !TestSequenceNumber(true /* DTLS */) ||
2162 !TestOneSidedShutdown() ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]2163 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]2164 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]2165 !TestSetBIO() ||
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]2166 !TestGetPeerCertificate() ||
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2167 !TestRetainOnlySHA256OfCerts() ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2168 !TestClientHello() ||
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2169 !TestSessionIDContext() ||
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2170 !TestSessionTimeout() ||
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2171 !TestSNICallback() ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame^]2172 !TestEarlyCallbackVersionSwitch() ||
2173 !TestSetVersion()) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]2174 ERR_print_errors_fp(stderr);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2175 return 1;
2176 }
2177
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]2178 printf("PASS\n");
2179 return 0;
2180}