Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 321fcdc458d8eefefa4b8148a7aa20a26da9201f / . / ssl / ssl_test.cc
blob: 80465cea72a0942ee9924cc8d88c60151f3a123c [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]62 // True if this cipher list should fail in strict mode.
63 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]64};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]65
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]66struct CurveTest {
67 // The rule string to apply.
68 const char *rule;
69 // The list of expected curves, in order.
70 std::vector<uint16_t> expected;
71};
72
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]73static const CipherTest kCipherTests[] = {
74 // Selecting individual ciphers should work.
75 {
76 "ECDHE-ECDSA-CHACHA20-POLY1305:"
77 "ECDHE-RSA-CHACHA20-POLY1305:"
78 "ECDHE-ECDSA-AES128-GCM-SHA256:"
79 "ECDHE-RSA-AES128-GCM-SHA256",
80 {
81 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]82 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]83 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
84 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
85 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]86 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]87 },
88 // + reorders selected ciphers to the end, keeping their relative order.
89 {
90 "ECDHE-ECDSA-CHACHA20-POLY1305:"
91 "ECDHE-RSA-CHACHA20-POLY1305:"
92 "ECDHE-ECDSA-AES128-GCM-SHA256:"
93 "ECDHE-RSA-AES128-GCM-SHA256:"
94 "+aRSA",
95 {
96 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]97 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]99 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
100 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]101 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]102 },
103 // ! banishes ciphers from future selections.
104 {
105 "!aRSA:"
106 "ECDHE-ECDSA-CHACHA20-POLY1305:"
107 "ECDHE-RSA-CHACHA20-POLY1305:"
108 "ECDHE-ECDSA-AES128-GCM-SHA256:"
109 "ECDHE-RSA-AES128-GCM-SHA256",
110 {
111 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]112 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
113 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]114 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]115 },
116 // Multiple masks can be ANDed in a single rule.
117 {
118 "kRSA+AESGCM+AES128",
119 {
120 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]122 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]123 },
124 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]125 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]126 // ECDHE_RSA.
127 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]128 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]129 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]130 "AESGCM+AES128+aRSA",
131 {
132 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]133 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
134 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]135 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]136 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]137 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]138 {
139 "ECDHE-ECDSA-CHACHA20-POLY1305:"
140 "ECDHE-RSA-CHACHA20-POLY1305:"
141 "ECDHE-ECDSA-AES128-GCM-SHA256:"
142 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]143 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
149 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]150 true,
151 },
152 // Unknown selectors are no-ops, except in strict mode.
153 {
154 "ECDHE-ECDSA-CHACHA20-POLY1305:"
155 "ECDHE-RSA-CHACHA20-POLY1305:"
156 "ECDHE-ECDSA-AES128-GCM-SHA256:"
157 "ECDHE-RSA-AES128-GCM-SHA256:"
158 "-BOGUS2:+BOGUS3:!BOGUS4",
159 {
160 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
161 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
162 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
163 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
164 },
165 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]166 },
167 // Square brackets specify equi-preference groups.
168 {
169 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
170 "[ECDHE-RSA-CHACHA20-POLY1305]:"
171 "ECDHE-RSA-AES128-GCM-SHA256",
172 {
173 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]175 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]176 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
177 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]178 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]179 },
180 // @STRENGTH performs a stable strength-sort of the selected ciphers and
181 // only the selected ciphers.
182 {
183 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]184 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]185 "!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]186 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]187 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]188 // Select ECDHE ones and sort them by strength. Ties should resolve
189 // based on the order above.
190 "kECDHE:@STRENGTH:-ALL:"
191 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
192 // by strength. Then RSA, backwards by strength.
193 "aRSA",
194 {
195 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
196 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]197 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]198 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
199 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
200 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]201 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]202 },
203 // Exact ciphers may not be used in multi-part rules; they are treated
204 // as unknown aliases.
205 {
206 "ECDHE-ECDSA-AES128-GCM-SHA256:"
207 "ECDHE-RSA-AES128-GCM-SHA256:"
208 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
209 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
210 {
211 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
212 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
213 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]214 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]215 },
216 // SSLv3 matches everything that existed before TLS 1.2.
217 {
218 "AES128-SHA:AES128-SHA256:!SSLv3",
219 {
220 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
221 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]222 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]223 },
224 // TLSv1.2 matches everything added in TLS 1.2.
225 {
226 "AES128-SHA:AES128-SHA256:!TLSv1.2",
227 {
228 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
229 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]230 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]231 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]232 // The two directives have no intersection. But each component is valid, so
233 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]234 {
235 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
236 {
237 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
238 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
239 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]240 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]241 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]242};
243
244static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]245 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]246 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
247 "RSA]",
248 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]249 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]250 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]251 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]252 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]253 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]254 "",
255 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]256 // COMPLEMENTOFDEFAULT is empty.
257 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]258 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]259 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]260 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]261 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
262 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
263 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
264 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]265 // Opcode supplied, but missing selector.
266 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]267};
268
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]269static const char *kMustNotIncludeNull[] = {
270 "ALL",
271 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]272 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]273 "FIPS",
274 "SHA",
275 "SHA1",
276 "RSA",
277 "SSLv3",
278 "TLSv1",
279 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]280};
281
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]282static const CurveTest kCurveTests[] = {
283 {
284 "P-256",
285 { SSL_CURVE_SECP256R1 },
286 },
287 {
288 "P-256:P-384:P-521:X25519",
289 {
290 SSL_CURVE_SECP256R1,
291 SSL_CURVE_SECP384R1,
292 SSL_CURVE_SECP521R1,
293 SSL_CURVE_X25519,
294 },
295 },
296};
297
298static const char *kBadCurvesLists[] = {
299 "",
300 ":",
301 "::",
302 "P-256::X25519",
303 "RSA:P-256",
304 "P-256:RSA",
305 "X25519:P-256:",
306 ":X25519:P-256",
307};
308
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]309static std::string CipherListToString(ssl_cipher_preference_list_st *list) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]310 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]311 std::string ret;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]312 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]313 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
314 if (!in_group && list->in_group_flags[i]) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]315 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]316 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]317 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]318 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]319 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]320 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]321 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]322 ret += SSL_CIPHER_get_name(cipher);
323 ret += "\n";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]324 if (in_group && !list->in_group_flags[i]) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]325 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]326 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]327 }
328 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]329 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]330}
331
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]332static bool CipherListsEqual(ssl_cipher_preference_list_st *list,
333 const std::vector<ExpectedCipher> &expected) {
334 if (sk_SSL_CIPHER_num(list->ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]335 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]336 }
337
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]338 for (size_t i = 0; i < expected.size(); i++) {
339 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
340 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
341 expected[i].in_group_flag != list->in_group_flags[i]) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]342 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]343 }
344 }
345
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]346 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]347}
348
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]349TEST(SSLTest, CipherRules) {
350 for (const CipherTest &t : kCipherTests) {
351 SCOPED_TRACE(t.rule);
352 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
353 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]354
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]355 // Test lax mode.
356 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
357 EXPECT_TRUE(CipherListsEqual(ctx->cipher_list, t.expected))
358 << "Cipher rule evaluated to:\n"
359 << CipherListToString(ctx->cipher_list);
360
361 // Test strict mode.
362 if (t.strict_fail) {
363 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
364 } else {
365 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
366 EXPECT_TRUE(CipherListsEqual(ctx->cipher_list, t.expected))
367 << "Cipher rule evaluated to:\n"
368 << CipherListToString(ctx->cipher_list);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]369 }
370 }
371
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]372 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]373 SCOPED_TRACE(rule);
374 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
375 ASSERT_TRUE(ctx);
376
377 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]378 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]379 }
380
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]381 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]382 SCOPED_TRACE(rule);
383 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
384 ASSERT_TRUE(ctx);
385
386 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
387 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
388 EXPECT_FALSE(SSL_CIPHER_is_NULL(
389 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i)));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]390 }
391 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]392}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]393
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]394TEST(SSLTest, CurveRules) {
395 for (const CurveTest &t : kCurveTests) {
396 SCOPED_TRACE(t.rule);
397 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
398 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]399
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]400 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
401 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
402 for (size_t i = 0; i < t.expected.size(); i++) {
403 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]404 }
405 }
406
407 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]408 SCOPED_TRACE(rule);
409 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
410 ASSERT_TRUE(ctx);
411
412 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]413 ERR_clear_error();
414 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]415}
416
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]417// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]418static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]419 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]420 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
421 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
422 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
423 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
424 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
425 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
426 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
427 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
428 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
429 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
430 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
431 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
432 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
433 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
434 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
435 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
436 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
437 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
438 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
439 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
440 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
441 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
442 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
443 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
444 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
445 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
446 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
447 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
448 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]449 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]450
451// kCustomSession is a custom serialized SSL_SESSION generated by
452// filling in missing fields from |kOpenSSLSession|. This includes
453// providing |peer_sha256|, so |peer| is not serialized.
454static const char kCustomSession[] =
455 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
456 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
457 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
458 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
459 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
460 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
461 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
462 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
463
464// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
465static const char kBoringSSLSession[] =
466 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
467 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
468 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
469 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
470 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
471 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
472 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
473 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
474 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
475 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
476 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
477 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
478 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
479 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
480 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
481 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
482 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
483 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
484 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
485 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
486 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
487 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
488 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
489 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
490 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
491 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
492 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
493 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
494 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
495 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
496 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
497 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
498 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
499 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
500 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
501 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
502 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
503 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
504 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
505 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
506 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
507 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
508 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
509 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
510 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
511 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
512 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
513 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
514 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
515 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
516 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
517 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
518 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
519 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
520 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
521 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
522 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
523 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
524 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
525 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
526 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
527 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
528 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
529 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
530 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
531 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
532 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
533 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
534 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
535 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
536 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
537 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
538 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
539 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
540 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
541 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
542 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
543 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
544 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
545 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
546 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
547 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
548 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
549 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
550 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
551 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
552 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
553 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
554 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
555 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
556 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
557 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
558 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
559 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
560 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
561
562// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
563// the final (optional) element of |kCustomSession| with tag number 30.
564static const char kBadSessionExtraField[] =
565 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
566 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
567 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
568 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
569 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
570 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
571 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
572 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
573
574// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
575// the version of |kCustomSession| with 2.
576static const char kBadSessionVersion[] =
577 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
578 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
579 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
580 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
581 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
582 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
583 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
584 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
585
586// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
587// appended.
588static const char kBadSessionTrailingData[] =
589 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
590 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
591 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
592 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
593 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
594 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
595 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
596 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
597
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]598static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]599 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]600 if (!EVP_DecodedLength(&len, strlen(in))) {
601 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]602 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]603 }
604
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]605 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]606 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]607 strlen(in))) {
608 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]609 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]610 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]611 out->resize(len);
612 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]613}
614
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]615static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]616 const uint8_t *cptr;
617 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]618
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]619 // Decode the input.
620 std::vector<uint8_t> input;
621 if (!DecodeBase64(&input, input_b64)) {
622 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]623 }
624
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]625 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]626 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
627 if (!ssl_ctx) {
628 return false;
629 }
630 bssl::UniquePtr<SSL_SESSION> session(
631 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]632 if (!session) {
633 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]634 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]635 }
636
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]637 // Verify the SSL_SESSION encoding round-trips.
638 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]639 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]640 uint8_t *encoded_raw;
641 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]642 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]643 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]644 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]645 encoded.reset(encoded_raw);
646 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]647 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]648 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]649 hexdump(stderr, "Before: ", input.data(), input.size());
650 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]651 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]652 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]653
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]654 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]655 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]656 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]657 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]658 fprintf(stderr, "d2i_SSL_SESSION failed\n");
659 return false;
660 }
661
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]662 // Verify the SSL_SESSION encoding round-trips via the legacy API.
663 int len = i2d_SSL_SESSION(session.get(), NULL);
664 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]665 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]666 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]667 }
668
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]669 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
670 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]671 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]672 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]673 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]674
675 ptr = encoded.get();
676 len = i2d_SSL_SESSION(session.get(), &ptr);
677 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]678 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]679 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]680 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]683 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]684 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]685 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]686 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]687 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]688 }
689
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]690 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]691}
692
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]693static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
694 std::vector<uint8_t> input;
695 if (!DecodeBase64(&input, input_b64)) {
696 return false;
697 }
698
699 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]700 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
701 if (!ssl_ctx) {
702 return false;
703 }
704 bssl::UniquePtr<SSL_SESSION> session(
705 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]706 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]707 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]708 return false;
709 }
710 ERR_clear_error();
711 return true;
712}
713
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame^]714static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
715 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]716 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame^]717 ASSERT_TRUE(ctx);
718 EXPECT_EQ(min_version, ctx->min_version);
719 EXPECT_EQ(max_version, ctx->max_version);
720}
721
722TEST(SSLTest, DefaultVersion) {
723 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
724 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
725 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
726 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
727 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
728 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
729 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
730 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]731}
732
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]733typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]734 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]735 const char *rfc_name;
736} CIPHER_RFC_NAME_TEST;
737
738static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]739 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
740 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]741 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
742 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
743 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
744 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
745 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
746 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
747 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
748 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
749 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
750 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
751 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
752 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
753 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
754 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
755 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
756 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
757 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]758};
759
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]760TEST(SSLTest, CipherGetRFCName) {
761 for (const CIPHER_RFC_NAME_TEST &t : kCipherRFCNameTests) {
762 SCOPED_TRACE(t.rfc_name);
763
764 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
765 ASSERT_TRUE(cipher);
766 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
767 ASSERT_TRUE(rfc_name);
768
769 EXPECT_STREQ(t.rfc_name, rfc_name.get());
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]770 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]771}
772
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]773// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
774// version and ticket length or nullptr on failure.
775static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
776 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]777 std::vector<uint8_t> der;
778 if (!DecodeBase64(&der, kOpenSSLSession)) {
779 return nullptr;
780 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]781
782 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
783 if (!ssl_ctx) {
784 return nullptr;
785 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]786 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]787 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]788 if (!session) {
789 return nullptr;
790 }
791
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]792 session->ssl_version = version;
793
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]794 // Swap out the ticket for a garbage one.
795 OPENSSL_free(session->tlsext_tick);
796 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
797 if (session->tlsext_tick == nullptr) {
798 return nullptr;
799 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]800 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]801 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]802
803 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]804#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
805 session->time = 1234;
806#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]807 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]808#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]809 return session;
810}
811
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]812static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]813 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]814 if (!bio) {
815 return false;
816 }
817 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]818 BIO_up_ref(bio.get());
819 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]820 int ret = SSL_connect(ssl);
821 if (ret > 0) {
822 // SSL_connect should fail without a BIO to write to.
823 return false;
824 }
825 ERR_clear_error();
826
827 const uint8_t *client_hello;
828 size_t client_hello_len;
829 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
830 return false;
831 }
832 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
833 return true;
834}
835
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]836// GetClientHelloLen creates a client SSL connection with the specified version
837// and ticket length. It returns the length of the ClientHello, not including
838// the record header, on success and zero on error.
839static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
840 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]841 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]842 bssl::UniquePtr<SSL_SESSION> session =
843 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]844 if (!ctx || !session) {
845 return 0;
846 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]847
848 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]849 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]850 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]851 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]852 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]853 return 0;
854 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]855
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]856 std::vector<uint8_t> client_hello;
857 if (!GetClientHello(ssl.get(), &client_hello) ||
858 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]859 return 0;
860 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]861
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]862 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]863}
864
865struct PaddingTest {
866 size_t input_len, padded_len;
867};
868
869static const PaddingTest kPaddingTests[] = {
870 // ClientHellos of length below 0x100 do not require padding.
871 {0xfe, 0xfe},
872 {0xff, 0xff},
873 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
874 {0x100, 0x200},
875 {0x123, 0x200},
876 {0x1fb, 0x200},
877 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
878 // padding extension takes a minimum of four bytes plus one required content
879 // byte. (To work around yet more server bugs, we avoid empty final
880 // extensions.)
881 {0x1fc, 0x201},
882 {0x1fd, 0x202},
883 {0x1fe, 0x203},
884 {0x1ff, 0x204},
885 // Finally, larger ClientHellos need no padding.
886 {0x200, 0x200},
887 {0x201, 0x201},
888};
889
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]890static bool TestPaddingExtension(uint16_t max_version,
891 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]892 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]893 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]894 if (base_len == 0) {
895 return false;
896 }
897
898 for (const PaddingTest &test : kPaddingTests) {
899 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]900 fprintf(stderr,
901 "Baseline ClientHello too long (max_version = %04x, "
902 "session_version = %04x).\n",
903 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]904 return false;
905 }
906
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]907 size_t padded_len = GetClientHelloLen(max_version, session_version,
908 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]909 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]910 fprintf(stderr,
911 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
912 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]913 static_cast<unsigned>(test.input_len),
914 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]915 static_cast<unsigned>(test.padded_len), max_version,
916 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]917 return false;
918 }
919 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]920
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]921 return true;
922}
923
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]924// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
925// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]926TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]927 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]928 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]929 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]930 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]931
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]932 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
933 ASSERT_TRUE(name);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]934
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]935 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
936 ASSERT_TRUE(name_dup);
937
938 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
939 ASSERT_TRUE(stack);
940
941 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
942 name_dup.release();
943
944 // |SSL_set_client_CA_list| takes ownership.
945 SSL_set_client_CA_list(ssl.get(), stack.release());
946
947 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
948 ASSERT_TRUE(result);
949 ASSERT_EQ(1u, sk_X509_NAME_num(result));
950 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]951}
952
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]953static void AppendSession(SSL_SESSION *session, void *arg) {
954 std::vector<SSL_SESSION*> *out =
955 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
956 out->push_back(session);
957}
958
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]959// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]960// order.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]961static bool CacheEquals(SSL_CTX *ctx,
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]962 const std::vector<SSL_SESSION*> &expected) {
963 // Check the linked list.
964 SSL_SESSION *ptr = ctx->session_cache_head;
965 for (SSL_SESSION *session : expected) {
966 if (ptr != session) {
967 return false;
968 }
969 // TODO(davidben): This is an absurd way to denote the end of the list.
970 if (ptr->next ==
971 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
972 ptr = nullptr;
973 } else {
974 ptr = ptr->next;
975 }
976 }
977 if (ptr != nullptr) {
978 return false;
979 }
980
981 // Check the hash table.
982 std::vector<SSL_SESSION*> actual, expected_copy;
983 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
984 expected_copy = expected;
985
986 std::sort(actual.begin(), actual.end());
987 std::sort(expected_copy.begin(), expected_copy.end());
988
989 return actual == expected_copy;
990}
991
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]992static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]993 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
994 if (!ssl_ctx) {
995 return nullptr;
996 }
997 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]998 if (!ret) {
999 return nullptr;
1000 }
1001
1002 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1003 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1004 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1005 return ret;
1006}
1007
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1008// Test that the internal session cache behaves as expected.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1009TEST(SSLTest, InternalSessionCache) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1010 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1011 ASSERT_TRUE(ctx);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1012
1013 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1014 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1015 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1016 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1017 ASSERT_TRUE(session);
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1018 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1019 }
1020
1021 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1022
1023 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1024 for (const auto &session : sessions) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1025 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1026 }
1027
1028 // Only the last five should be in the list.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1029 ASSERT_TRUE(CacheEquals(
1030 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1031 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1032
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1033 // Inserting an element already in the cache should fail and leave the cache
1034 // unchanged.
1035 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1036 ASSERT_TRUE(CacheEquals(
1037 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1038 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1039
1040 // Although collisions should be impossible (256-bit session IDs), the cache
1041 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1042 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1043 ASSERT_TRUE(collision);
1044 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1045 ASSERT_TRUE(CacheEquals(
1046 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1047 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1048
1049 // Removing sessions behaves correctly.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1050 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1051 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1052 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1053
1054 // Removing sessions requires an exact match.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1055 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1056 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1057
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1058 // The cache remains unchanged.
1059 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1060 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1061}
1062
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1063static uint16_t EpochFromSequence(uint64_t seq) {
1064 return static_cast<uint16_t>(seq >> 48);
1065}
1066
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1067static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1068 static const char kCertPEM[] =
1069 "-----BEGIN CERTIFICATE-----\n"
1070 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1071 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1072 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1073 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1074 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1075 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1076 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1077 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1078 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1079 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1080 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1081 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1082 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1083 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1084 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1085 return bssl::UniquePtr<X509>(
1086 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1087}
1088
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1089static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1090 static const char kKeyPEM[] =
1091 "-----BEGIN RSA PRIVATE KEY-----\n"
1092 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1093 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1094 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1095 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1096 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1097 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1098 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1099 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1100 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1101 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1102 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1103 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1104 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1105 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1106 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1107 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1108 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1109}
1110
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1111static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1112 static const char kCertPEM[] =
1113 "-----BEGIN CERTIFICATE-----\n"
1114 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1115 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1116 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1117 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1118 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1119 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1120 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1121 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1122 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1123 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1124 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1125 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1126 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1127}
1128
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1129static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1130 static const char kKeyPEM[] =
1131 "-----BEGIN PRIVATE KEY-----\n"
1132 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1133 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1134 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1135 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1136 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1137 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1138 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1139}
1140
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1141static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1142 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1143 char *name, *header;
1144 uint8_t *data;
1145 long data_len;
1146 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1147 &data_len)) {
1148 return nullptr;
1149 }
1150 OPENSSL_free(name);
1151 OPENSSL_free(header);
1152
1153 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1154 CRYPTO_BUFFER_new(data, data_len, nullptr));
1155 OPENSSL_free(data);
1156 return ret;
1157}
1158
1159static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1160 static const char kCertPEM[] =
1161 "-----BEGIN CERTIFICATE-----\n"
1162 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1163 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1164 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1165 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1166 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1167 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1168 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1169 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1170 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1171 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1172 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1173 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1174 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1175 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1176 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1177 "1ngWZ7Ih\n"
1178 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1179 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1180}
1181
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1182static bssl::UniquePtr<X509> X509FromBuffer(
1183 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1184 if (!buffer) {
1185 return nullptr;
1186 }
1187 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1188 return bssl::UniquePtr<X509>(
1189 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1190}
1191
1192static bssl::UniquePtr<X509> GetChainTestCertificate() {
1193 return X509FromBuffer(GetChainTestCertificateBuffer());
1194}
1195
1196static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1197 static const char kCertPEM[] =
1198 "-----BEGIN CERTIFICATE-----\n"
1199 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1200 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1201 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1202 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1203 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1204 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1205 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1206 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1207 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1208 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1209 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1210 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1211 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1212 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1213 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1214 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1215 return BufferFromPEM(kCertPEM);
1216}
1217
1218static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1219 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1220}
1221
1222static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1223 static const char kKeyPEM[] =
1224 "-----BEGIN PRIVATE KEY-----\n"
1225 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1226 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1227 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1228 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1229 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1230 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1231 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1232 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1233 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1234 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1235 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1236 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1237 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1238 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1239 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1240 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1241 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1242 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1243 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1244 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1245 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1246 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1247 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1248 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1249 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1250 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1251 "-----END PRIVATE KEY-----\n";
1252 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1253 return bssl::UniquePtr<EVP_PKEY>(
1254 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1255}
1256
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1257static bool CompleteHandshakes(SSL *client, SSL *server) {
1258 // Drive both their handshakes to completion.
1259 for (;;) {
1260 int client_ret = SSL_do_handshake(client);
1261 int client_err = SSL_get_error(client, client_ret);
1262 if (client_err != SSL_ERROR_NONE &&
1263 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1264 client_err != SSL_ERROR_WANT_WRITE &&
1265 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1266 fprintf(stderr, "Client error: %d\n", client_err);
1267 return false;
1268 }
1269
1270 int server_ret = SSL_do_handshake(server);
1271 int server_err = SSL_get_error(server, server_ret);
1272 if (server_err != SSL_ERROR_NONE &&
1273 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1274 server_err != SSL_ERROR_WANT_WRITE &&
1275 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1276 fprintf(stderr, "Server error: %d\n", server_err);
1277 return false;
1278 }
1279
1280 if (client_ret == 1 && server_ret == 1) {
1281 break;
1282 }
1283 }
1284
1285 return true;
1286}
1287
1288static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1289 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1290 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1291 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1292 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1293 if (!client || !server) {
1294 return false;
1295 }
1296 SSL_set_connect_state(client.get());
1297 SSL_set_accept_state(server.get());
1298
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1299 SSL_set_session(client.get(), session);
1300
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1301 BIO *bio1, *bio2;
1302 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1303 return false;
1304 }
1305 // SSL_set_bio takes ownership.
1306 SSL_set_bio(client.get(), bio1, bio1);
1307 SSL_set_bio(server.get(), bio2, bio2);
1308
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1309 if (!CompleteHandshakes(client.get(), server.get())) {
1310 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1311 }
1312
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1313 *out_client = std::move(client);
1314 *out_server = std::move(server);
1315 return true;
1316}
1317
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1318static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1319 uint16_t version) {
1320 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1321 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1322 if (!server_ctx || !client_ctx ||
1323 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1324 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1325 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1326 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1327 return false;
1328 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1329
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1330 bssl::UniquePtr<X509> cert = GetTestCertificate();
1331 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1332 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1333 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1334 return false;
1335 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1336
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1337 bssl::UniquePtr<SSL> client, server;
1338 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1339 server_ctx.get(), nullptr /* no session */)) {
1340 return false;
1341 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1342
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1343 // Drain any post-handshake messages to ensure there are no unread records
1344 // on either end.
1345 uint8_t byte = 0;
1346 if (SSL_read(client.get(), &byte, 1) > 0 ||
1347 SSL_read(server.get(), &byte, 1) > 0) {
1348 fprintf(stderr, "Received unexpected data.\n");
1349 return false;
1350 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1351
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1352 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1353 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1354 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1355 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1356
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1357 if (is_dtls) {
1358 // Both client and server must be at epoch 1.
1359 if (EpochFromSequence(client_read_seq) != 1 ||
1360 EpochFromSequence(client_write_seq) != 1 ||
1361 EpochFromSequence(server_read_seq) != 1 ||
1362 EpochFromSequence(server_write_seq) != 1) {
1363 fprintf(stderr, "Bad epochs.\n");
1364 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1365 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1366
1367 // The next record to be written should exceed the largest received.
1368 if (client_write_seq <= server_read_seq ||
1369 server_write_seq <= client_read_seq) {
1370 fprintf(stderr, "Inconsistent sequence numbers.\n");
1371 return false;
1372 }
1373 } else {
1374 // The next record to be written should equal the next to be received.
1375 if (client_write_seq != server_read_seq ||
1376 server_write_seq != client_read_seq) {
1377 fprintf(stderr, "Inconsistent sequence numbers.\n");
1378 return false;
1379 }
1380 }
1381
1382 // Send a record from client to server.
1383 if (SSL_write(client.get(), &byte, 1) != 1 ||
1384 SSL_read(server.get(), &byte, 1) != 1) {
1385 fprintf(stderr, "Could not send byte.\n");
1386 return false;
1387 }
1388
1389 // The client write and server read sequence numbers should have
1390 // incremented.
1391 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1392 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1393 fprintf(stderr, "Sequence numbers did not increment.\n");
1394 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1395 }
1396
1397 return true;
1398}
1399
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1400static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1401 uint16_t version) {
1402 // SSL_shutdown is a no-op in DTLS.
1403 if (is_dtls) {
1404 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1405 }
1406
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1407 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1408 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1409 bssl::UniquePtr<X509> cert = GetTestCertificate();
1410 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1411 if (!client_ctx || !server_ctx || !cert || !key ||
1412 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1413 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1414 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1415 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1416 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1417 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1418 return false;
1419 }
1420
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1421 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1422 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1423 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1424 return false;
1425 }
1426
1427 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1428 // one side has shut down.
1429 if (SSL_shutdown(client.get()) != 0) {
1430 fprintf(stderr, "Could not shutdown.\n");
1431 return false;
1432 }
1433
1434 // Reading from the server should consume the EOF.
1435 uint8_t byte;
1436 if (SSL_read(server.get(), &byte, 1) != 0 ||
1437 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1438 fprintf(stderr, "Connection was not shut down cleanly.\n");
1439 return false;
1440 }
1441
1442 // However, the server may continue to write data and then shut down the
1443 // connection.
1444 byte = 42;
1445 if (SSL_write(server.get(), &byte, 1) != 1 ||
1446 SSL_read(client.get(), &byte, 1) != 1 ||
1447 byte != 42) {
1448 fprintf(stderr, "Could not send byte.\n");
1449 return false;
1450 }
1451
1452 // The server may then shutdown the connection.
1453 if (SSL_shutdown(server.get()) != 1 ||
1454 SSL_shutdown(client.get()) != 1) {
1455 fprintf(stderr, "Could not complete shutdown.\n");
1456 return false;
1457 }
1458
1459 return true;
1460}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1461
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1462TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1463 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1464 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1465 ASSERT_TRUE(client_ctx);
1466 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1467
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1468 bssl::UniquePtr<X509> cert = GetTestCertificate();
1469 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1470 ASSERT_TRUE(cert);
1471 ASSERT_TRUE(key);
1472 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1473 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1474
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1475 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1476 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1477 server_ctx.get(),
1478 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1479
1480 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1481 bssl::UniquePtr<SSL_SESSION> session1(
1482 SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
1483 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1484
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1485 session1->not_resumable = 0;
1486
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1487 uint8_t *s0_bytes, *s1_bytes;
1488 size_t s0_len, s1_len;
1489
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1490 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1491 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1492
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1493 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1494 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1495
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1496 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1497}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1498
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1499static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1500 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1501 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1502
1503 // The wrapper BIOs are always equal when fds are equal, even if set
1504 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1505 if (rfd == wfd) {
1506 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1507 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1508}
1509
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1510TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1511 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1512 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1513
1514 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1515 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1516 ASSERT_TRUE(ssl);
1517 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1518 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1519 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1520
1521 // Test setting the same FD.
1522 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1523 ASSERT_TRUE(ssl);
1524 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1525 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1526
1527 // Test setting the same FD one side at a time.
1528 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1529 ASSERT_TRUE(ssl);
1530 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1531 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1532 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1533
1534 // Test setting the same FD in the other order.
1535 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1536 ASSERT_TRUE(ssl);
1537 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1538 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1539 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1540
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1541 // Test changing the read FD partway through.
1542 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1543 ASSERT_TRUE(ssl);
1544 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1545 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1546 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1547
1548 // Test changing the write FD partway through.
1549 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1550 ASSERT_TRUE(ssl);
1551 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1552 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1553 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1554
1555 // Test a no-op change to the read FD partway through.
1556 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1557 ASSERT_TRUE(ssl);
1558 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1559 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1560 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1561
1562 // Test a no-op change to the write FD partway through.
1563 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1564 ASSERT_TRUE(ssl);
1565 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1566 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1567 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1568
1569 // ASan builds will implicitly test that the internal |BIO| reference-counting
1570 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1571}
1572
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1573TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1574 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1575 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1576
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1577 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1578 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1579 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1580 ASSERT_TRUE(ssl);
1581 ASSERT_TRUE(bio1);
1582 ASSERT_TRUE(bio2);
1583 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1584
1585 // SSL_set_bio takes one reference when the parameters are the same.
1586 BIO_up_ref(bio1.get());
1587 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1588
1589 // Repeating the call does nothing.
1590 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1591
1592 // It takes one reference each when the parameters are different.
1593 BIO_up_ref(bio2.get());
1594 BIO_up_ref(bio3.get());
1595 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1596
1597 // Repeating the call does nothing.
1598 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1599
1600 // It takes one reference when changing only wbio.
1601 BIO_up_ref(bio1.get());
1602 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1603
1604 // It takes one reference when changing only rbio and the two are different.
1605 BIO_up_ref(bio3.get());
1606 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1607
1608 // If setting wbio to rbio, it takes no additional references.
1609 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1610
1611 // From there, wbio may be switched to something else.
1612 BIO_up_ref(bio1.get());
1613 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1614
1615 // If setting rbio to wbio, it takes no additional references.
1616 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1617
1618 // From there, rbio may be switched to something else, but, for historical
1619 // reasons, it takes a reference to both parameters.
1620 BIO_up_ref(bio1.get());
1621 BIO_up_ref(bio2.get());
1622 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1623
1624 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1625 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1626}
1627
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1628static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1629
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1630static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1631 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1632 bssl::UniquePtr<X509> cert = GetTestCertificate();
1633 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1634 if (!cert || !key) {
1635 return false;
1636 }
1637
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1638 // Configure both client and server to accept any certificate.
1639 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1640 if (!ctx ||
1641 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1642 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1643 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1644 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1645 return false;
1646 }
1647 SSL_CTX_set_verify(
1648 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1649 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1650
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1651 bssl::UniquePtr<SSL> client, server;
1652 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1653 nullptr /* no session */)) {
1654 return false;
1655 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1656
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1657 // Client and server should both see the leaf certificate.
1658 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1659 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1660 fprintf(stderr, "Server peer certificate did not match.\n");
1661 return false;
1662 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1663
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1664 peer.reset(SSL_get_peer_certificate(client.get()));
1665 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1666 fprintf(stderr, "Client peer certificate did not match.\n");
1667 return false;
1668 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1669
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1670 // However, for historical reasons, the chain includes the leaf on the
1671 // client, but does not on the server.
1672 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1673 fprintf(stderr, "Client peer chain was incorrect.\n");
1674 return false;
1675 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1676
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1677 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1678 fprintf(stderr, "Server peer chain was incorrect.\n");
1679 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1680 }
1681
1682 return true;
1683}
1684
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1685static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1686 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1687 bssl::UniquePtr<X509> cert = GetTestCertificate();
1688 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1689 if (!cert || !key) {
1690 return false;
1691 }
1692
1693 uint8_t *cert_der = NULL;
1694 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1695 if (cert_der_len < 0) {
1696 return false;
1697 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1698 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1699
1700 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1701 SHA256(cert_der, cert_der_len, cert_sha256);
1702
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1703 // Configure both client and server to accept any certificate, but the
1704 // server must retain only the SHA-256 of the peer.
1705 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1706 if (!ctx ||
1707 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1708 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1709 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1710 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1711 return false;
1712 }
1713 SSL_CTX_set_verify(
1714 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1715 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1716 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1717
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1718 bssl::UniquePtr<SSL> client, server;
1719 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1720 nullptr /* no session */)) {
1721 return false;
1722 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1723
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1724 // The peer certificate has been dropped.
1725 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1726 if (peer) {
1727 fprintf(stderr, "Peer certificate was retained.\n");
1728 return false;
1729 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1730
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1731 SSL_SESSION *session = SSL_get_session(server.get());
1732 if (!session->peer_sha256_valid) {
1733 fprintf(stderr, "peer_sha256_valid was not set.\n");
1734 return false;
1735 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1736
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1737 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1738 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1739 fprintf(stderr, "peer_sha256 did not match.\n");
1740 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1741 }
1742
1743 return true;
1744}
1745
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1746static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1747 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1748 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1749 // Our default cipher list varies by CPU capabilities, so manually place the
1750 // ChaCha20 ciphers in front.
Matthew Braithwaite7e06de52017-04-10 15:52:14 -0700[diff] [blame]1751 const char* cipher_list = "CHACHA20:ALL";
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1752 if (!ctx ||
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]1753 // SSLv3 is off by default.
1754 !SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1755 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1756 !SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list)) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1757 return false;
1758 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1759
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1760 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1761 if (!ssl) {
1762 return false;
1763 }
1764 std::vector<uint8_t> client_hello;
1765 if (!GetClientHello(ssl.get(), &client_hello)) {
1766 return false;
1767 }
1768
1769 // Zero the client_random.
1770 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1771 1 + 3 + // handshake message header
1772 2; // client_version
1773 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1774 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1775 return false;
1776 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1777 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1778
1779 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1780 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1781 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1782 fprintf(stderr, "Got:\n\t");
1783 for (size_t i = 0; i < client_hello.size(); i++) {
1784 fprintf(stderr, "0x%02x, ", client_hello[i]);
1785 }
1786 fprintf(stderr, "\nWanted:\n\t");
1787 for (size_t i = 0; i < expected_len; i++) {
1788 fprintf(stderr, "0x%02x, ", expected[i]);
1789 }
1790 fprintf(stderr, "\n");
1791 return false;
1792 }
1793
1794 return true;
1795}
1796
1797// Tests that our ClientHellos do not change unexpectedly.
1798static bool TestClientHello() {
1799 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1800 0x16,
1801 0x03, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1802 0x00, 0x3b,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1803 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1804 0x00, 0x00, 0x37,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1805 0x03, 0x00,
1806 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1807 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1808 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1809 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1810 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1811 0x00, 0x10,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1812 0xc0, 0x09,
1813 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1814 0xc0, 0x0a,
1815 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1816 0x00, 0x2f,
1817 0x00, 0x35,
1818 0x00, 0x0a,
1819 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1820 };
1821 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1822 sizeof(kSSL3ClientHello))) {
1823 return false;
1824 }
1825
1826 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1827 0x16,
1828 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1829 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1830 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1831 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1832 0x03, 0x01,
1833 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1834 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1835 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1836 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1837 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1838 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1839 0xc0, 0x09,
1840 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1841 0xc0, 0x0a,
1842 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1843 0x00, 0x2f,
1844 0x00, 0x35,
1845 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1846 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1847 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1848 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1849 };
1850 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1851 sizeof(kTLS1ClientHello))) {
1852 return false;
1853 }
1854
1855 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1856 0x16,
1857 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1858 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1859 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1860 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1861 0x03, 0x02,
1862 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1863 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1864 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1865 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1866 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1867 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1868 0xc0, 0x09,
1869 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1870 0xc0, 0x0a,
1871 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1872 0x00, 0x2f,
1873 0x00, 0x35,
1874 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1875 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1876 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1877 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1878 };
1879 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1880 sizeof(kTLS11ClientHello))) {
1881 return false;
1882 }
1883
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1884 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1885 // builds.
1886#if defined(BORINGSSL_ANDROID_SYSTEM)
1887 return true;
1888#endif
1889
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1890 static const uint8_t kTLS12ClientHello[] = {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1891 0x16,
1892 0x03, 0x01,
1893 0x00, 0x8e,
1894 0x01,
1895 0x00, 0x00, 0x8a,
1896 0x03, 0x03,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1897 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1898 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1899 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1900 0x00, 0x2a,
1901 0xcc, 0xa9,
1902 0xcc, 0xa8,
1903 0xc0, 0x2b,
1904 0xc0, 0x2f,
1905 0xc0, 0x2c,
1906 0xc0, 0x30,
1907 0xc0, 0x09,
1908 0xc0, 0x23,
1909 0xc0, 0x13,
1910 0xc0, 0x27,
1911 0xc0, 0x0a,
1912 0xc0, 0x24,
1913 0xc0, 0x14,
1914 0xc0, 0x28,
1915 0x00, 0x9c,
1916 0x00, 0x9d,
1917 0x00, 0x2f,
1918 0x00, 0x3c,
1919 0x00, 0x35,
1920 0x00, 0x3d,
1921 0x00, 0x0a,
1922 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1923 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04,
1924 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08,
1925 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1926 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1927 };
1928 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1929 sizeof(kTLS12ClientHello))) {
1930 return false;
1931 }
1932
1933 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1934 // implementation has settled enough that it won't change.
1935
1936 return true;
1937}
1938
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1939static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1940
1941static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1942 // Save the most recent session.
1943 g_last_session.reset(session);
1944 return 1;
1945}
1946
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1947static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1948 SSL_CTX *server_ctx) {
1949 g_last_session = nullptr;
1950 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1951
1952 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1953 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1954 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1955 nullptr /* no session */)) {
1956 fprintf(stderr, "Failed to connect client and server.\n");
1957 return nullptr;
1958 }
1959
1960 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1961 SSL_read(client.get(), nullptr, 0);
1962
1963 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1964
1965 if (!g_last_session) {
1966 fprintf(stderr, "Client did not receive a session.\n");
1967 return nullptr;
1968 }
1969 return std::move(g_last_session);
1970}
1971
1972static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1973 SSL_SESSION *session,
1974 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1975 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1976 if (!ConnectClientAndServer(&client, &server, client_ctx,
1977 server_ctx, session)) {
1978 fprintf(stderr, "Failed to connect client and server.\n");
1979 return false;
1980 }
1981
1982 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1983 fprintf(stderr, "Client and server were inconsistent.\n");
1984 return false;
1985 }
1986
1987 bool was_reused = !!SSL_session_reused(client.get());
1988 if (was_reused != reused) {
1989 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1990 was_reused ? "" : " not");
1991 return false;
1992 }
1993
1994 return true;
1995}
1996
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]1997static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
1998 SSL_CTX *server_ctx,
1999 SSL_SESSION *session) {
2000 g_last_session = nullptr;
2001 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2002
2003 bssl::UniquePtr<SSL> client, server;
2004 if (!ConnectClientAndServer(&client, &server, client_ctx,
2005 server_ctx, session)) {
2006 fprintf(stderr, "Failed to connect client and server.\n");
2007 return nullptr;
2008 }
2009
2010 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2011 fprintf(stderr, "Client and server were inconsistent.\n");
2012 return nullptr;
2013 }
2014
2015 if (!SSL_session_reused(client.get())) {
2016 fprintf(stderr, "Session was not reused.\n");
2017 return nullptr;
2018 }
2019
2020 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2021 SSL_read(client.get(), nullptr, 0);
2022
2023 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2024
2025 if (!g_last_session) {
2026 fprintf(stderr, "Client did not receive a renewed session.\n");
2027 return nullptr;
2028 }
2029 return std::move(g_last_session);
2030}
2031
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2032static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2033 static const uint8_t kContext[] = {3};
2034
2035 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2036 return SSL_TLSEXT_ERR_ALERT_FATAL;
2037 }
2038
2039 return SSL_TLSEXT_ERR_OK;
2040}
2041
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2042static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2043 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2044 bssl::UniquePtr<X509> cert = GetTestCertificate();
2045 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2046 if (!cert || !key) {
2047 return false;
2048 }
2049
2050 static const uint8_t kContext1[] = {1};
2051 static const uint8_t kContext2[] = {2};
2052
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2053 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2054 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2055 if (!server_ctx || !client_ctx ||
2056 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2057 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2058 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2059 sizeof(kContext1)) ||
2060 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2061 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2062 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2063 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2064 return false;
2065 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2066
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2067 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2068 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2069
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2070 bssl::UniquePtr<SSL_SESSION> session =
2071 CreateClientSession(client_ctx.get(), server_ctx.get());
2072 if (!session) {
2073 fprintf(stderr, "Error getting session.\n");
2074 return false;
2075 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2076
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2077 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2078 true /* expect session reused */)) {
2079 fprintf(stderr, "Error resuming session.\n");
2080 return false;
2081 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2082
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2083 // Change the session ID context.
2084 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2085 sizeof(kContext2))) {
2086 return false;
2087 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2088
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2089 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2090 false /* expect session not reused */)) {
2091 fprintf(stderr, "Error connecting with a different context.\n");
2092 return false;
2093 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2094
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2095 // Change the session ID context back and install an SNI callback to switch
2096 // it.
2097 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2098 sizeof(kContext1))) {
2099 return false;
2100 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2101
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2102 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2103 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2104
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2105 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2106 false /* expect session not reused */)) {
2107 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2108 return false;
2109 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2110
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2111 // Switch the session ID context with the early callback instead.
2112 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2113 SSL_CTX_set_select_certificate_cb(
2114 server_ctx.get(),
2115 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2116 static const uint8_t kContext[] = {3};
2117
2118 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2119 sizeof(kContext))) {
2120 return ssl_select_cert_error;
2121 }
2122
2123 return ssl_select_cert_success;
2124 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2125
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2126 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2127 false /* expect session not reused */)) {
2128 fprintf(stderr,
2129 "Error connecting with a context switch on early callback.\n");
2130 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2131 }
2132
2133 return true;
2134}
2135
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2136static timeval g_current_time;
2137
2138static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2139 *out_clock = g_current_time;
2140}
2141
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2142static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2143 out_clock->tv_sec = 1000;
2144 out_clock->tv_usec = 0;
2145}
2146
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2147static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2148 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2149 int encrypt) {
2150 static const uint8_t kZeros[16] = {0};
2151
2152 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2153 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2154 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2155 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2156 return 0;
2157 }
2158
2159 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2160 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2161 return -1;
2162 }
2163
2164 // Returning two from the callback in decrypt mode renews the
2165 // session in TLS 1.2 and below.
2166 return encrypt ? 1 : 2;
2167}
2168
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2169static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2170 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2171 return false;
2172 }
2173
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2174 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2175 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2176 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2177
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2178#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2179 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2180 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2181#else
2182 static const uint8_t kZeros[16] = {0};
2183 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2184 bssl::ScopedEVP_CIPHER_CTX ctx;
2185 int len1, len2;
2186 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2187 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2188 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2189 return false;
2190 }
2191
2192 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2193#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2194
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2195 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2196 if (!ssl_ctx) {
2197 return false;
2198 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2199 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2200 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2201 if (!server_session) {
2202 return false;
2203 }
2204
2205 *out = server_session->time;
2206 return true;
2207}
2208
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2209static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2210 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2211 bssl::UniquePtr<X509> cert = GetTestCertificate();
2212 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2213 if (!cert || !key) {
2214 return false;
2215 }
2216
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2217 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2218 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2219 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2220
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2221 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2222 // resumptions still perform ECDHE.
2223 const time_t timeout = version == TLS1_3_VERSION
2224 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2225 : SSL_DEFAULT_SESSION_TIMEOUT;
2226
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2227 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2228 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2229 if (!server_ctx || !client_ctx ||
2230 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2231 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2232 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2233 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2234 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2235 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2236 return false;
2237 }
2238
2239 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2240 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2241
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2242 // Both client and server must enforce session timeouts. We configure the
2243 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2244 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2245 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2246 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2247 } else {
2248 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2249 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2250 }
2251
2252 // Configure a ticket callback which renews tickets.
2253 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2254
2255 bssl::UniquePtr<SSL_SESSION> session =
2256 CreateClientSession(client_ctx.get(), server_ctx.get());
2257 if (!session) {
2258 fprintf(stderr, "Error getting session.\n");
2259 return false;
2260 }
2261
2262 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2263 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2264
2265 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2266 true /* expect session reused */)) {
2267 fprintf(stderr, "Error resuming session.\n");
2268 return false;
2269 }
2270
2271 // Advance the clock one more second.
2272 g_current_time.tv_sec++;
2273
2274 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2275 false /* expect session not reused */)) {
2276 fprintf(stderr, "Error resuming session.\n");
2277 return false;
2278 }
2279
2280 // Rewind the clock to before the session was minted.
2281 g_current_time.tv_sec = kStartTime - 1;
2282
2283 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2284 false /* expect session not reused */)) {
2285 fprintf(stderr, "Error resuming session.\n");
2286 return false;
2287 }
2288
2289 // SSL 3.0 cannot renew sessions.
2290 if (version == SSL3_VERSION) {
2291 continue;
2292 }
2293
2294 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2295 time_t new_start_time = kStartTime + timeout - 10;
2296 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2297 bssl::UniquePtr<SSL_SESSION> new_session =
2298 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2299 if (!new_session) {
2300 fprintf(stderr, "Error renewing session.\n");
2301 return false;
2302 }
2303
2304 // This new session is not the same object as before.
2305 if (session.get() == new_session.get()) {
2306 fprintf(stderr, "New and old sessions alias.\n");
2307 return false;
2308 }
2309
2310 // Check the sessions have timestamps measured from issuance.
2311 long session_time = 0;
2312 if (server_test) {
2313 if (!GetServerTicketTime(&session_time, new_session.get())) {
2314 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2315 return false;
2316 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2317 } else {
2318 session_time = new_session->time;
2319 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2320
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2321 if (session_time != g_current_time.tv_sec) {
2322 fprintf(stderr, "New session is not measured from issuance.\n");
2323 return false;
2324 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2325
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2326 if (version == TLS1_3_VERSION) {
2327 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2328 // lifetime TLS 1.3.
2329 g_current_time.tv_sec = new_start_time + timeout - 1;
2330 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2331 new_session.get(),
2332 true /* expect session reused */)) {
2333 fprintf(stderr, "Error resuming renewed session.\n");
2334 return false;
2335 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2336
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2337 // The new session expires after the new timeout.
2338 g_current_time.tv_sec = new_start_time + timeout + 1;
2339 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2340 new_session.get(),
2341 false /* expect session ot reused */)) {
2342 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2343 return false;
2344 }
2345
2346 // Renew the session until it begins just past the auth timeout.
2347 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2348 while (new_start_time < auth_end_time - 1000) {
2349 // Get as close as possible to target start time.
2350 new_start_time =
2351 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2352 g_current_time.tv_sec = new_start_time;
2353 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2354 new_session.get());
2355 if (!new_session) {
2356 fprintf(stderr, "Error renewing session.\n");
2357 return false;
2358 }
2359 }
2360
2361 // Now the session's lifetime is bound by the auth timeout.
2362 g_current_time.tv_sec = auth_end_time - 1;
2363 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2364 new_session.get(),
2365 true /* expect session reused */)) {
2366 fprintf(stderr, "Error resuming renewed session.\n");
2367 return false;
2368 }
2369
2370 g_current_time.tv_sec = auth_end_time + 1;
2371 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2372 new_session.get(),
2373 false /* expect session ot reused */)) {
2374 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2375 return false;
2376 }
2377 } else {
2378 // The new session is usable just before the old expiration.
2379 g_current_time.tv_sec = kStartTime + timeout - 1;
2380 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2381 new_session.get(),
2382 true /* expect session reused */)) {
2383 fprintf(stderr, "Error resuming renewed session.\n");
2384 return false;
2385 }
2386
2387 // Renewal does not extend the lifetime, so it is not usable beyond the
2388 // old expiration.
2389 g_current_time.tv_sec = kStartTime + timeout + 1;
2390 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2391 new_session.get(),
2392 false /* expect session not reused */)) {
2393 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2394 return false;
2395 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2396 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2397 }
2398
2399 return true;
2400}
2401
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2402static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2403 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2404 SSL_set_SSL_CTX(ssl, ctx);
2405 return SSL_TLSEXT_ERR_OK;
2406}
2407
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2408static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2409 uint16_t version) {
2410 // SSL 3.0 lacks extensions.
2411 if (version == SSL3_VERSION) {
2412 return true;
2413 }
2414
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2415 bssl::UniquePtr<X509> cert = GetTestCertificate();
2416 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2417 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2418 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2419 if (!cert || !key || !cert2 || !key2) {
2420 return false;
2421 }
2422
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2423 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2424 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2425
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2426 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2427 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2428
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2429 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2430 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2431 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2432 if (!server_ctx || !server_ctx2 || !client_ctx ||
2433 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2434 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2435 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2436 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2437 !SSL_CTX_set_signed_cert_timestamp_list(server_ctx2.get(), kSCTList,
2438 sizeof(kSCTList)) ||
2439 !SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2440 sizeof(kOCSPResponse)) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2441 // Historically signing preferences would be lost in some cases with the
2442 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2443 // this doesn't happen when |version| is TLS 1.2, configure the private
2444 // key to only sign SHA-256.
2445 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2446 1) ||
2447 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2448 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2449 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2450 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2451 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2452 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2453 return false;
2454 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2455
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2456 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2457 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2458
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2459 SSL_CTX_enable_signed_cert_timestamps(client_ctx.get());
2460 SSL_CTX_enable_ocsp_stapling(client_ctx.get());
2461
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2462 bssl::UniquePtr<SSL> client, server;
2463 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2464 server_ctx.get(), nullptr)) {
2465 fprintf(stderr, "Handshake failed.\n");
2466 return false;
2467 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2468
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2469 // The client should have received |cert2|.
2470 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2471 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2472 fprintf(stderr, "Incorrect certificate received.\n");
2473 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2474 }
2475
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2476 // The client should have received |server_ctx2|'s SCT list.
2477 const uint8_t *data;
2478 size_t len;
2479 SSL_get0_signed_cert_timestamp_list(client.get(), &data, &len);
2480 if (Bytes(kSCTList) != Bytes(data, len)) {
2481 fprintf(stderr, "Incorrect SCT list received.\n");
2482 return false;
2483 }
2484
2485 // The client should have received |server_ctx2|'s OCSP response.
2486 SSL_get0_ocsp_response(client.get(), &data, &len);
2487 if (Bytes(kOCSPResponse) != Bytes(data, len)) {
2488 fprintf(stderr, "Incorrect OCSP response received.\n");
2489 return false;
2490 }
2491
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2492 return true;
2493}
2494
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2495// Test that the early callback can swap the maximum version.
2496TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2497 bssl::UniquePtr<X509> cert = GetTestCertificate();
2498 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2499 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2500 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2501 ASSERT_TRUE(cert);
2502 ASSERT_TRUE(key);
2503 ASSERT_TRUE(server_ctx);
2504 ASSERT_TRUE(client_ctx);
2505 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2506 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2507 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2508 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2509
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2510 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2511 server_ctx.get(),
2512 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2513 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2514 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2515 }
2516
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2517 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2518 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2519
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2520 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2521 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2522 server_ctx.get(), nullptr));
2523 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2524}
2525
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2526TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2527 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2528 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2529
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2530 // Set valid TLS versions.
2531 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2532 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2533 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2534 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2535
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2536 // Invalid TLS versions are rejected.
2537 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2538 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2539 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2540 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2541 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2542 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2543
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2544 // Zero is the default version.
2545 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2546 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2547 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2548 EXPECT_EQ(TLS1_VERSION, ctx->min_version);
2549
2550 // SSL 3.0 and TLS 1.3 are available, but not by default.
2551 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2552 EXPECT_EQ(SSL3_VERSION, ctx->min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2553 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
2554 EXPECT_EQ(TLS1_3_VERSION, ctx->max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2555
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2556 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2557 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2558
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2559 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2560 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2561 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2562 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2563
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2564 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2565 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2566 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2567 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2568 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2569 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2570 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2571 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2572
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2573 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2574 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2575 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2576 EXPECT_EQ(TLS1_1_VERSION, ctx->min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2577}
2578
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2579static const char *GetVersionName(uint16_t version) {
2580 switch (version) {
2581 case SSL3_VERSION:
2582 return "SSLv3";
2583 case TLS1_VERSION:
2584 return "TLSv1";
2585 case TLS1_1_VERSION:
2586 return "TLSv1.1";
2587 case TLS1_2_VERSION:
2588 return "TLSv1.2";
2589 case TLS1_3_VERSION:
2590 return "TLSv1.3";
2591 case DTLS1_VERSION:
2592 return "DTLSv1";
2593 case DTLS1_2_VERSION:
2594 return "DTLSv1.2";
2595 default:
2596 return "???";
2597 }
2598}
2599
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2600static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2601 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2602 bssl::UniquePtr<X509> cert = GetTestCertificate();
2603 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2604 if (!cert || !key) {
2605 return false;
2606 }
2607
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2608 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2609 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2610 bssl::UniquePtr<SSL> client, server;
2611 if (!server_ctx || !client_ctx ||
2612 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2613 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2614 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2615 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2616 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2617 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2618 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2619 server_ctx.get(), nullptr /* no session */)) {
2620 fprintf(stderr, "Failed to connect.\n");
2621 return false;
2622 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2623
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2624 if (SSL_version(client.get()) != version ||
2625 SSL_version(server.get()) != version) {
2626 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2627 SSL_version(client.get()), SSL_version(server.get()), version);
2628 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2629 }
2630
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2631 // Test the version name is reported as expected.
2632 const char *version_name = GetVersionName(version);
2633 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2634 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2635 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2636 SSL_get_version(client.get()), SSL_get_version(server.get()),
2637 version_name);
2638 return false;
2639 }
2640
2641 // Test SSL_SESSION reports the same name.
2642 const char *client_name =
2643 SSL_SESSION_get_version(SSL_get_session(client.get()));
2644 const char *server_name =
2645 SSL_SESSION_get_version(SSL_get_session(server.get()));
2646 if (strcmp(version_name, client_name) != 0 ||
2647 strcmp(version_name, server_name) != 0) {
2648 fprintf(stderr,
2649 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2650 client_name, server_name, version_name);
2651 return false;
2652 }
2653
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2654 return true;
2655}
2656
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2657// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2658// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2659static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2660 uint16_t version) {
2661 // SSL 3.0 lacks extensions.
2662 if (version == SSL3_VERSION) {
2663 return true;
2664 }
2665
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2666 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2667
2668 bssl::UniquePtr<X509> cert = GetTestCertificate();
2669 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2670 if (!cert || !key) {
2671 return false;
2672 }
2673
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2674 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2675 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2676 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2677 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2678 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2679 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2680 0) {
2681 return false;
2682 }
2683
2684 // The ALPN callback does not fail the handshake on error, so have the
2685 // callback write a boolean.
2686 std::pair<uint16_t, bool> callback_state(version, false);
2687 SSL_CTX_set_alpn_select_cb(
2688 ctx.get(),
2689 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2690 unsigned in_len, void *arg) -> int {
2691 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2692 if (SSL_get_pending_cipher(ssl) != nullptr &&
2693 SSL_version(ssl) == state->first) {
2694 state->second = true;
2695 }
2696 return SSL_TLSEXT_ERR_NOACK;
2697 },
2698 &callback_state);
2699
2700 bssl::UniquePtr<SSL> client, server;
2701 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2702 nullptr /* no session */)) {
2703 return false;
2704 }
2705
2706 if (!callback_state.second) {
2707 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2708 return false;
2709 }
2710
2711 return true;
2712}
2713
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2714static bool TestSSLClearSessionResumption(bool is_dtls,
2715 const SSL_METHOD *method,
2716 uint16_t version) {
2717 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2718 // API pattern.
2719 if (version == TLS1_3_VERSION) {
2720 return true;
2721 }
2722
2723 bssl::UniquePtr<X509> cert = GetTestCertificate();
2724 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2725 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2726 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2727 if (!cert || !key || !server_ctx || !client_ctx ||
2728 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2729 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2730 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2731 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2732 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2733 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2734 return false;
2735 }
2736
2737 // Connect a client and a server.
2738 bssl::UniquePtr<SSL> client, server;
2739 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2740 server_ctx.get(), nullptr /* no session */)) {
2741 return false;
2742 }
2743
2744 if (SSL_session_reused(client.get()) ||
2745 SSL_session_reused(server.get())) {
2746 fprintf(stderr, "Session unexpectedly reused.\n");
2747 return false;
2748 }
2749
2750 // Reset everything.
2751 if (!SSL_clear(client.get()) ||
2752 !SSL_clear(server.get())) {
2753 fprintf(stderr, "SSL_clear failed.\n");
2754 return false;
2755 }
2756
2757 // Attempt to connect a second time.
2758 if (!CompleteHandshakes(client.get(), server.get())) {
2759 fprintf(stderr, "Could not reuse SSL objects.\n");
2760 return false;
2761 }
2762
2763 // |SSL_clear| should implicitly offer the previous session to the server.
2764 if (!SSL_session_reused(client.get()) ||
2765 !SSL_session_reused(server.get())) {
2766 fprintf(stderr, "Session was not reused in second try.\n");
2767 return false;
2768 }
2769
2770 return true;
2771}
2772
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2773static bool ChainsEqual(STACK_OF(X509) *chain,
2774 const std::vector<X509 *> &expected) {
2775 if (sk_X509_num(chain) != expected.size()) {
2776 return false;
2777 }
2778
2779 for (size_t i = 0; i < expected.size(); i++) {
2780 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2781 return false;
2782 }
2783 }
2784
2785 return true;
2786}
2787
2788static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2789 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2790 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2791 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2792 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2793 if (!cert || !intermediate || !key) {
2794 return false;
2795 }
2796
2797 // Configure both client and server to accept any certificate. Add
2798 // |intermediate| to the cert store.
2799 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2800 if (!ctx ||
2801 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2802 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2803 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2804 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2805 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2806 intermediate.get())) {
2807 return false;
2808 }
2809 SSL_CTX_set_verify(
2810 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2811 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2812
2813 // By default, the client and server should each only send the leaf.
2814 bssl::UniquePtr<SSL> client, server;
2815 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2816 nullptr /* no session */)) {
2817 return false;
2818 }
2819
2820 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2821 fprintf(stderr, "Client-received chain did not match.\n");
2822 return false;
2823 }
2824
2825 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2826 fprintf(stderr, "Server-received chain did not match.\n");
2827 return false;
2828 }
2829
2830 // If auto-chaining is enabled, then the intermediate is sent.
2831 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2832 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2833 nullptr /* no session */)) {
2834 return false;
2835 }
2836
2837 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2838 {cert.get(), intermediate.get()})) {
2839 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
2840 return false;
2841 }
2842
2843 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2844 {cert.get(), intermediate.get()})) {
2845 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
2846 return false;
2847 }
2848
2849 // Auto-chaining does not override explicitly-configured intermediates.
2850 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
2851 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2852 nullptr /* no session */)) {
2853 return false;
2854 }
2855
2856 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2857 {cert.get(), cert.get()})) {
2858 fprintf(stderr,
2859 "Client-received chain did not match (auto-chaining, explicit "
2860 "intermediate).\n");
2861 return false;
2862 }
2863
2864 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2865 {cert.get(), cert.get()})) {
2866 fprintf(stderr,
2867 "Server-received chain did not match (auto-chaining, explicit "
2868 "intermediate).\n");
2869 return false;
2870 }
2871
2872 return true;
2873}
2874
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2875static bool ExpectBadWriteRetry() {
2876 int err = ERR_get_error();
2877 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2878 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2879 char buf[ERR_ERROR_STRING_BUF_LEN];
2880 ERR_error_string_n(err, buf, sizeof(buf));
2881 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2882 return false;
2883 }
2884
2885 if (ERR_peek_error() != 0) {
2886 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2887 return false;
2888 }
2889
2890 return true;
2891}
2892
2893static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
2894 uint16_t version) {
2895 if (is_dtls) {
2896 return true;
2897 }
2898
2899 for (bool enable_partial_write : std::vector<bool>{false, true}) {
2900 // Connect a client and server.
2901 bssl::UniquePtr<X509> cert = GetTestCertificate();
2902 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2903 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2904 bssl::UniquePtr<SSL> client, server;
2905 if (!cert || !key || !ctx ||
2906 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2907 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2908 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2909 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2910 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2911 nullptr /* no session */)) {
2912 return false;
2913 }
2914
2915 if (enable_partial_write) {
2916 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
2917 }
2918
2919 // Write without reading until the buffer is full and we have an unfinished
2920 // write. Keep a count so we may reread it again later. "hello!" will be
2921 // written in two chunks, "hello" and "!".
2922 char data[] = "hello!";
2923 static const int kChunkLen = 5; // The length of "hello".
2924 unsigned count = 0;
2925 for (;;) {
2926 int ret = SSL_write(client.get(), data, kChunkLen);
2927 if (ret <= 0) {
2928 int err = SSL_get_error(client.get(), ret);
2929 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
2930 break;
2931 }
2932 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
2933 return false;
2934 }
2935
2936 if (ret != 5) {
2937 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
2938 return false;
2939 }
2940
2941 count++;
2942 }
2943
2944 // Retrying with the same parameters is legal.
2945 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
2946 SSL_ERROR_WANT_WRITE) {
2947 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2948 return false;
2949 }
2950
2951 // Retrying with the same buffer but shorter length is not legal.
2952 if (SSL_get_error(client.get(),
2953 SSL_write(client.get(), data, kChunkLen - 1)) !=
2954 SSL_ERROR_SSL ||
2955 !ExpectBadWriteRetry()) {
2956 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2957 return false;
2958 }
2959
2960 // Retrying with a different buffer pointer is not legal.
2961 char data2[] = "hello";
2962 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
2963 kChunkLen)) != SSL_ERROR_SSL ||
2964 !ExpectBadWriteRetry()) {
2965 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2966 return false;
2967 }
2968
2969 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
2970 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2971 if (SSL_get_error(client.get(),
2972 SSL_write(client.get(), data2, kChunkLen)) !=
2973 SSL_ERROR_WANT_WRITE) {
2974 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2975 return false;
2976 }
2977
2978 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
2979 if (SSL_get_error(client.get(),
2980 SSL_write(client.get(), data2, kChunkLen - 1)) !=
2981 SSL_ERROR_SSL ||
2982 !ExpectBadWriteRetry()) {
2983 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2984 return false;
2985 }
2986
2987 // Retrying with a larger buffer is legal.
2988 if (SSL_get_error(client.get(),
2989 SSL_write(client.get(), data, kChunkLen + 1)) !=
2990 SSL_ERROR_WANT_WRITE) {
2991 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2992 return false;
2993 }
2994
2995 // Drain the buffer.
2996 char buf[20];
2997 for (unsigned i = 0; i < count; i++) {
2998 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
2999 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
3000 fprintf(stderr, "Failed to read initial records.\n");
3001 return false;
3002 }
3003 }
3004
3005 // Now that there is space, a retry with a larger buffer should flush the
3006 // pending record, skip over that many bytes of input (on assumption they
3007 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
3008 // is set, this will complete in two steps.
3009 char data3[] = "_____!";
3010 if (enable_partial_write) {
3011 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
3012 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
3013 fprintf(stderr, "SSL_write retry failed.\n");
3014 return false;
3015 }
3016 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3017 fprintf(stderr, "SSL_write retry failed.\n");
3018 return false;
3019 }
3020
3021 // Check the last write was correct. The data will be spread over two
3022 // records, so SSL_read returns twice.
3023 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3024 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3025 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3026 buf[0] != '!') {
3027 fprintf(stderr, "Failed to read write retry.\n");
3028 return false;
3029 }
3030 }
3031
3032 return true;
3033}
3034
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3035static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3036 const SSL_METHOD *method,
3037 uint16_t version)) {
3038 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]3039 SSL3_VERSION,
3040 TLS1_VERSION,
3041 TLS1_1_VERSION,
3042 TLS1_2_VERSION,
3043// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3044#if !defined(BORINGSSL_ANDROID_SYSTEM)
3045 TLS1_3_VERSION,
3046#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3047 };
3048
3049 static uint16_t kDTLSVersions[] = {
3050 DTLS1_VERSION, DTLS1_2_VERSION,
3051 };
3052
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3053 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3054 if (!test_func(false, TLS_method(), version)) {
3055 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3056 return false;
3057 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3058 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3059
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3060 for (uint16_t version : kDTLSVersions) {
3061 if (!test_func(true, DTLS_method(), version)) {
3062 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3063 return false;
3064 }
3065 }
3066
3067 return true;
3068}
3069
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3070TEST(SSLTest, AddChainCertHack) {
3071 // Ensure that we don't accidently break the hack that we have in place to
3072 // keep curl and serf happy when they use an |X509| even after transfering
3073 // ownership.
3074
3075 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3076 ASSERT_TRUE(ctx);
3077 X509 *cert = GetTestCertificate().release();
3078 ASSERT_TRUE(cert);
3079 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3080
3081 // This should not trigger a use-after-free.
3082 X509_cmp(cert, cert);
3083}
3084
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3085TEST(SSLTest, GetCertificate) {
3086 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3087 ASSERT_TRUE(ctx);
3088 bssl::UniquePtr<X509> cert = GetTestCertificate();
3089 ASSERT_TRUE(cert);
3090 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3091 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3092 ASSERT_TRUE(ssl);
3093
3094 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3095 ASSERT_TRUE(cert2);
3096 X509 *cert3 = SSL_get_certificate(ssl.get());
3097 ASSERT_TRUE(cert3);
3098
3099 // The old and new certificates must be identical.
3100 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3101 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3102
3103 uint8_t *der = nullptr;
3104 long der_len = i2d_X509(cert.get(), &der);
3105 ASSERT_LT(0, der_len);
3106 bssl::UniquePtr<uint8_t> free_der(der);
3107
3108 uint8_t *der2 = nullptr;
3109 long der2_len = i2d_X509(cert2, &der2);
3110 ASSERT_LT(0, der2_len);
3111 bssl::UniquePtr<uint8_t> free_der2(der2);
3112
3113 uint8_t *der3 = nullptr;
3114 long der3_len = i2d_X509(cert3, &der3);
3115 ASSERT_LT(0, der3_len);
3116 bssl::UniquePtr<uint8_t> free_der3(der3);
3117
3118 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3119 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3120 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3121}
3122
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3123TEST(SSLTest, SetChainAndKeyMismatch) {
3124 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3125 ASSERT_TRUE(ctx);
3126
3127 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3128 ASSERT_TRUE(key);
3129 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3130 ASSERT_TRUE(leaf);
3131 std::vector<CRYPTO_BUFFER*> chain = {
3132 leaf.get(),
3133 };
3134
3135 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3136 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3137 key.get(), nullptr));
3138 ERR_clear_error();
3139}
3140
3141TEST(SSLTest, SetChainAndKey) {
3142 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3143 ASSERT_TRUE(client_ctx);
3144 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3145 ASSERT_TRUE(server_ctx);
3146
3147 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3148 ASSERT_TRUE(key);
3149 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3150 ASSERT_TRUE(leaf);
3151 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3152 GetChainTestIntermediateBuffer();
3153 ASSERT_TRUE(intermediate);
3154 std::vector<CRYPTO_BUFFER*> chain = {
3155 leaf.get(), intermediate.get(),
3156 };
3157 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3158 chain.size(), key.get(), nullptr));
3159
3160 SSL_CTX_i_promise_to_verify_certs_after_the_handshake(client_ctx.get());
3161
3162 bssl::UniquePtr<SSL> client, server;
3163 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3164 server_ctx.get(),
3165 nullptr /* no session */));
3166}
3167
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3168// Configuring the empty cipher list, though an error, should still modify the
3169// configuration.
3170TEST(SSLTest, EmptyCipherList) {
3171 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3172 ASSERT_TRUE(ctx);
3173
3174 // Initially, the cipher list is not empty.
3175 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3176
3177 // Configuring the empty cipher list fails.
3178 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3179 ERR_clear_error();
3180
3181 // But the cipher list is still updated to empty.
3182 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3183}
3184
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3185// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3186// test |SSL_TICKET_AEAD_METHOD| can fail.
3187enum ssl_test_ticket_aead_failure_mode {
3188 ssl_test_ticket_aead_ok = 0,
3189 ssl_test_ticket_aead_seal_fail,
3190 ssl_test_ticket_aead_open_soft_fail,
3191 ssl_test_ticket_aead_open_hard_fail,
3192};
3193
3194struct ssl_test_ticket_aead_state {
3195 unsigned retry_count;
3196 ssl_test_ticket_aead_failure_mode failure_mode;
3197};
3198
3199static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3200 const CRYPTO_EX_DATA *from,
3201 void **from_d, int index,
3202 long argl, void *argp) {
3203 abort();
3204}
3205
3206static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3207 CRYPTO_EX_DATA *ad, int index,
3208 long argl, void *argp) {
3209 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3210 if (state == nullptr) {
3211 return;
3212 }
3213
3214 OPENSSL_free(state);
3215}
3216
3217static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3218static int g_ssl_test_ticket_aead_ex_index;
3219
3220static int ssl_test_ticket_aead_get_ex_index() {
3221 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3222 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3223 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3224 ssl_test_ticket_aead_ex_index_free);
3225 });
3226 return g_ssl_test_ticket_aead_ex_index;
3227}
3228
3229static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3230 return 1;
3231}
3232
3233static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3234 size_t max_out_len, const uint8_t *in,
3235 size_t in_len) {
3236 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3237 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3238
3239 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3240 max_out_len < in_len + 1) {
3241 return 0;
3242 }
3243
3244 OPENSSL_memmove(out, in, in_len);
3245 out[in_len] = 0xff;
3246 *out_len = in_len + 1;
3247
3248 return 1;
3249}
3250
3251static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3252 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3253 const uint8_t *in, size_t in_len) {
3254 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3255 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3256
3257 if (state->retry_count > 0) {
3258 state->retry_count--;
3259 return ssl_ticket_aead_retry;
3260 }
3261
3262 switch (state->failure_mode) {
3263 case ssl_test_ticket_aead_ok:
3264 break;
3265 case ssl_test_ticket_aead_seal_fail:
3266 // If |seal| failed then there shouldn't be any ticket to try and
3267 // decrypt.
3268 abort();
3269 break;
3270 case ssl_test_ticket_aead_open_soft_fail:
3271 return ssl_ticket_aead_ignore_ticket;
3272 case ssl_test_ticket_aead_open_hard_fail:
3273 return ssl_ticket_aead_error;
3274 }
3275
3276 if (in_len == 0 || in[in_len - 1] != 0xff) {
3277 return ssl_ticket_aead_ignore_ticket;
3278 }
3279
3280 if (max_out_len < in_len - 1) {
3281 return ssl_ticket_aead_error;
3282 }
3283
3284 OPENSSL_memmove(out, in, in_len - 1);
3285 *out_len = in_len - 1;
3286 return ssl_ticket_aead_success;
3287}
3288
3289static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3290 ssl_test_ticket_aead_max_overhead,
3291 ssl_test_ticket_aead_seal,
3292 ssl_test_ticket_aead_open,
3293};
3294
3295static void ConnectClientAndServerWithTicketMethod(
3296 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3297 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3298 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3299 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3300 ASSERT_TRUE(client);
3301 ASSERT_TRUE(server);
3302 SSL_set_connect_state(client.get());
3303 SSL_set_accept_state(server.get());
3304
3305 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3306 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3307 ASSERT_TRUE(state);
3308 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3309 state->retry_count = retry_count;
3310 state->failure_mode = failure_mode;
3311
3312 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3313 state));
3314
3315 SSL_set_session(client.get(), session);
3316
3317 BIO *bio1, *bio2;
3318 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3319
3320 // SSL_set_bio takes ownership.
3321 SSL_set_bio(client.get(), bio1, bio1);
3322 SSL_set_bio(server.get(), bio2, bio2);
3323
3324 if (CompleteHandshakes(client.get(), server.get())) {
3325 *out_client = std::move(client);
3326 *out_server = std::move(server);
3327 } else {
3328 out_client->reset();
3329 out_server->reset();
3330 }
3331}
3332
3333class TicketAEADMethodTest
3334 : public ::testing::TestWithParam<testing::tuple<
3335 uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>> {};
3336
3337TEST_P(TicketAEADMethodTest, Resume) {
3338 bssl::UniquePtr<X509> cert = GetTestCertificate();
3339 ASSERT_TRUE(cert);
3340 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3341 ASSERT_TRUE(key);
3342
3343 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3344 ASSERT_TRUE(server_ctx);
3345 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3346 ASSERT_TRUE(client_ctx);
3347
3348 const uint16_t version = testing::get<0>(GetParam());
3349 const unsigned retry_count = testing::get<1>(GetParam());
3350 const ssl_test_ticket_aead_failure_mode failure_mode =
3351 testing::get<2>(GetParam());
3352
3353 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3354 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3355 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3356 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3357 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3358 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3359
3360 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3361 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3362 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3363 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3364 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3365
3366 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3367
3368 bssl::UniquePtr<SSL> client, server;
3369 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3370 server_ctx.get(), retry_count,
3371 failure_mode, nullptr);
3372 switch (failure_mode) {
3373 case ssl_test_ticket_aead_ok:
3374 case ssl_test_ticket_aead_open_hard_fail:
3375 case ssl_test_ticket_aead_open_soft_fail:
3376 ASSERT_TRUE(client);
3377 break;
3378 case ssl_test_ticket_aead_seal_fail:
3379 EXPECT_FALSE(client);
3380 return;
3381 }
3382 EXPECT_FALSE(SSL_session_reused(client.get()));
3383 EXPECT_FALSE(SSL_session_reused(server.get()));
3384
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3385 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3386 SSL_read(client.get(), nullptr, 0);
3387
3388 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3389 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3390 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3391 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3392 switch (failure_mode) {
3393 case ssl_test_ticket_aead_ok:
3394 ASSERT_TRUE(client);
3395 EXPECT_TRUE(SSL_session_reused(client.get()));
3396 EXPECT_TRUE(SSL_session_reused(server.get()));
3397 break;
3398 case ssl_test_ticket_aead_seal_fail:
3399 abort();
3400 break;
3401 case ssl_test_ticket_aead_open_hard_fail:
3402 EXPECT_FALSE(client);
3403 break;
3404 case ssl_test_ticket_aead_open_soft_fail:
3405 ASSERT_TRUE(client);
3406 EXPECT_FALSE(SSL_session_reused(client.get()));
3407 EXPECT_FALSE(SSL_session_reused(server.get()));
3408 }
3409}
3410
3411INSTANTIATE_TEST_CASE_P(
3412 TicketAEADMethodTests, TicketAEADMethodTest,
3413 testing::Combine(
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3414 testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3415 testing::Values(0, 1, 2),
3416 testing::Values(ssl_test_ticket_aead_ok,
3417 ssl_test_ticket_aead_seal_fail,
3418 ssl_test_ticket_aead_open_soft_fail,
3419 ssl_test_ticket_aead_open_hard_fail)));
3420
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3421TEST(SSLTest, SSL3Method) {
3422 bssl::UniquePtr<X509> cert = GetTestCertificate();
3423 ASSERT_TRUE(cert);
3424
3425 // For compatibility, SSLv3_method should work up to SSL_CTX_new and SSL_new.
3426 bssl::UniquePtr<SSL_CTX> ssl3_ctx(SSL_CTX_new(SSLv3_method()));
3427 ASSERT_TRUE(ssl3_ctx);
3428 ASSERT_TRUE(SSL_CTX_use_certificate(ssl3_ctx.get(), cert.get()));
3429 bssl::UniquePtr<SSL> ssl(SSL_new(ssl3_ctx.get()));
3430 EXPECT_TRUE(ssl);
3431
3432 // Create a normal TLS context to test against.
3433 bssl::UniquePtr<SSL_CTX> tls_ctx(SSL_CTX_new(TLS_method()));
3434 ASSERT_TRUE(tls_ctx);
3435 ASSERT_TRUE(SSL_CTX_use_certificate(tls_ctx.get(), cert.get()));
3436
3437 // However, handshaking an SSLv3_method server should fail to resolve the
3438 // version range. Explicit calls to SSL_CTX_set_min_proto_version are the only
3439 // way to enable SSL 3.0.
3440 bssl::UniquePtr<SSL> client, server;
3441 EXPECT_FALSE(ConnectClientAndServer(&client, &server, tls_ctx.get(),
3442 ssl3_ctx.get(),
3443 nullptr /* no session */));
3444 uint32_t err = ERR_get_error();
3445 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3446 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3447
3448 // Likewise for SSLv3_method clients.
3449 EXPECT_FALSE(ConnectClientAndServer(&client, &server, ssl3_ctx.get(),
3450 tls_ctx.get(),
3451 nullptr /* no session */));
3452 err = ERR_get_error();
3453 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3454 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3455}
3456
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3457// TODO(davidben): Convert this file to GTest properly.
3458TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]3459 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3460 !TestSSL_SESSIONEncoding(kCustomSession) ||
3461 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3462 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3463 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3464 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3465 // Test the padding extension at TLS 1.2.
3466 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3467 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3468 // will be no PSK binder after the padding extension.
3469 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3470 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3471 // will be a PSK binder after the padding extension.
3472 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3473 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3474 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3475 !ForEachVersion(TestGetPeerCertificate) ||
3476 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3477 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3478 !ForEachVersion(TestSessionIDContext) ||
3479 !ForEachVersion(TestSessionTimeout) ||
3480 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3481 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3482 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3483 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3484 !ForEachVersion(TestAutoChain) ||
3485 !ForEachVersion(TestSSLWriteRetry)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3486 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3487 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3488}