Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 348f0d8db9c2a0eca0503ba654020209c579d552 / . / ssl / ssl_test.cc
blob: 898cd04b72f88d135f6c637c6089c7915a47a5e6 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]62 // True if this cipher list should fail in strict mode.
63 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]64};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]65
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]66struct CurveTest {
67 // The rule string to apply.
68 const char *rule;
69 // The list of expected curves, in order.
70 std::vector<uint16_t> expected;
71};
72
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]73static const CipherTest kCipherTests[] = {
74 // Selecting individual ciphers should work.
75 {
76 "ECDHE-ECDSA-CHACHA20-POLY1305:"
77 "ECDHE-RSA-CHACHA20-POLY1305:"
78 "ECDHE-ECDSA-AES128-GCM-SHA256:"
79 "ECDHE-RSA-AES128-GCM-SHA256",
80 {
81 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]82 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]83 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
84 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
85 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]86 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]87 },
88 // + reorders selected ciphers to the end, keeping their relative order.
89 {
90 "ECDHE-ECDSA-CHACHA20-POLY1305:"
91 "ECDHE-RSA-CHACHA20-POLY1305:"
92 "ECDHE-ECDSA-AES128-GCM-SHA256:"
93 "ECDHE-RSA-AES128-GCM-SHA256:"
94 "+aRSA",
95 {
96 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]97 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]99 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
100 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]101 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]102 },
103 // ! banishes ciphers from future selections.
104 {
105 "!aRSA:"
106 "ECDHE-ECDSA-CHACHA20-POLY1305:"
107 "ECDHE-RSA-CHACHA20-POLY1305:"
108 "ECDHE-ECDSA-AES128-GCM-SHA256:"
109 "ECDHE-RSA-AES128-GCM-SHA256",
110 {
111 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]112 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
113 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]114 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]115 },
116 // Multiple masks can be ANDed in a single rule.
117 {
118 "kRSA+AESGCM+AES128",
119 {
120 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]122 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]123 },
124 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]125 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]126 // ECDHE_RSA.
127 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]128 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]129 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]130 "AESGCM+AES128+aRSA",
131 {
132 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]133 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
134 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]135 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]136 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]137 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]138 {
139 "ECDHE-ECDSA-CHACHA20-POLY1305:"
140 "ECDHE-RSA-CHACHA20-POLY1305:"
141 "ECDHE-ECDSA-AES128-GCM-SHA256:"
142 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]143 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
149 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]150 true,
151 },
152 // Unknown selectors are no-ops, except in strict mode.
153 {
154 "ECDHE-ECDSA-CHACHA20-POLY1305:"
155 "ECDHE-RSA-CHACHA20-POLY1305:"
156 "ECDHE-ECDSA-AES128-GCM-SHA256:"
157 "ECDHE-RSA-AES128-GCM-SHA256:"
158 "-BOGUS2:+BOGUS3:!BOGUS4",
159 {
160 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
161 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
162 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
163 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
164 },
165 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]166 },
167 // Square brackets specify equi-preference groups.
168 {
169 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
170 "[ECDHE-RSA-CHACHA20-POLY1305]:"
171 "ECDHE-RSA-AES128-GCM-SHA256",
172 {
173 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]175 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]176 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
177 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]178 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]179 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]180 // Standard names may be used instead of OpenSSL names.
181 {
182 "[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]183 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]184 "[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
185 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
186 {
187 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
188 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
189 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
190 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
191 },
192 false,
193 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]194 // @STRENGTH performs a stable strength-sort of the selected ciphers and
195 // only the selected ciphers.
196 {
197 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]198 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]199 "!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]200 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]201 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]202 // Select ECDHE ones and sort them by strength. Ties should resolve
203 // based on the order above.
204 "kECDHE:@STRENGTH:-ALL:"
205 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
206 // by strength. Then RSA, backwards by strength.
207 "aRSA",
208 {
209 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
210 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]211 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]212 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
213 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
214 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]215 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]216 },
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]217 // Additional masks after @STRENGTH get silently discarded.
218 //
219 // TODO(davidben): Make this an error. If not silently discarded, they get
220 // interpreted as + opcodes which are very different.
221 {
222 "ECDHE-RSA-AES128-GCM-SHA256:"
223 "ECDHE-RSA-AES256-GCM-SHA384:"
224 "@STRENGTH+AES256",
225 {
226 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
227 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
228 },
229 false,
230 },
231 {
232 "ECDHE-RSA-AES128-GCM-SHA256:"
233 "ECDHE-RSA-AES256-GCM-SHA384:"
234 "@STRENGTH+AES256:"
235 "ECDHE-RSA-CHACHA20-POLY1305",
236 {
237 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
238 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
239 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
240 },
241 false,
242 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]243 // Exact ciphers may not be used in multi-part rules; they are treated
244 // as unknown aliases.
245 {
246 "ECDHE-ECDSA-AES128-GCM-SHA256:"
247 "ECDHE-RSA-AES128-GCM-SHA256:"
248 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
249 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
250 {
251 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
252 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
253 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]254 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]255 },
256 // SSLv3 matches everything that existed before TLS 1.2.
257 {
258 "AES128-SHA:AES128-SHA256:!SSLv3",
259 {
260 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
261 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]262 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]263 },
264 // TLSv1.2 matches everything added in TLS 1.2.
265 {
266 "AES128-SHA:AES128-SHA256:!TLSv1.2",
267 {
268 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
269 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]270 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]271 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]272 // The two directives have no intersection. But each component is valid, so
273 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]274 {
275 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
276 {
277 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
278 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
279 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]280 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]281 },
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]282 // Spaces, semi-colons and commas are separators.
283 {
284 "AES128-SHA: AES128-SHA256 AES256-SHA ,AES256-SHA256 ; AES128-GCM-SHA256",
285 {
286 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
287 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
288 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
289 {TLS1_CK_RSA_WITH_AES_256_SHA256, 0},
290 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
291 },
292 // …but not in strict mode.
293 true,
294 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]295};
296
297static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]298 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]299 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
300 "RSA]",
301 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]302 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]303 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]304 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]305 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]306 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]307 "",
308 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]309 // COMPLEMENTOFDEFAULT is empty.
310 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]311 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]312 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]313 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]314 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
315 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
316 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
317 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]318 // Opcode supplied, but missing selector.
319 "+",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]320 // Spaces are forbidden in equal-preference groups.
321 "[AES128-SHA | AES128-SHA256]",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]322};
323
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]324static const char *kMustNotIncludeNull[] = {
325 "ALL",
326 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]327 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]328 "FIPS",
329 "SHA",
330 "SHA1",
331 "RSA",
332 "SSLv3",
333 "TLSv1",
334 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]335};
336
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]337static const CurveTest kCurveTests[] = {
338 {
339 "P-256",
340 { SSL_CURVE_SECP256R1 },
341 },
342 {
343 "P-256:P-384:P-521:X25519",
344 {
345 SSL_CURVE_SECP256R1,
346 SSL_CURVE_SECP384R1,
347 SSL_CURVE_SECP521R1,
348 SSL_CURVE_X25519,
349 },
350 },
351};
352
353static const char *kBadCurvesLists[] = {
354 "",
355 ":",
356 "::",
357 "P-256::X25519",
358 "RSA:P-256",
359 "P-256:RSA",
360 "X25519:P-256:",
361 ":X25519:P-256",
362};
363
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]364static std::string CipherListToString(SSL_CTX *ctx) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]365 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]366 std::string ret;
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]367 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
368 for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
369 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
370 if (!in_group && SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]371 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]372 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]373 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]374 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]375 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]376 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]377 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]378 ret += SSL_CIPHER_get_name(cipher);
379 ret += "\n";
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]380 if (in_group && !SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]381 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]382 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]383 }
384 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]385 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]386}
387
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]388static bool CipherListsEqual(SSL_CTX *ctx,
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]389 const std::vector<ExpectedCipher> &expected) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]390 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
391 if (sk_SSL_CIPHER_num(ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]392 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]393 }
394
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]395 for (size_t i = 0; i < expected.size(); i++) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]396 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]397 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]398 expected[i].in_group_flag != !!SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]399 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]400 }
401 }
402
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]403 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]404}
405
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]406TEST(SSLTest, CipherRules) {
407 for (const CipherTest &t : kCipherTests) {
408 SCOPED_TRACE(t.rule);
409 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
410 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]411
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]412 // Test lax mode.
413 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]414 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]415 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]416 << CipherListToString(ctx.get());
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]417
418 // Test strict mode.
419 if (t.strict_fail) {
420 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
421 } else {
422 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]423 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]424 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]425 << CipherListToString(ctx.get());
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]426 }
427 }
428
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]429 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]430 SCOPED_TRACE(rule);
431 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
432 ASSERT_TRUE(ctx);
433
434 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]435 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]436 }
437
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]438 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]439 SCOPED_TRACE(rule);
440 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
441 ASSERT_TRUE(ctx);
442
443 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]444 for (const SSL_CIPHER *cipher : SSL_CTX_get_ciphers(ctx.get())) {
445 EXPECT_FALSE(SSL_CIPHER_is_NULL(cipher));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]446 }
447 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]448}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]449
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]450TEST(SSLTest, CurveRules) {
451 for (const CurveTest &t : kCurveTests) {
452 SCOPED_TRACE(t.rule);
453 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
454 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]455
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]456 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
457 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
458 for (size_t i = 0; i < t.expected.size(); i++) {
459 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]460 }
461 }
462
463 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]464 SCOPED_TRACE(rule);
465 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
466 ASSERT_TRUE(ctx);
467
468 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]469 ERR_clear_error();
470 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]471}
472
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]473// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]474static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]475 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]476 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
477 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
478 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
479 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
480 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
481 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
482 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
483 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
484 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
485 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
486 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
487 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
488 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
489 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
490 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
491 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
492 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
493 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
494 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
495 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
496 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
497 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
498 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
499 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
500 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
501 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
502 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
503 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
504 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]505 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]506
507// kCustomSession is a custom serialized SSL_SESSION generated by
508// filling in missing fields from |kOpenSSLSession|. This includes
509// providing |peer_sha256|, so |peer| is not serialized.
510static const char kCustomSession[] =
511 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
512 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
513 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
514 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
515 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
516 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
517 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
518 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
519
520// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
521static const char kBoringSSLSession[] =
522 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
523 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
524 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
525 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
526 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
527 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
528 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
529 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
530 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
531 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
532 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
533 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
534 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
535 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
536 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
537 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
538 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
539 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
540 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
541 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
542 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
543 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
544 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
545 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
546 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
547 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
548 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
549 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
550 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
551 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
552 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
553 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
554 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
555 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
556 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
557 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
558 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
559 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
560 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
561 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
562 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
563 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
564 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
565 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
566 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
567 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
568 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
569 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
570 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
571 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
572 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
573 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
574 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
575 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
576 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
577 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
578 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
579 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
580 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
581 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
582 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
583 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
584 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
585 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
586 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
587 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
588 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
589 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
590 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
591 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
592 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
593 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
594 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
595 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
596 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
597 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
598 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
599 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
600 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
601 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
602 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
603 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
604 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
605 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
606 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
607 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
608 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
609 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
610 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
611 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
612 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
613 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
614 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
615 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
616 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
617
618// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
619// the final (optional) element of |kCustomSession| with tag number 30.
620static const char kBadSessionExtraField[] =
621 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
622 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
623 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
624 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
625 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
626 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
627 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
628 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
629
630// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
631// the version of |kCustomSession| with 2.
632static const char kBadSessionVersion[] =
633 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
634 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
635 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
636 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
637 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
638 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
639 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
640 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
641
642// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
643// appended.
644static const char kBadSessionTrailingData[] =
645 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
646 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
647 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
648 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
649 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
650 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
651 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
652 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
653
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]654static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]655 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]656 if (!EVP_DecodedLength(&len, strlen(in))) {
657 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]658 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]659 }
660
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]661 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]662 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]663 strlen(in))) {
664 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]665 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]666 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]667 out->resize(len);
668 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]669}
670
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]671static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]672 const uint8_t *cptr;
673 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]674
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]675 // Decode the input.
676 std::vector<uint8_t> input;
677 if (!DecodeBase64(&input, input_b64)) {
678 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]679 }
680
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]682 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
683 if (!ssl_ctx) {
684 return false;
685 }
686 bssl::UniquePtr<SSL_SESSION> session(
687 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]688 if (!session) {
689 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]690 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]691 }
692
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]693 // Verify the SSL_SESSION encoding round-trips.
694 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]695 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]696 uint8_t *encoded_raw;
697 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]698 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]699 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]700 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]701 encoded.reset(encoded_raw);
702 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]703 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]704 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]705 hexdump(stderr, "Before: ", input.data(), input.size());
706 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]707 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]708 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]709
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]710 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]711 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]712 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]713 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]714 fprintf(stderr, "d2i_SSL_SESSION failed\n");
715 return false;
716 }
717
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 // Verify the SSL_SESSION encoding round-trips via the legacy API.
719 int len = i2d_SSL_SESSION(session.get(), NULL);
720 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]721 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]722 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]723 }
724
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]725 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
726 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]727 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]728 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]729 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]730
731 ptr = encoded.get();
732 len = i2d_SSL_SESSION(session.get(), &ptr);
733 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]734 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]735 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]736 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]737 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]738 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]740 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]741 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]742 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]743 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]744 }
745
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]746 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]747}
748
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]749static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
750 std::vector<uint8_t> input;
751 if (!DecodeBase64(&input, input_b64)) {
752 return false;
753 }
754
755 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]756 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
757 if (!ssl_ctx) {
758 return false;
759 }
760 bssl::UniquePtr<SSL_SESSION> session(
761 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]762 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]763 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]764 return false;
765 }
766 ERR_clear_error();
767 return true;
768}
769
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]770static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
771 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]772 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]773 ASSERT_TRUE(ctx);
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]774 EXPECT_EQ(min_version, ctx->conf_min_version);
775 EXPECT_EQ(max_version, ctx->conf_max_version);
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]776}
777
778TEST(SSLTest, DefaultVersion) {
779 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
780 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
781 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
782 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
783 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
784 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
785 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
786 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]787}
788
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame^]789TEST(SSLTest, CipherProperties) {
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]790 static const struct {
791 int id;
792 const char *standard_name;
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame^]793 int cipher_nid;
794 int digest_nid;
795 int kx_nid;
796 int auth_nid;
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]797 } kTests[] = {
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame^]798 {
799 SSL3_CK_RSA_DES_192_CBC3_SHA,
800 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
801 NID_des_ede3_cbc,
802 NID_sha1,
803 NID_kx_rsa,
804 NID_auth_rsa,
805 },
806 {
807 TLS1_CK_RSA_WITH_AES_128_SHA,
808 "TLS_RSA_WITH_AES_128_CBC_SHA",
809 NID_aes_128_cbc,
810 NID_sha1,
811 NID_kx_rsa,
812 NID_auth_rsa,
813 },
814 {
815 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
816 "TLS_PSK_WITH_AES_256_CBC_SHA",
817 NID_aes_256_cbc,
818 NID_sha1,
819 NID_kx_psk,
820 NID_auth_psk,
821 },
822 {
823 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
824 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
825 NID_aes_128_cbc,
826 NID_sha256,
827 NID_kx_ecdhe,
828 NID_auth_rsa,
829 },
830 {
831 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
832 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
833 NID_aes_256_cbc,
834 NID_sha384,
835 NID_kx_ecdhe,
836 NID_auth_rsa,
837 },
838 {
839 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
840 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
841 NID_aes_128_gcm,
842 NID_undef,
843 NID_kx_ecdhe,
844 NID_auth_rsa,
845 },
846 {
847 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
848 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
849 NID_aes_128_gcm,
850 NID_undef,
851 NID_kx_ecdhe,
852 NID_auth_ecdsa,
853 },
854 {
855 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
856 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
857 NID_aes_256_gcm,
858 NID_undef,
859 NID_kx_ecdhe,
860 NID_auth_ecdsa,
861 },
862 {
863 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
864 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
865 NID_aes_128_cbc,
866 NID_sha1,
867 NID_kx_ecdhe,
868 NID_auth_psk,
869 },
870 {
871 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
872 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
873 NID_chacha20_poly1305,
874 NID_undef,
875 NID_kx_ecdhe,
876 NID_auth_rsa,
877 },
878 {
879 TLS1_CK_AES_256_GCM_SHA384,
880 "TLS_AES_256_GCM_SHA384",
881 NID_aes_256_gcm,
882 NID_undef,
883 NID_kx_any,
884 NID_auth_any,
885 },
886 {
887 TLS1_CK_AES_128_GCM_SHA256,
888 "TLS_AES_128_GCM_SHA256",
889 NID_aes_128_gcm,
890 NID_undef,
891 NID_kx_any,
892 NID_auth_any,
893 },
894 {
895 TLS1_CK_CHACHA20_POLY1305_SHA256,
896 "TLS_CHACHA20_POLY1305_SHA256",
897 NID_chacha20_poly1305,
898 NID_undef,
899 NID_kx_any,
900 NID_auth_any,
901 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]902 };
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]903
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]904 for (const auto &t : kTests) {
905 SCOPED_TRACE(t.standard_name);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]906
907 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
908 ASSERT_TRUE(cipher);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]909 EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));
910
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]911 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
912 ASSERT_TRUE(rfc_name);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]913 EXPECT_STREQ(t.standard_name, rfc_name.get());
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame^]914
915 EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher));
916 EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher));
917 EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher));
918 EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher));
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]919 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]920}
921
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]922// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
923// version and ticket length or nullptr on failure.
924static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
925 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]926 std::vector<uint8_t> der;
927 if (!DecodeBase64(&der, kOpenSSLSession)) {
928 return nullptr;
929 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]930
931 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
932 if (!ssl_ctx) {
933 return nullptr;
934 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]935 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]936 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]937 if (!session) {
938 return nullptr;
939 }
940
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]941 session->ssl_version = version;
942
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]943 // Swap out the ticket for a garbage one.
944 OPENSSL_free(session->tlsext_tick);
945 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
946 if (session->tlsext_tick == nullptr) {
947 return nullptr;
948 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]949 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]950 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]951
952 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]953#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
954 session->time = 1234;
955#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]956 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]957#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]958 return session;
959}
960
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]961static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]962 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]963 if (!bio) {
964 return false;
965 }
966 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]967 BIO_up_ref(bio.get());
968 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]969 int ret = SSL_connect(ssl);
970 if (ret > 0) {
971 // SSL_connect should fail without a BIO to write to.
972 return false;
973 }
974 ERR_clear_error();
975
976 const uint8_t *client_hello;
977 size_t client_hello_len;
978 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
979 return false;
980 }
981 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
982 return true;
983}
984
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]985// GetClientHelloLen creates a client SSL connection with the specified version
986// and ticket length. It returns the length of the ClientHello, not including
987// the record header, on success and zero on error.
988static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
989 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]990 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]991 bssl::UniquePtr<SSL_SESSION> session =
992 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]993 if (!ctx || !session) {
994 return 0;
995 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]996
997 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]998 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]999 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]1000 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1001 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1002 return 0;
1003 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1004
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1005 std::vector<uint8_t> client_hello;
1006 if (!GetClientHello(ssl.get(), &client_hello) ||
1007 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1008 return 0;
1009 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1010
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1011 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1012}
1013
1014struct PaddingTest {
1015 size_t input_len, padded_len;
1016};
1017
1018static const PaddingTest kPaddingTests[] = {
1019 // ClientHellos of length below 0x100 do not require padding.
1020 {0xfe, 0xfe},
1021 {0xff, 0xff},
1022 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
1023 {0x100, 0x200},
1024 {0x123, 0x200},
1025 {0x1fb, 0x200},
1026 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
1027 // padding extension takes a minimum of four bytes plus one required content
1028 // byte. (To work around yet more server bugs, we avoid empty final
1029 // extensions.)
1030 {0x1fc, 0x201},
1031 {0x1fd, 0x202},
1032 {0x1fe, 0x203},
1033 {0x1ff, 0x204},
1034 // Finally, larger ClientHellos need no padding.
1035 {0x200, 0x200},
1036 {0x201, 0x201},
1037};
1038
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1039static bool TestPaddingExtension(uint16_t max_version,
1040 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1041 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1042 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1043 if (base_len == 0) {
1044 return false;
1045 }
1046
1047 for (const PaddingTest &test : kPaddingTests) {
1048 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1049 fprintf(stderr,
1050 "Baseline ClientHello too long (max_version = %04x, "
1051 "session_version = %04x).\n",
1052 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1053 return false;
1054 }
1055
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1056 size_t padded_len = GetClientHelloLen(max_version, session_version,
1057 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1058 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1059 fprintf(stderr,
1060 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1061 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1062 static_cast<unsigned>(test.input_len),
1063 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1064 static_cast<unsigned>(test.padded_len), max_version,
1065 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1066 return false;
1067 }
1068 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1069
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1070 return true;
1071}
1072
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1073// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1074// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1075TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1076 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1077 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1078 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1079 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1080
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]1081 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1082 ASSERT_TRUE(name);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1083
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]1084 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
1085 ASSERT_TRUE(name_dup);
1086
1087 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
1088 ASSERT_TRUE(stack);
1089
1090 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
1091 name_dup.release();
1092
1093 // |SSL_set_client_CA_list| takes ownership.
1094 SSL_set_client_CA_list(ssl.get(), stack.release());
1095
1096 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1097 ASSERT_TRUE(result);
1098 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1099 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1100}
1101
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1102static void AppendSession(SSL_SESSION *session, void *arg) {
1103 std::vector<SSL_SESSION*> *out =
1104 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1105 out->push_back(session);
1106}
1107
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1108// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1109// order.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1110static bool CacheEquals(SSL_CTX *ctx,
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1111 const std::vector<SSL_SESSION*> &expected) {
1112 // Check the linked list.
1113 SSL_SESSION *ptr = ctx->session_cache_head;
1114 for (SSL_SESSION *session : expected) {
1115 if (ptr != session) {
1116 return false;
1117 }
1118 // TODO(davidben): This is an absurd way to denote the end of the list.
1119 if (ptr->next ==
1120 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1121 ptr = nullptr;
1122 } else {
1123 ptr = ptr->next;
1124 }
1125 }
1126 if (ptr != nullptr) {
1127 return false;
1128 }
1129
1130 // Check the hash table.
1131 std::vector<SSL_SESSION*> actual, expected_copy;
1132 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1133 expected_copy = expected;
1134
1135 std::sort(actual.begin(), actual.end());
1136 std::sort(expected_copy.begin(), expected_copy.end());
1137
1138 return actual == expected_copy;
1139}
1140
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1141static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]1142 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1143 if (!ssl_ctx) {
1144 return nullptr;
1145 }
1146 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1147 if (!ret) {
1148 return nullptr;
1149 }
1150
1151 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1152 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1153 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1154 return ret;
1155}
1156
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1157// Test that the internal session cache behaves as expected.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1158TEST(SSLTest, InternalSessionCache) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1159 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1160 ASSERT_TRUE(ctx);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1161
1162 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1163 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1164 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1165 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1166 ASSERT_TRUE(session);
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1167 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1168 }
1169
1170 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1171
1172 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1173 for (const auto &session : sessions) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1174 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1175 }
1176
1177 // Only the last five should be in the list.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1178 ASSERT_TRUE(CacheEquals(
1179 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1180 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1181
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1182 // Inserting an element already in the cache should fail and leave the cache
1183 // unchanged.
1184 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1185 ASSERT_TRUE(CacheEquals(
1186 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1187 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1188
1189 // Although collisions should be impossible (256-bit session IDs), the cache
1190 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1191 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1192 ASSERT_TRUE(collision);
1193 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1194 ASSERT_TRUE(CacheEquals(
1195 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1196 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1197
1198 // Removing sessions behaves correctly.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1199 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1200 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1201 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1202
1203 // Removing sessions requires an exact match.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1204 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1205 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1206
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1207 // The cache remains unchanged.
1208 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1209 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1210}
1211
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1212static uint16_t EpochFromSequence(uint64_t seq) {
1213 return static_cast<uint16_t>(seq >> 48);
1214}
1215
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1216static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1217 static const char kCertPEM[] =
1218 "-----BEGIN CERTIFICATE-----\n"
1219 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1220 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1221 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1222 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1223 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1224 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1225 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1226 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1227 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1228 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1229 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1230 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1231 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1232 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1233 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1234 return bssl::UniquePtr<X509>(
1235 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1236}
1237
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1238static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1239 static const char kKeyPEM[] =
1240 "-----BEGIN RSA PRIVATE KEY-----\n"
1241 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1242 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1243 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1244 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1245 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1246 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1247 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1248 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1249 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1250 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1251 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1252 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1253 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1254 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1255 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1256 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1257 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1258}
1259
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1260static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1261 static const char kCertPEM[] =
1262 "-----BEGIN CERTIFICATE-----\n"
1263 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1264 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1265 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1266 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1267 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1268 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1269 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1270 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1271 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1272 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1273 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1274 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1275 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1276}
1277
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1278static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1279 static const char kKeyPEM[] =
1280 "-----BEGIN PRIVATE KEY-----\n"
1281 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1282 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1283 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1284 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1285 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1286 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1287 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1288}
1289
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1290static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1291 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1292 char *name, *header;
1293 uint8_t *data;
1294 long data_len;
1295 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1296 &data_len)) {
1297 return nullptr;
1298 }
1299 OPENSSL_free(name);
1300 OPENSSL_free(header);
1301
1302 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1303 CRYPTO_BUFFER_new(data, data_len, nullptr));
1304 OPENSSL_free(data);
1305 return ret;
1306}
1307
1308static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1309 static const char kCertPEM[] =
1310 "-----BEGIN CERTIFICATE-----\n"
1311 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1312 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1313 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1314 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1315 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1316 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1317 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1318 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1319 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1320 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1321 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1322 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1323 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1324 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1325 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1326 "1ngWZ7Ih\n"
1327 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1328 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1329}
1330
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1331static bssl::UniquePtr<X509> X509FromBuffer(
1332 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1333 if (!buffer) {
1334 return nullptr;
1335 }
1336 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1337 return bssl::UniquePtr<X509>(
1338 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1339}
1340
1341static bssl::UniquePtr<X509> GetChainTestCertificate() {
1342 return X509FromBuffer(GetChainTestCertificateBuffer());
1343}
1344
1345static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1346 static const char kCertPEM[] =
1347 "-----BEGIN CERTIFICATE-----\n"
1348 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1349 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1350 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1351 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1352 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1353 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1354 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1355 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1356 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1357 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1358 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1359 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1360 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1361 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1362 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1363 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1364 return BufferFromPEM(kCertPEM);
1365}
1366
1367static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1368 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1369}
1370
1371static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1372 static const char kKeyPEM[] =
1373 "-----BEGIN PRIVATE KEY-----\n"
1374 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1375 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1376 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1377 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1378 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1379 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1380 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1381 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1382 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1383 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1384 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1385 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1386 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1387 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1388 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1389 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1390 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1391 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1392 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1393 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1394 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1395 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1396 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1397 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1398 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1399 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1400 "-----END PRIVATE KEY-----\n";
1401 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1402 return bssl::UniquePtr<EVP_PKEY>(
1403 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1404}
1405
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]1406static const uint8_t kTestName[] = {
1407 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
1408 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1409 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
1410 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
1411 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
1412 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64,
1413};
1414
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1415static bool CompleteHandshakes(SSL *client, SSL *server) {
1416 // Drive both their handshakes to completion.
1417 for (;;) {
1418 int client_ret = SSL_do_handshake(client);
1419 int client_err = SSL_get_error(client, client_ret);
1420 if (client_err != SSL_ERROR_NONE &&
1421 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1422 client_err != SSL_ERROR_WANT_WRITE &&
1423 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1424 fprintf(stderr, "Client error: %d\n", client_err);
1425 return false;
1426 }
1427
1428 int server_ret = SSL_do_handshake(server);
1429 int server_err = SSL_get_error(server, server_ret);
1430 if (server_err != SSL_ERROR_NONE &&
1431 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1432 server_err != SSL_ERROR_WANT_WRITE &&
1433 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1434 fprintf(stderr, "Server error: %d\n", server_err);
1435 return false;
1436 }
1437
1438 if (client_ret == 1 && server_ret == 1) {
1439 break;
1440 }
1441 }
1442
1443 return true;
1444}
1445
1446static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1447 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1448 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1449 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1450 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1451 if (!client || !server) {
1452 return false;
1453 }
1454 SSL_set_connect_state(client.get());
1455 SSL_set_accept_state(server.get());
1456
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1457 SSL_set_session(client.get(), session);
1458
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1459 BIO *bio1, *bio2;
1460 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1461 return false;
1462 }
1463 // SSL_set_bio takes ownership.
1464 SSL_set_bio(client.get(), bio1, bio1);
1465 SSL_set_bio(server.get(), bio2, bio2);
1466
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1467 if (!CompleteHandshakes(client.get(), server.get())) {
1468 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1469 }
1470
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1471 *out_client = std::move(client);
1472 *out_server = std::move(server);
1473 return true;
1474}
1475
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1476static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1477 uint16_t version) {
1478 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1479 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1480 if (!server_ctx || !client_ctx ||
1481 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1482 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1483 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1484 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1485 return false;
1486 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1487
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1488 bssl::UniquePtr<X509> cert = GetTestCertificate();
1489 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1490 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1491 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1492 return false;
1493 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1494
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1495 bssl::UniquePtr<SSL> client, server;
1496 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1497 server_ctx.get(), nullptr /* no session */)) {
1498 return false;
1499 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1500
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1501 // Drain any post-handshake messages to ensure there are no unread records
1502 // on either end.
1503 uint8_t byte = 0;
1504 if (SSL_read(client.get(), &byte, 1) > 0 ||
1505 SSL_read(server.get(), &byte, 1) > 0) {
1506 fprintf(stderr, "Received unexpected data.\n");
1507 return false;
1508 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1509
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1510 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1511 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1512 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1513 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1514
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1515 if (is_dtls) {
1516 // Both client and server must be at epoch 1.
1517 if (EpochFromSequence(client_read_seq) != 1 ||
1518 EpochFromSequence(client_write_seq) != 1 ||
1519 EpochFromSequence(server_read_seq) != 1 ||
1520 EpochFromSequence(server_write_seq) != 1) {
1521 fprintf(stderr, "Bad epochs.\n");
1522 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1523 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1524
1525 // The next record to be written should exceed the largest received.
1526 if (client_write_seq <= server_read_seq ||
1527 server_write_seq <= client_read_seq) {
1528 fprintf(stderr, "Inconsistent sequence numbers.\n");
1529 return false;
1530 }
1531 } else {
1532 // The next record to be written should equal the next to be received.
1533 if (client_write_seq != server_read_seq ||
1534 server_write_seq != client_read_seq) {
1535 fprintf(stderr, "Inconsistent sequence numbers.\n");
1536 return false;
1537 }
1538 }
1539
1540 // Send a record from client to server.
1541 if (SSL_write(client.get(), &byte, 1) != 1 ||
1542 SSL_read(server.get(), &byte, 1) != 1) {
1543 fprintf(stderr, "Could not send byte.\n");
1544 return false;
1545 }
1546
1547 // The client write and server read sequence numbers should have
1548 // incremented.
1549 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1550 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1551 fprintf(stderr, "Sequence numbers did not increment.\n");
1552 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1553 }
1554
1555 return true;
1556}
1557
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1558static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1559 uint16_t version) {
1560 // SSL_shutdown is a no-op in DTLS.
1561 if (is_dtls) {
1562 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1563 }
1564
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1565 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1566 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1567 bssl::UniquePtr<X509> cert = GetTestCertificate();
1568 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1569 if (!client_ctx || !server_ctx || !cert || !key ||
1570 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1571 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1572 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1573 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1574 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1575 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1576 return false;
1577 }
1578
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1579 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1580 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1581 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1582 return false;
1583 }
1584
1585 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1586 // one side has shut down.
1587 if (SSL_shutdown(client.get()) != 0) {
1588 fprintf(stderr, "Could not shutdown.\n");
1589 return false;
1590 }
1591
1592 // Reading from the server should consume the EOF.
1593 uint8_t byte;
1594 if (SSL_read(server.get(), &byte, 1) != 0 ||
1595 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1596 fprintf(stderr, "Connection was not shut down cleanly.\n");
1597 return false;
1598 }
1599
1600 // However, the server may continue to write data and then shut down the
1601 // connection.
1602 byte = 42;
1603 if (SSL_write(server.get(), &byte, 1) != 1 ||
1604 SSL_read(client.get(), &byte, 1) != 1 ||
1605 byte != 42) {
1606 fprintf(stderr, "Could not send byte.\n");
1607 return false;
1608 }
1609
1610 // The server may then shutdown the connection.
1611 if (SSL_shutdown(server.get()) != 1 ||
1612 SSL_shutdown(client.get()) != 1) {
1613 fprintf(stderr, "Could not complete shutdown.\n");
1614 return false;
1615 }
1616
1617 return true;
1618}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1619
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1620TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1621 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1622 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1623 ASSERT_TRUE(client_ctx);
1624 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1625
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1626 bssl::UniquePtr<X509> cert = GetTestCertificate();
1627 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1628 ASSERT_TRUE(cert);
1629 ASSERT_TRUE(key);
1630 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1631 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1632
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1633 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1634 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1635 server_ctx.get(),
1636 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1637
1638 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjamin31b0c9b2017-07-20 14:49:15 -0400[diff] [blame]1639 bssl::UniquePtr<SSL_SESSION> session1 =
1640 bssl::SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1641 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1642
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1643 session1->not_resumable = 0;
1644
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1645 uint8_t *s0_bytes, *s1_bytes;
1646 size_t s0_len, s1_len;
1647
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1648 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1649 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1650
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1651 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1652 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1653
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1654 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1655}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1656
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1657static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]1658 EXPECT_EQ(rfd, SSL_get_fd(ssl));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1659 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1660 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1661
1662 // The wrapper BIOs are always equal when fds are equal, even if set
1663 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1664 if (rfd == wfd) {
1665 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1666 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1667}
1668
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1669TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1670 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1671 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1672
1673 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1674 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1675 ASSERT_TRUE(ssl);
1676 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1677 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1678 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1679
1680 // Test setting the same FD.
1681 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1682 ASSERT_TRUE(ssl);
1683 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1684 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1685
1686 // Test setting the same FD one side at a time.
1687 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1688 ASSERT_TRUE(ssl);
1689 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1690 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1691 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1692
1693 // Test setting the same FD in the other order.
1694 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1695 ASSERT_TRUE(ssl);
1696 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1697 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1698 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1699
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1700 // Test changing the read FD partway through.
1701 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1702 ASSERT_TRUE(ssl);
1703 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1704 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1705 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1706
1707 // Test changing the write FD partway through.
1708 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1709 ASSERT_TRUE(ssl);
1710 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1711 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1712 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1713
1714 // Test a no-op change to the read FD partway through.
1715 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1716 ASSERT_TRUE(ssl);
1717 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1718 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1719 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1720
1721 // Test a no-op change to the write FD partway through.
1722 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1723 ASSERT_TRUE(ssl);
1724 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1725 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1726 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1727
1728 // ASan builds will implicitly test that the internal |BIO| reference-counting
1729 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1730}
1731
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1732TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1733 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1734 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1735
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1736 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1737 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1738 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1739 ASSERT_TRUE(ssl);
1740 ASSERT_TRUE(bio1);
1741 ASSERT_TRUE(bio2);
1742 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1743
1744 // SSL_set_bio takes one reference when the parameters are the same.
1745 BIO_up_ref(bio1.get());
1746 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1747
1748 // Repeating the call does nothing.
1749 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1750
1751 // It takes one reference each when the parameters are different.
1752 BIO_up_ref(bio2.get());
1753 BIO_up_ref(bio3.get());
1754 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1755
1756 // Repeating the call does nothing.
1757 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1758
1759 // It takes one reference when changing only wbio.
1760 BIO_up_ref(bio1.get());
1761 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1762
1763 // It takes one reference when changing only rbio and the two are different.
1764 BIO_up_ref(bio3.get());
1765 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1766
1767 // If setting wbio to rbio, it takes no additional references.
1768 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1769
1770 // From there, wbio may be switched to something else.
1771 BIO_up_ref(bio1.get());
1772 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1773
1774 // If setting rbio to wbio, it takes no additional references.
1775 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1776
1777 // From there, rbio may be switched to something else, but, for historical
1778 // reasons, it takes a reference to both parameters.
1779 BIO_up_ref(bio1.get());
1780 BIO_up_ref(bio2.get());
1781 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1782
1783 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1784 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1785}
1786
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1787static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1788
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1789static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1790 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1791 bssl::UniquePtr<X509> cert = GetTestCertificate();
1792 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1793 if (!cert || !key) {
1794 return false;
1795 }
1796
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1797 // Configure both client and server to accept any certificate.
1798 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1799 if (!ctx ||
1800 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1801 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1802 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1803 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1804 return false;
1805 }
1806 SSL_CTX_set_verify(
1807 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1808 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1809
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1810 bssl::UniquePtr<SSL> client, server;
1811 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1812 nullptr /* no session */)) {
1813 return false;
1814 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1815
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1816 // Client and server should both see the leaf certificate.
1817 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1818 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1819 fprintf(stderr, "Server peer certificate did not match.\n");
1820 return false;
1821 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1822
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1823 peer.reset(SSL_get_peer_certificate(client.get()));
1824 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1825 fprintf(stderr, "Client peer certificate did not match.\n");
1826 return false;
1827 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1828
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1829 // However, for historical reasons, the X509 chain includes the leaf on the
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1830 // client, but does not on the server.
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1831 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1 ||
1832 sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client.get())) != 1) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1833 fprintf(stderr, "Client peer chain was incorrect.\n");
1834 return false;
1835 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1836
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1837 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0 ||
1838 sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server.get())) != 1) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1839 fprintf(stderr, "Server peer chain was incorrect.\n");
1840 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1841 }
1842
1843 return true;
1844}
1845
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1846static bool TestNoPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1847 uint16_t version) {
1848 bssl::UniquePtr<X509> cert = GetTestCertificate();
1849 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1850 if (!cert || !key) {
1851 return false;
1852 }
1853
1854 // Configure an anonymous client.
1855 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method)),
1856 client_ctx(SSL_CTX_new(method));
1857 if (!server_ctx || !client_ctx ||
1858 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1859 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
1860 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1861 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1862 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1863 !SSL_CTX_set_max_proto_version(client_ctx.get(), version)) {
1864 return false;
1865 }
1866 SSL_CTX_set_verify(
1867 server_ctx.get(), SSL_VERIFY_PEER, nullptr);
1868 SSL_CTX_set_cert_verify_callback(server_ctx.get(), VerifySucceed, NULL);
1869 SSL_CTX_set_cert_verify_callback(client_ctx.get(), VerifySucceed, NULL);
1870
1871 bssl::UniquePtr<SSL> client, server;
1872 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1873 server_ctx.get(), nullptr /* no session */)) {
1874 return false;
1875 }
1876
1877 // Client and server should both see the leaf certificate.
1878 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1879 if (peer ||
1880 SSL_get0_peer_certificates(server.get()) != nullptr) {
1881 fprintf(stderr, "Server peer certificate was non-null.\n");
1882 return false;
1883 }
1884
1885 return true;
1886}
1887
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1888static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1889 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1890 bssl::UniquePtr<X509> cert = GetTestCertificate();
1891 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1892 if (!cert || !key) {
1893 return false;
1894 }
1895
1896 uint8_t *cert_der = NULL;
1897 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1898 if (cert_der_len < 0) {
1899 return false;
1900 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1901 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1902
1903 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1904 SHA256(cert_der, cert_der_len, cert_sha256);
1905
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1906 // Configure both client and server to accept any certificate, but the
1907 // server must retain only the SHA-256 of the peer.
1908 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1909 if (!ctx ||
1910 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1911 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1912 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1913 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1914 return false;
1915 }
1916 SSL_CTX_set_verify(
1917 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1918 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1919 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1920
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1921 bssl::UniquePtr<SSL> client, server;
1922 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1923 nullptr /* no session */)) {
1924 return false;
1925 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1926
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1927 // The peer certificate has been dropped.
1928 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1929 if (peer) {
1930 fprintf(stderr, "Peer certificate was retained.\n");
1931 return false;
1932 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1933
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1934 SSL_SESSION *session = SSL_get_session(server.get());
1935 if (!session->peer_sha256_valid) {
1936 fprintf(stderr, "peer_sha256_valid was not set.\n");
1937 return false;
1938 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1939
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1940 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1941 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1942 fprintf(stderr, "peer_sha256 did not match.\n");
1943 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1944 }
1945
1946 return true;
1947}
1948
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1949static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1950 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1951 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1952 // Our default cipher list varies by CPU capabilities, so manually place the
1953 // ChaCha20 ciphers in front.
Matthew Braithwaite7e06de52017-04-10 15:52:14 -0700[diff] [blame]1954 const char* cipher_list = "CHACHA20:ALL";
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1955 if (!ctx ||
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]1956 // SSLv3 is off by default.
1957 !SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1958 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1959 !SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list)) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1960 return false;
1961 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1962
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1963 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1964 if (!ssl) {
1965 return false;
1966 }
1967 std::vector<uint8_t> client_hello;
1968 if (!GetClientHello(ssl.get(), &client_hello)) {
1969 return false;
1970 }
1971
1972 // Zero the client_random.
1973 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1974 1 + 3 + // handshake message header
1975 2; // client_version
1976 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1977 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1978 return false;
1979 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1980 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1981
1982 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1983 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1984 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1985 fprintf(stderr, "Got:\n\t");
1986 for (size_t i = 0; i < client_hello.size(); i++) {
1987 fprintf(stderr, "0x%02x, ", client_hello[i]);
1988 }
1989 fprintf(stderr, "\nWanted:\n\t");
1990 for (size_t i = 0; i < expected_len; i++) {
1991 fprintf(stderr, "0x%02x, ", expected[i]);
1992 }
1993 fprintf(stderr, "\n");
1994 return false;
1995 }
1996
1997 return true;
1998}
1999
2000// Tests that our ClientHellos do not change unexpectedly.
2001static bool TestClientHello() {
2002 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2003 0x16,
2004 0x03, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2005 0x00, 0x3b,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2006 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2007 0x00, 0x00, 0x37,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2008 0x03, 0x00,
2009 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2010 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2011 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2012 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2013 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2014 0x00, 0x10,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2015 0xc0, 0x09,
2016 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2017 0xc0, 0x0a,
2018 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2019 0x00, 0x2f,
2020 0x00, 0x35,
2021 0x00, 0x0a,
2022 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2023 };
2024 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
2025 sizeof(kSSL3ClientHello))) {
2026 return false;
2027 }
2028
2029 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2030 0x16,
2031 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2032 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2033 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2034 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2035 0x03, 0x01,
2036 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2037 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2038 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2039 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2040 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2041 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2042 0xc0, 0x09,
2043 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2044 0xc0, 0x0a,
2045 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2046 0x00, 0x2f,
2047 0x00, 0x35,
2048 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2049 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2050 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2051 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
2052 };
2053 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
2054 sizeof(kTLS1ClientHello))) {
2055 return false;
2056 }
2057
2058 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2059 0x16,
2060 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2061 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2062 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2063 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2064 0x03, 0x02,
2065 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2066 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2067 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2068 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2069 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2070 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2071 0xc0, 0x09,
2072 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2073 0xc0, 0x0a,
2074 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2075 0x00, 0x2f,
2076 0x00, 0x35,
2077 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2078 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2079 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2080 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
2081 };
2082 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
2083 sizeof(kTLS11ClientHello))) {
2084 return false;
2085 }
2086
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]2087 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
2088 // builds.
2089#if defined(BORINGSSL_ANDROID_SYSTEM)
2090 return true;
2091#endif
2092
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2093 static const uint8_t kTLS12ClientHello[] = {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2094 0x16,
2095 0x03, 0x01,
2096 0x00, 0x8e,
2097 0x01,
2098 0x00, 0x00, 0x8a,
2099 0x03, 0x03,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]2100 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2101 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2103 0x00, 0x2a,
2104 0xcc, 0xa9,
2105 0xcc, 0xa8,
2106 0xc0, 0x2b,
2107 0xc0, 0x2f,
2108 0xc0, 0x2c,
2109 0xc0, 0x30,
2110 0xc0, 0x09,
2111 0xc0, 0x23,
2112 0xc0, 0x13,
2113 0xc0, 0x27,
2114 0xc0, 0x0a,
2115 0xc0, 0x24,
2116 0xc0, 0x14,
2117 0xc0, 0x28,
2118 0x00, 0x9c,
2119 0x00, 0x9d,
2120 0x00, 0x2f,
2121 0x00, 0x3c,
2122 0x00, 0x35,
2123 0x00, 0x3d,
2124 0x00, 0x0a,
2125 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2126 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04,
2127 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08,
2128 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2129 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2130 };
2131 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
2132 sizeof(kTLS12ClientHello))) {
2133 return false;
2134 }
2135
2136 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
2137 // implementation has settled enough that it won't change.
2138
2139 return true;
2140}
2141
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2142static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2143
2144static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2145 // Save the most recent session.
2146 g_last_session.reset(session);
2147 return 1;
2148}
2149
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2150static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
Steven Valdeze831a812017-03-09 14:56:07 -0500[diff] [blame]2151 SSL_CTX *server_ctx) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2152 g_last_session = nullptr;
2153 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2154
2155 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2156 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2157 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2158 nullptr /* no session */)) {
2159 fprintf(stderr, "Failed to connect client and server.\n");
2160 return nullptr;
2161 }
2162
2163 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2164 SSL_read(client.get(), nullptr, 0);
2165
2166 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2167
2168 if (!g_last_session) {
2169 fprintf(stderr, "Client did not receive a session.\n");
2170 return nullptr;
2171 }
2172 return std::move(g_last_session);
2173}
2174
2175static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2176 SSL_SESSION *session,
2177 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2178 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2179 if (!ConnectClientAndServer(&client, &server, client_ctx,
2180 server_ctx, session)) {
2181 fprintf(stderr, "Failed to connect client and server.\n");
2182 return false;
2183 }
2184
2185 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2186 fprintf(stderr, "Client and server were inconsistent.\n");
2187 return false;
2188 }
2189
2190 bool was_reused = !!SSL_session_reused(client.get());
2191 if (was_reused != reused) {
2192 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
2193 was_reused ? "" : " not");
2194 return false;
2195 }
2196
2197 return true;
2198}
2199
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2200static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2201 SSL_CTX *server_ctx,
2202 SSL_SESSION *session) {
2203 g_last_session = nullptr;
2204 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2205
2206 bssl::UniquePtr<SSL> client, server;
2207 if (!ConnectClientAndServer(&client, &server, client_ctx,
2208 server_ctx, session)) {
2209 fprintf(stderr, "Failed to connect client and server.\n");
2210 return nullptr;
2211 }
2212
2213 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2214 fprintf(stderr, "Client and server were inconsistent.\n");
2215 return nullptr;
2216 }
2217
2218 if (!SSL_session_reused(client.get())) {
2219 fprintf(stderr, "Session was not reused.\n");
2220 return nullptr;
2221 }
2222
2223 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2224 SSL_read(client.get(), nullptr, 0);
2225
2226 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2227
2228 if (!g_last_session) {
2229 fprintf(stderr, "Client did not receive a renewed session.\n");
2230 return nullptr;
2231 }
2232 return std::move(g_last_session);
2233}
2234
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2235static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2236 static const uint8_t kContext[] = {3};
2237
2238 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2239 return SSL_TLSEXT_ERR_ALERT_FATAL;
2240 }
2241
2242 return SSL_TLSEXT_ERR_OK;
2243}
2244
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2245static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2246 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2247 bssl::UniquePtr<X509> cert = GetTestCertificate();
2248 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2249 if (!cert || !key) {
2250 return false;
2251 }
2252
2253 static const uint8_t kContext1[] = {1};
2254 static const uint8_t kContext2[] = {2};
2255
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2256 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2257 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2258 if (!server_ctx || !client_ctx ||
2259 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2260 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2261 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2262 sizeof(kContext1)) ||
2263 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2264 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2265 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2266 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2267 return false;
2268 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2269
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2270 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2271 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2272
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2273 bssl::UniquePtr<SSL_SESSION> session =
2274 CreateClientSession(client_ctx.get(), server_ctx.get());
2275 if (!session) {
2276 fprintf(stderr, "Error getting session.\n");
2277 return false;
2278 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2279
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2280 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2281 true /* expect session reused */)) {
2282 fprintf(stderr, "Error resuming session.\n");
2283 return false;
2284 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2285
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2286 // Change the session ID context.
2287 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2288 sizeof(kContext2))) {
2289 return false;
2290 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2291
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2292 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2293 false /* expect session not reused */)) {
2294 fprintf(stderr, "Error connecting with a different context.\n");
2295 return false;
2296 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2297
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2298 // Change the session ID context back and install an SNI callback to switch
2299 // it.
2300 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2301 sizeof(kContext1))) {
2302 return false;
2303 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2304
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2305 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2306 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2307
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2308 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2309 false /* expect session not reused */)) {
2310 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2311 return false;
2312 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2313
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2314 // Switch the session ID context with the early callback instead.
2315 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2316 SSL_CTX_set_select_certificate_cb(
2317 server_ctx.get(),
2318 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2319 static const uint8_t kContext[] = {3};
2320
2321 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2322 sizeof(kContext))) {
2323 return ssl_select_cert_error;
2324 }
2325
2326 return ssl_select_cert_success;
2327 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2328
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2329 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2330 false /* expect session not reused */)) {
2331 fprintf(stderr,
2332 "Error connecting with a context switch on early callback.\n");
2333 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2334 }
2335
2336 return true;
2337}
2338
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2339static timeval g_current_time;
2340
2341static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2342 *out_clock = g_current_time;
2343}
2344
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2345static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2346 out_clock->tv_sec = 1000;
2347 out_clock->tv_usec = 0;
2348}
2349
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2350static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2351 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2352 int encrypt) {
2353 static const uint8_t kZeros[16] = {0};
2354
2355 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2356 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2357 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2358 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2359 return 0;
2360 }
2361
2362 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2363 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2364 return -1;
2365 }
2366
2367 // Returning two from the callback in decrypt mode renews the
2368 // session in TLS 1.2 and below.
2369 return encrypt ? 1 : 2;
2370}
2371
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2372static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2373 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2374 return false;
2375 }
2376
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2377 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2378 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2379 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2380
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2381#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2382 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2383 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2384#else
2385 static const uint8_t kZeros[16] = {0};
2386 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2387 bssl::ScopedEVP_CIPHER_CTX ctx;
2388 int len1, len2;
2389 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2390 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2391 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2392 return false;
2393 }
2394
2395 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2396#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2397
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2398 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2399 if (!ssl_ctx) {
2400 return false;
2401 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2402 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2403 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2404 if (!server_session) {
2405 return false;
2406 }
2407
2408 *out = server_session->time;
2409 return true;
2410}
2411
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2412static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2413 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2414 bssl::UniquePtr<X509> cert = GetTestCertificate();
2415 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2416 if (!cert || !key) {
2417 return false;
2418 }
2419
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2420 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2421 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2422 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2423
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2424 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2425 // resumptions still perform ECDHE.
2426 const time_t timeout = version == TLS1_3_VERSION
2427 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2428 : SSL_DEFAULT_SESSION_TIMEOUT;
2429
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2430 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2431 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2432 if (!server_ctx || !client_ctx ||
2433 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2434 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2435 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2436 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2437 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2438 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2439 return false;
2440 }
2441
2442 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2443 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2444
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2445 // Both client and server must enforce session timeouts. We configure the
2446 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2447 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2448 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2449 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2450 } else {
2451 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2452 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2453 }
2454
2455 // Configure a ticket callback which renews tickets.
2456 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2457
2458 bssl::UniquePtr<SSL_SESSION> session =
2459 CreateClientSession(client_ctx.get(), server_ctx.get());
2460 if (!session) {
2461 fprintf(stderr, "Error getting session.\n");
2462 return false;
2463 }
2464
2465 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2466 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2467
2468 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2469 true /* expect session reused */)) {
2470 fprintf(stderr, "Error resuming session.\n");
2471 return false;
2472 }
2473
2474 // Advance the clock one more second.
2475 g_current_time.tv_sec++;
2476
2477 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2478 false /* expect session not reused */)) {
2479 fprintf(stderr, "Error resuming session.\n");
2480 return false;
2481 }
2482
2483 // Rewind the clock to before the session was minted.
2484 g_current_time.tv_sec = kStartTime - 1;
2485
2486 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2487 false /* expect session not reused */)) {
2488 fprintf(stderr, "Error resuming session.\n");
2489 return false;
2490 }
2491
2492 // SSL 3.0 cannot renew sessions.
2493 if (version == SSL3_VERSION) {
2494 continue;
2495 }
2496
2497 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2498 time_t new_start_time = kStartTime + timeout - 10;
2499 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2500 bssl::UniquePtr<SSL_SESSION> new_session =
2501 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2502 if (!new_session) {
2503 fprintf(stderr, "Error renewing session.\n");
2504 return false;
2505 }
2506
2507 // This new session is not the same object as before.
2508 if (session.get() == new_session.get()) {
2509 fprintf(stderr, "New and old sessions alias.\n");
2510 return false;
2511 }
2512
2513 // Check the sessions have timestamps measured from issuance.
2514 long session_time = 0;
2515 if (server_test) {
2516 if (!GetServerTicketTime(&session_time, new_session.get())) {
2517 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2518 return false;
2519 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2520 } else {
2521 session_time = new_session->time;
2522 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2523
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2524 if (session_time != g_current_time.tv_sec) {
2525 fprintf(stderr, "New session is not measured from issuance.\n");
2526 return false;
2527 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2528
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2529 if (version == TLS1_3_VERSION) {
2530 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2531 // lifetime TLS 1.3.
2532 g_current_time.tv_sec = new_start_time + timeout - 1;
2533 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2534 new_session.get(),
2535 true /* expect session reused */)) {
2536 fprintf(stderr, "Error resuming renewed session.\n");
2537 return false;
2538 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2539
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2540 // The new session expires after the new timeout.
2541 g_current_time.tv_sec = new_start_time + timeout + 1;
2542 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2543 new_session.get(),
2544 false /* expect session ot reused */)) {
2545 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2546 return false;
2547 }
2548
2549 // Renew the session until it begins just past the auth timeout.
2550 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2551 while (new_start_time < auth_end_time - 1000) {
2552 // Get as close as possible to target start time.
2553 new_start_time =
2554 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2555 g_current_time.tv_sec = new_start_time;
2556 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2557 new_session.get());
2558 if (!new_session) {
2559 fprintf(stderr, "Error renewing session.\n");
2560 return false;
2561 }
2562 }
2563
2564 // Now the session's lifetime is bound by the auth timeout.
2565 g_current_time.tv_sec = auth_end_time - 1;
2566 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2567 new_session.get(),
2568 true /* expect session reused */)) {
2569 fprintf(stderr, "Error resuming renewed session.\n");
2570 return false;
2571 }
2572
2573 g_current_time.tv_sec = auth_end_time + 1;
2574 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2575 new_session.get(),
2576 false /* expect session ot reused */)) {
2577 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2578 return false;
2579 }
2580 } else {
2581 // The new session is usable just before the old expiration.
2582 g_current_time.tv_sec = kStartTime + timeout - 1;
2583 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2584 new_session.get(),
2585 true /* expect session reused */)) {
2586 fprintf(stderr, "Error resuming renewed session.\n");
2587 return false;
2588 }
2589
2590 // Renewal does not extend the lifetime, so it is not usable beyond the
2591 // old expiration.
2592 g_current_time.tv_sec = kStartTime + timeout + 1;
2593 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2594 new_session.get(),
2595 false /* expect session not reused */)) {
2596 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2597 return false;
2598 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2599 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2600 }
2601
2602 return true;
2603}
2604
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2605static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2606 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2607 SSL_set_SSL_CTX(ssl, ctx);
2608 return SSL_TLSEXT_ERR_OK;
2609}
2610
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2611static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2612 uint16_t version) {
2613 // SSL 3.0 lacks extensions.
2614 if (version == SSL3_VERSION) {
2615 return true;
2616 }
2617
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2618 bssl::UniquePtr<X509> cert = GetTestCertificate();
2619 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2620 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2621 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2622 if (!cert || !key || !cert2 || !key2) {
2623 return false;
2624 }
2625
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2626 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2627 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2628
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2629 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2630 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2631
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2632 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2633 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2634 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2635 if (!server_ctx || !server_ctx2 || !client_ctx ||
2636 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2637 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2638 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2639 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2640 !SSL_CTX_set_signed_cert_timestamp_list(server_ctx2.get(), kSCTList,
2641 sizeof(kSCTList)) ||
2642 !SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2643 sizeof(kOCSPResponse)) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2644 // Historically signing preferences would be lost in some cases with the
2645 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2646 // this doesn't happen when |version| is TLS 1.2, configure the private
2647 // key to only sign SHA-256.
2648 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2649 1) ||
2650 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2651 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2652 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2653 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2654 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2655 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2656 return false;
2657 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2658
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2659 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2660 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2661
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2662 SSL_CTX_enable_signed_cert_timestamps(client_ctx.get());
2663 SSL_CTX_enable_ocsp_stapling(client_ctx.get());
2664
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2665 bssl::UniquePtr<SSL> client, server;
2666 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2667 server_ctx.get(), nullptr)) {
2668 fprintf(stderr, "Handshake failed.\n");
2669 return false;
2670 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2671
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2672 // The client should have received |cert2|.
2673 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2674 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2675 fprintf(stderr, "Incorrect certificate received.\n");
2676 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2677 }
2678
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2679 // The client should have received |server_ctx2|'s SCT list.
2680 const uint8_t *data;
2681 size_t len;
2682 SSL_get0_signed_cert_timestamp_list(client.get(), &data, &len);
2683 if (Bytes(kSCTList) != Bytes(data, len)) {
2684 fprintf(stderr, "Incorrect SCT list received.\n");
2685 return false;
2686 }
2687
2688 // The client should have received |server_ctx2|'s OCSP response.
2689 SSL_get0_ocsp_response(client.get(), &data, &len);
2690 if (Bytes(kOCSPResponse) != Bytes(data, len)) {
2691 fprintf(stderr, "Incorrect OCSP response received.\n");
2692 return false;
2693 }
2694
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2695 return true;
2696}
2697
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2698// Test that the early callback can swap the maximum version.
2699TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2700 bssl::UniquePtr<X509> cert = GetTestCertificate();
2701 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2702 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2703 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2704 ASSERT_TRUE(cert);
2705 ASSERT_TRUE(key);
2706 ASSERT_TRUE(server_ctx);
2707 ASSERT_TRUE(client_ctx);
2708 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2709 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2710 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2711 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2712
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2713 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2714 server_ctx.get(),
2715 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2716 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2717 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2718 }
2719
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2720 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2721 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2722
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2723 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2724 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2725 server_ctx.get(), nullptr));
2726 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2727}
2728
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2729TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2730 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2731 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2732
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2733 // Set valid TLS versions.
2734 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2735 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2736 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2737 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2738
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2739 // Invalid TLS versions are rejected.
2740 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2741 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2742 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2743 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2744 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2745 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2746
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2747 // Zero is the default version.
2748 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2749 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2750 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2751 EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2752
2753 // SSL 3.0 and TLS 1.3 are available, but not by default.
2754 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2755 EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2756 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2757 EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2758
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2759 // TLS1_3_DRAFT_VERSION is not an API-level version.
2760 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT_VERSION));
2761 ERR_clear_error();
2762
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2763 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2764 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2765
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2766 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2767 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2768 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2769 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2770
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2771 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2772 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2773 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2774 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2775 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2776 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2777 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2778 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2779
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2780 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2781 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2782 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2783 EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2784}
2785
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2786static const char *GetVersionName(uint16_t version) {
2787 switch (version) {
2788 case SSL3_VERSION:
2789 return "SSLv3";
2790 case TLS1_VERSION:
2791 return "TLSv1";
2792 case TLS1_1_VERSION:
2793 return "TLSv1.1";
2794 case TLS1_2_VERSION:
2795 return "TLSv1.2";
2796 case TLS1_3_VERSION:
2797 return "TLSv1.3";
2798 case DTLS1_VERSION:
2799 return "DTLSv1";
2800 case DTLS1_2_VERSION:
2801 return "DTLSv1.2";
2802 default:
2803 return "???";
2804 }
2805}
2806
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2807static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2808 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2809 bssl::UniquePtr<X509> cert = GetTestCertificate();
2810 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2811 if (!cert || !key) {
2812 return false;
2813 }
2814
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2815 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2816 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2817 bssl::UniquePtr<SSL> client, server;
2818 if (!server_ctx || !client_ctx ||
2819 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2820 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2821 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2822 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2823 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2824 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2825 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2826 server_ctx.get(), nullptr /* no session */)) {
2827 fprintf(stderr, "Failed to connect.\n");
2828 return false;
2829 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2830
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2831 if (SSL_version(client.get()) != version ||
2832 SSL_version(server.get()) != version) {
2833 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2834 SSL_version(client.get()), SSL_version(server.get()), version);
2835 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2836 }
2837
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2838 // Test the version name is reported as expected.
2839 const char *version_name = GetVersionName(version);
2840 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2841 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2842 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2843 SSL_get_version(client.get()), SSL_get_version(server.get()),
2844 version_name);
2845 return false;
2846 }
2847
2848 // Test SSL_SESSION reports the same name.
2849 const char *client_name =
2850 SSL_SESSION_get_version(SSL_get_session(client.get()));
2851 const char *server_name =
2852 SSL_SESSION_get_version(SSL_get_session(server.get()));
2853 if (strcmp(version_name, client_name) != 0 ||
2854 strcmp(version_name, server_name) != 0) {
2855 fprintf(stderr,
2856 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2857 client_name, server_name, version_name);
2858 return false;
2859 }
2860
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2861 return true;
2862}
2863
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2864// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2865// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2866static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2867 uint16_t version) {
2868 // SSL 3.0 lacks extensions.
2869 if (version == SSL3_VERSION) {
2870 return true;
2871 }
2872
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2873 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2874
2875 bssl::UniquePtr<X509> cert = GetTestCertificate();
2876 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2877 if (!cert || !key) {
2878 return false;
2879 }
2880
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2881 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2882 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2883 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2884 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2885 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2886 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2887 0) {
2888 return false;
2889 }
2890
2891 // The ALPN callback does not fail the handshake on error, so have the
2892 // callback write a boolean.
2893 std::pair<uint16_t, bool> callback_state(version, false);
2894 SSL_CTX_set_alpn_select_cb(
2895 ctx.get(),
2896 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2897 unsigned in_len, void *arg) -> int {
2898 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2899 if (SSL_get_pending_cipher(ssl) != nullptr &&
2900 SSL_version(ssl) == state->first) {
2901 state->second = true;
2902 }
2903 return SSL_TLSEXT_ERR_NOACK;
2904 },
2905 &callback_state);
2906
2907 bssl::UniquePtr<SSL> client, server;
2908 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2909 nullptr /* no session */)) {
2910 return false;
2911 }
2912
2913 if (!callback_state.second) {
2914 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2915 return false;
2916 }
2917
2918 return true;
2919}
2920
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2921static bool TestSSLClearSessionResumption(bool is_dtls,
2922 const SSL_METHOD *method,
2923 uint16_t version) {
2924 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2925 // API pattern.
2926 if (version == TLS1_3_VERSION) {
2927 return true;
2928 }
2929
2930 bssl::UniquePtr<X509> cert = GetTestCertificate();
2931 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2932 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2933 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2934 if (!cert || !key || !server_ctx || !client_ctx ||
2935 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2936 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2937 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2938 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2939 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2940 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2941 return false;
2942 }
2943
2944 // Connect a client and a server.
2945 bssl::UniquePtr<SSL> client, server;
2946 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2947 server_ctx.get(), nullptr /* no session */)) {
2948 return false;
2949 }
2950
2951 if (SSL_session_reused(client.get()) ||
2952 SSL_session_reused(server.get())) {
2953 fprintf(stderr, "Session unexpectedly reused.\n");
2954 return false;
2955 }
2956
2957 // Reset everything.
2958 if (!SSL_clear(client.get()) ||
2959 !SSL_clear(server.get())) {
2960 fprintf(stderr, "SSL_clear failed.\n");
2961 return false;
2962 }
2963
2964 // Attempt to connect a second time.
2965 if (!CompleteHandshakes(client.get(), server.get())) {
2966 fprintf(stderr, "Could not reuse SSL objects.\n");
2967 return false;
2968 }
2969
2970 // |SSL_clear| should implicitly offer the previous session to the server.
2971 if (!SSL_session_reused(client.get()) ||
2972 !SSL_session_reused(server.get())) {
2973 fprintf(stderr, "Session was not reused in second try.\n");
2974 return false;
2975 }
2976
2977 return true;
2978}
2979
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2980static bool ChainsEqual(STACK_OF(X509) *chain,
2981 const std::vector<X509 *> &expected) {
2982 if (sk_X509_num(chain) != expected.size()) {
2983 return false;
2984 }
2985
2986 for (size_t i = 0; i < expected.size(); i++) {
2987 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2988 return false;
2989 }
2990 }
2991
2992 return true;
2993}
2994
2995static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2996 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2997 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2998 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2999 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3000 if (!cert || !intermediate || !key) {
3001 return false;
3002 }
3003
3004 // Configure both client and server to accept any certificate. Add
3005 // |intermediate| to the cert store.
3006 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3007 if (!ctx ||
3008 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3009 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3010 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3011 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
3012 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
3013 intermediate.get())) {
3014 return false;
3015 }
3016 SSL_CTX_set_verify(
3017 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
3018 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
3019
3020 // By default, the client and server should each only send the leaf.
3021 bssl::UniquePtr<SSL> client, server;
3022 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3023 nullptr /* no session */)) {
3024 return false;
3025 }
3026
3027 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
3028 fprintf(stderr, "Client-received chain did not match.\n");
3029 return false;
3030 }
3031
3032 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
3033 fprintf(stderr, "Server-received chain did not match.\n");
3034 return false;
3035 }
3036
3037 // If auto-chaining is enabled, then the intermediate is sent.
3038 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
3039 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3040 nullptr /* no session */)) {
3041 return false;
3042 }
3043
3044 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
3045 {cert.get(), intermediate.get()})) {
3046 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
3047 return false;
3048 }
3049
3050 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
3051 {cert.get(), intermediate.get()})) {
3052 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
3053 return false;
3054 }
3055
3056 // Auto-chaining does not override explicitly-configured intermediates.
3057 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
3058 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3059 nullptr /* no session */)) {
3060 return false;
3061 }
3062
3063 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
3064 {cert.get(), cert.get()})) {
3065 fprintf(stderr,
3066 "Client-received chain did not match (auto-chaining, explicit "
3067 "intermediate).\n");
3068 return false;
3069 }
3070
3071 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
3072 {cert.get(), cert.get()})) {
3073 fprintf(stderr,
3074 "Server-received chain did not match (auto-chaining, explicit "
3075 "intermediate).\n");
3076 return false;
3077 }
3078
3079 return true;
3080}
3081
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3082static bool ExpectBadWriteRetry() {
3083 int err = ERR_get_error();
3084 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
3085 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
3086 char buf[ERR_ERROR_STRING_BUF_LEN];
3087 ERR_error_string_n(err, buf, sizeof(buf));
3088 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
3089 return false;
3090 }
3091
3092 if (ERR_peek_error() != 0) {
3093 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
3094 return false;
3095 }
3096
3097 return true;
3098}
3099
3100static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
3101 uint16_t version) {
3102 if (is_dtls) {
3103 return true;
3104 }
3105
3106 for (bool enable_partial_write : std::vector<bool>{false, true}) {
3107 // Connect a client and server.
3108 bssl::UniquePtr<X509> cert = GetTestCertificate();
3109 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3110 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3111 bssl::UniquePtr<SSL> client, server;
3112 if (!cert || !key || !ctx ||
3113 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3114 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3115 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3116 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
3117 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3118 nullptr /* no session */)) {
3119 return false;
3120 }
3121
3122 if (enable_partial_write) {
3123 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
3124 }
3125
3126 // Write without reading until the buffer is full and we have an unfinished
3127 // write. Keep a count so we may reread it again later. "hello!" will be
3128 // written in two chunks, "hello" and "!".
3129 char data[] = "hello!";
3130 static const int kChunkLen = 5; // The length of "hello".
3131 unsigned count = 0;
3132 for (;;) {
3133 int ret = SSL_write(client.get(), data, kChunkLen);
3134 if (ret <= 0) {
3135 int err = SSL_get_error(client.get(), ret);
3136 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
3137 break;
3138 }
3139 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
3140 return false;
3141 }
3142
3143 if (ret != 5) {
3144 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
3145 return false;
3146 }
3147
3148 count++;
3149 }
3150
3151 // Retrying with the same parameters is legal.
3152 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
3153 SSL_ERROR_WANT_WRITE) {
3154 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3155 return false;
3156 }
3157
3158 // Retrying with the same buffer but shorter length is not legal.
3159 if (SSL_get_error(client.get(),
3160 SSL_write(client.get(), data, kChunkLen - 1)) !=
3161 SSL_ERROR_SSL ||
3162 !ExpectBadWriteRetry()) {
3163 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3164 return false;
3165 }
3166
3167 // Retrying with a different buffer pointer is not legal.
3168 char data2[] = "hello";
3169 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
3170 kChunkLen)) != SSL_ERROR_SSL ||
3171 !ExpectBadWriteRetry()) {
3172 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3173 return false;
3174 }
3175
3176 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
3177 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
3178 if (SSL_get_error(client.get(),
3179 SSL_write(client.get(), data2, kChunkLen)) !=
3180 SSL_ERROR_WANT_WRITE) {
3181 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3182 return false;
3183 }
3184
3185 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
3186 if (SSL_get_error(client.get(),
3187 SSL_write(client.get(), data2, kChunkLen - 1)) !=
3188 SSL_ERROR_SSL ||
3189 !ExpectBadWriteRetry()) {
3190 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3191 return false;
3192 }
3193
3194 // Retrying with a larger buffer is legal.
3195 if (SSL_get_error(client.get(),
3196 SSL_write(client.get(), data, kChunkLen + 1)) !=
3197 SSL_ERROR_WANT_WRITE) {
3198 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3199 return false;
3200 }
3201
3202 // Drain the buffer.
3203 char buf[20];
3204 for (unsigned i = 0; i < count; i++) {
3205 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3206 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
3207 fprintf(stderr, "Failed to read initial records.\n");
3208 return false;
3209 }
3210 }
3211
3212 // Now that there is space, a retry with a larger buffer should flush the
3213 // pending record, skip over that many bytes of input (on assumption they
3214 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
3215 // is set, this will complete in two steps.
3216 char data3[] = "_____!";
3217 if (enable_partial_write) {
3218 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
3219 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
3220 fprintf(stderr, "SSL_write retry failed.\n");
3221 return false;
3222 }
3223 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3224 fprintf(stderr, "SSL_write retry failed.\n");
3225 return false;
3226 }
3227
3228 // Check the last write was correct. The data will be spread over two
3229 // records, so SSL_read returns twice.
3230 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3231 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3232 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3233 buf[0] != '!') {
3234 fprintf(stderr, "Failed to read write retry.\n");
3235 return false;
3236 }
3237 }
3238
3239 return true;
3240}
3241
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]3242static bool TestRecordCallback(bool is_dtls, const SSL_METHOD *method,
3243 uint16_t version) {
3244 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
3245 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
3246 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3247 if (!cert || !intermediate || !key) {
3248 return false;
3249 }
3250
3251 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3252 if (!ctx ||
3253 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3254 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3255 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3256 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
3257 return false;
3258 }
3259
3260 bool read_seen = false;
3261 bool write_seen = false;
3262 auto cb = [&](int is_write, int cb_version, int cb_type, const void *buf,
3263 size_t len, SSL *ssl) {
3264 if (cb_type != SSL3_RT_HEADER) {
3265 return;
3266 }
3267
3268 // The callback does not report a version for records.
3269 EXPECT_EQ(0, cb_version);
3270
3271 if (is_write) {
3272 write_seen = true;
3273 } else {
3274 read_seen = true;
3275 }
3276
3277 // Sanity-check that the record header is plausible.
3278 CBS cbs;
3279 CBS_init(&cbs, reinterpret_cast<const uint8_t *>(buf), len);
3280 uint8_t type;
3281 uint16_t record_version, length;
3282 ASSERT_TRUE(CBS_get_u8(&cbs, &type));
3283 ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
3284 EXPECT_TRUE(record_version == version ||
3285 record_version == (is_dtls ? DTLS1_VERSION : TLS1_VERSION))
3286 << "Invalid record version: " << record_version;
3287 if (is_dtls) {
3288 uint16_t epoch;
3289 ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
3290 EXPECT_TRUE(epoch == 0 || epoch == 1) << "Invalid epoch: " << epoch;
3291 ASSERT_TRUE(CBS_skip(&cbs, 6));
3292 }
3293 ASSERT_TRUE(CBS_get_u16(&cbs, &length));
3294 EXPECT_EQ(0u, CBS_len(&cbs));
3295 };
3296 using CallbackType = decltype(cb);
3297 SSL_CTX_set_msg_callback(
3298 ctx.get(), [](int is_write, int cb_version, int cb_type, const void *buf,
3299 size_t len, SSL *ssl, void *arg) {
3300 CallbackType *cb_ptr = reinterpret_cast<CallbackType *>(arg);
3301 (*cb_ptr)(is_write, cb_version, cb_type, buf, len, ssl);
3302 });
3303 SSL_CTX_set_msg_callback_arg(ctx.get(), &cb);
3304
3305 bssl::UniquePtr<SSL> client, server;
3306 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3307 nullptr /* no session */)) {
3308 return false;
3309 }
3310
3311 EXPECT_TRUE(read_seen);
3312 EXPECT_TRUE(write_seen);
3313 return true;
3314}
3315
3316
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3317static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3318 const SSL_METHOD *method,
3319 uint16_t version)) {
3320 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]3321 SSL3_VERSION,
3322 TLS1_VERSION,
3323 TLS1_1_VERSION,
3324 TLS1_2_VERSION,
3325// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3326#if !defined(BORINGSSL_ANDROID_SYSTEM)
3327 TLS1_3_VERSION,
3328#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3329 };
3330
3331 static uint16_t kDTLSVersions[] = {
3332 DTLS1_VERSION, DTLS1_2_VERSION,
3333 };
3334
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3335 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3336 if (!test_func(false, TLS_method(), version)) {
3337 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3338 return false;
3339 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3340 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3341
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3342 for (uint16_t version : kDTLSVersions) {
3343 if (!test_func(true, DTLS_method(), version)) {
3344 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3345 return false;
3346 }
3347 }
3348
3349 return true;
3350}
3351
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3352TEST(SSLTest, AddChainCertHack) {
3353 // Ensure that we don't accidently break the hack that we have in place to
3354 // keep curl and serf happy when they use an |X509| even after transfering
3355 // ownership.
3356
3357 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3358 ASSERT_TRUE(ctx);
3359 X509 *cert = GetTestCertificate().release();
3360 ASSERT_TRUE(cert);
3361 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3362
3363 // This should not trigger a use-after-free.
3364 X509_cmp(cert, cert);
3365}
3366
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3367TEST(SSLTest, GetCertificate) {
3368 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3369 ASSERT_TRUE(ctx);
3370 bssl::UniquePtr<X509> cert = GetTestCertificate();
3371 ASSERT_TRUE(cert);
3372 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3373 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3374 ASSERT_TRUE(ssl);
3375
3376 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3377 ASSERT_TRUE(cert2);
3378 X509 *cert3 = SSL_get_certificate(ssl.get());
3379 ASSERT_TRUE(cert3);
3380
3381 // The old and new certificates must be identical.
3382 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3383 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3384
3385 uint8_t *der = nullptr;
3386 long der_len = i2d_X509(cert.get(), &der);
3387 ASSERT_LT(0, der_len);
3388 bssl::UniquePtr<uint8_t> free_der(der);
3389
3390 uint8_t *der2 = nullptr;
3391 long der2_len = i2d_X509(cert2, &der2);
3392 ASSERT_LT(0, der2_len);
3393 bssl::UniquePtr<uint8_t> free_der2(der2);
3394
3395 uint8_t *der3 = nullptr;
3396 long der3_len = i2d_X509(cert3, &der3);
3397 ASSERT_LT(0, der3_len);
3398 bssl::UniquePtr<uint8_t> free_der3(der3);
3399
3400 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3401 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3402 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3403}
3404
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3405TEST(SSLTest, SetChainAndKeyMismatch) {
3406 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3407 ASSERT_TRUE(ctx);
3408
3409 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3410 ASSERT_TRUE(key);
3411 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3412 ASSERT_TRUE(leaf);
3413 std::vector<CRYPTO_BUFFER*> chain = {
3414 leaf.get(),
3415 };
3416
3417 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3418 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3419 key.get(), nullptr));
3420 ERR_clear_error();
3421}
3422
3423TEST(SSLTest, SetChainAndKey) {
3424 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3425 ASSERT_TRUE(client_ctx);
3426 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3427 ASSERT_TRUE(server_ctx);
3428
3429 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3430 ASSERT_TRUE(key);
3431 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3432 ASSERT_TRUE(leaf);
3433 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3434 GetChainTestIntermediateBuffer();
3435 ASSERT_TRUE(intermediate);
3436 std::vector<CRYPTO_BUFFER*> chain = {
3437 leaf.get(), intermediate.get(),
3438 };
3439 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3440 chain.size(), key.get(), nullptr));
3441
David Benjamin3a1dd462017-07-11 16:13:10 -0400[diff] [blame]3442 SSL_CTX_set_custom_verify(
3443 client_ctx.get(), SSL_VERIFY_PEER,
3444 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3445 return ssl_verify_ok;
3446 });
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3447
3448 bssl::UniquePtr<SSL> client, server;
3449 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3450 server_ctx.get(),
3451 nullptr /* no session */));
3452}
3453
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3454TEST(SSLTest, ClientCABuffers) {
3455 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3456 ASSERT_TRUE(client_ctx);
3457 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3458 ASSERT_TRUE(server_ctx);
3459
3460 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3461 ASSERT_TRUE(key);
3462 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3463 ASSERT_TRUE(leaf);
3464 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3465 GetChainTestIntermediateBuffer();
3466 ASSERT_TRUE(intermediate);
3467 std::vector<CRYPTO_BUFFER *> chain = {
3468 leaf.get(),
3469 intermediate.get(),
3470 };
3471 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3472 chain.size(), key.get(), nullptr));
3473
3474 bssl::UniquePtr<CRYPTO_BUFFER> ca_name(
3475 CRYPTO_BUFFER_new(kTestName, sizeof(kTestName), nullptr));
3476 ASSERT_TRUE(ca_name);
3477 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names(
3478 sk_CRYPTO_BUFFER_new_null());
3479 ASSERT_TRUE(ca_names);
3480 ASSERT_TRUE(sk_CRYPTO_BUFFER_push(ca_names.get(), ca_name.get()));
3481 ca_name.release();
3482 SSL_CTX_set0_client_CAs(server_ctx.get(), ca_names.release());
3483
3484 // Configure client and server to accept all certificates.
3485 SSL_CTX_set_custom_verify(
3486 client_ctx.get(), SSL_VERIFY_PEER,
3487 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3488 return ssl_verify_ok;
3489 });
3490 SSL_CTX_set_custom_verify(
3491 server_ctx.get(), SSL_VERIFY_PEER,
3492 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3493 return ssl_verify_ok;
3494 });
3495
3496 bool cert_cb_called = false;
3497 SSL_CTX_set_cert_cb(
3498 client_ctx.get(),
3499 [](SSL *ssl, void *arg) -> int {
3500 STACK_OF(CRYPTO_BUFFER) *peer_names =
3501 SSL_get0_server_requested_CAs(ssl);
3502 EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
3503 CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
3504 EXPECT_EQ(Bytes(kTestName), Bytes(CRYPTO_BUFFER_data(peer_name),
3505 CRYPTO_BUFFER_len(peer_name)));
3506 *reinterpret_cast<bool *>(arg) = true;
3507 return 1;
3508 },
3509 &cert_cb_called);
3510
3511 bssl::UniquePtr<SSL> client, server;
3512 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3513 server_ctx.get(),
3514 nullptr /* no session */));
3515 EXPECT_TRUE(cert_cb_called);
3516}
3517
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3518// Configuring the empty cipher list, though an error, should still modify the
3519// configuration.
3520TEST(SSLTest, EmptyCipherList) {
3521 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3522 ASSERT_TRUE(ctx);
3523
3524 // Initially, the cipher list is not empty.
3525 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3526
3527 // Configuring the empty cipher list fails.
3528 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3529 ERR_clear_error();
3530
3531 // But the cipher list is still updated to empty.
3532 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3533}
3534
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3535// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3536// test |SSL_TICKET_AEAD_METHOD| can fail.
3537enum ssl_test_ticket_aead_failure_mode {
3538 ssl_test_ticket_aead_ok = 0,
3539 ssl_test_ticket_aead_seal_fail,
3540 ssl_test_ticket_aead_open_soft_fail,
3541 ssl_test_ticket_aead_open_hard_fail,
3542};
3543
3544struct ssl_test_ticket_aead_state {
3545 unsigned retry_count;
3546 ssl_test_ticket_aead_failure_mode failure_mode;
3547};
3548
3549static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3550 const CRYPTO_EX_DATA *from,
3551 void **from_d, int index,
3552 long argl, void *argp) {
3553 abort();
3554}
3555
3556static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3557 CRYPTO_EX_DATA *ad, int index,
3558 long argl, void *argp) {
3559 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3560 if (state == nullptr) {
3561 return;
3562 }
3563
3564 OPENSSL_free(state);
3565}
3566
3567static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3568static int g_ssl_test_ticket_aead_ex_index;
3569
3570static int ssl_test_ticket_aead_get_ex_index() {
3571 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3572 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3573 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3574 ssl_test_ticket_aead_ex_index_free);
3575 });
3576 return g_ssl_test_ticket_aead_ex_index;
3577}
3578
3579static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3580 return 1;
3581}
3582
3583static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3584 size_t max_out_len, const uint8_t *in,
3585 size_t in_len) {
3586 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3587 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3588
3589 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3590 max_out_len < in_len + 1) {
3591 return 0;
3592 }
3593
3594 OPENSSL_memmove(out, in, in_len);
3595 out[in_len] = 0xff;
3596 *out_len = in_len + 1;
3597
3598 return 1;
3599}
3600
3601static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3602 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3603 const uint8_t *in, size_t in_len) {
3604 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3605 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3606
3607 if (state->retry_count > 0) {
3608 state->retry_count--;
3609 return ssl_ticket_aead_retry;
3610 }
3611
3612 switch (state->failure_mode) {
3613 case ssl_test_ticket_aead_ok:
3614 break;
3615 case ssl_test_ticket_aead_seal_fail:
3616 // If |seal| failed then there shouldn't be any ticket to try and
3617 // decrypt.
3618 abort();
3619 break;
3620 case ssl_test_ticket_aead_open_soft_fail:
3621 return ssl_ticket_aead_ignore_ticket;
3622 case ssl_test_ticket_aead_open_hard_fail:
3623 return ssl_ticket_aead_error;
3624 }
3625
3626 if (in_len == 0 || in[in_len - 1] != 0xff) {
3627 return ssl_ticket_aead_ignore_ticket;
3628 }
3629
3630 if (max_out_len < in_len - 1) {
3631 return ssl_ticket_aead_error;
3632 }
3633
3634 OPENSSL_memmove(out, in, in_len - 1);
3635 *out_len = in_len - 1;
3636 return ssl_ticket_aead_success;
3637}
3638
3639static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3640 ssl_test_ticket_aead_max_overhead,
3641 ssl_test_ticket_aead_seal,
3642 ssl_test_ticket_aead_open,
3643};
3644
3645static void ConnectClientAndServerWithTicketMethod(
3646 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3647 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3648 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3649 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3650 ASSERT_TRUE(client);
3651 ASSERT_TRUE(server);
3652 SSL_set_connect_state(client.get());
3653 SSL_set_accept_state(server.get());
3654
3655 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3656 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3657 ASSERT_TRUE(state);
3658 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3659 state->retry_count = retry_count;
3660 state->failure_mode = failure_mode;
3661
3662 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3663 state));
3664
3665 SSL_set_session(client.get(), session);
3666
3667 BIO *bio1, *bio2;
3668 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3669
3670 // SSL_set_bio takes ownership.
3671 SSL_set_bio(client.get(), bio1, bio1);
3672 SSL_set_bio(server.get(), bio2, bio2);
3673
3674 if (CompleteHandshakes(client.get(), server.get())) {
3675 *out_client = std::move(client);
3676 *out_server = std::move(server);
3677 } else {
3678 out_client->reset();
3679 out_server->reset();
3680 }
3681}
3682
3683class TicketAEADMethodTest
3684 : public ::testing::TestWithParam<testing::tuple<
3685 uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>> {};
3686
3687TEST_P(TicketAEADMethodTest, Resume) {
3688 bssl::UniquePtr<X509> cert = GetTestCertificate();
3689 ASSERT_TRUE(cert);
3690 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3691 ASSERT_TRUE(key);
3692
3693 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3694 ASSERT_TRUE(server_ctx);
3695 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3696 ASSERT_TRUE(client_ctx);
3697
3698 const uint16_t version = testing::get<0>(GetParam());
3699 const unsigned retry_count = testing::get<1>(GetParam());
3700 const ssl_test_ticket_aead_failure_mode failure_mode =
3701 testing::get<2>(GetParam());
3702
3703 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3704 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3705 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3706 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3707 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3708 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3709
3710 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3711 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3712 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3713 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3714 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3715
3716 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3717
3718 bssl::UniquePtr<SSL> client, server;
3719 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3720 server_ctx.get(), retry_count,
3721 failure_mode, nullptr);
3722 switch (failure_mode) {
3723 case ssl_test_ticket_aead_ok:
3724 case ssl_test_ticket_aead_open_hard_fail:
3725 case ssl_test_ticket_aead_open_soft_fail:
3726 ASSERT_TRUE(client);
3727 break;
3728 case ssl_test_ticket_aead_seal_fail:
3729 EXPECT_FALSE(client);
3730 return;
3731 }
3732 EXPECT_FALSE(SSL_session_reused(client.get()));
3733 EXPECT_FALSE(SSL_session_reused(server.get()));
3734
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3735 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3736 SSL_read(client.get(), nullptr, 0);
3737
3738 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3739 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3740 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3741 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3742 switch (failure_mode) {
3743 case ssl_test_ticket_aead_ok:
3744 ASSERT_TRUE(client);
3745 EXPECT_TRUE(SSL_session_reused(client.get()));
3746 EXPECT_TRUE(SSL_session_reused(server.get()));
3747 break;
3748 case ssl_test_ticket_aead_seal_fail:
3749 abort();
3750 break;
3751 case ssl_test_ticket_aead_open_hard_fail:
3752 EXPECT_FALSE(client);
3753 break;
3754 case ssl_test_ticket_aead_open_soft_fail:
3755 ASSERT_TRUE(client);
3756 EXPECT_FALSE(SSL_session_reused(client.get()));
3757 EXPECT_FALSE(SSL_session_reused(server.get()));
3758 }
3759}
3760
3761INSTANTIATE_TEST_CASE_P(
3762 TicketAEADMethodTests, TicketAEADMethodTest,
3763 testing::Combine(
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3764 testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3765 testing::Values(0, 1, 2),
3766 testing::Values(ssl_test_ticket_aead_ok,
3767 ssl_test_ticket_aead_seal_fail,
3768 ssl_test_ticket_aead_open_soft_fail,
3769 ssl_test_ticket_aead_open_hard_fail)));
3770
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3771TEST(SSLTest, SSL3Method) {
3772 bssl::UniquePtr<X509> cert = GetTestCertificate();
3773 ASSERT_TRUE(cert);
3774
3775 // For compatibility, SSLv3_method should work up to SSL_CTX_new and SSL_new.
3776 bssl::UniquePtr<SSL_CTX> ssl3_ctx(SSL_CTX_new(SSLv3_method()));
3777 ASSERT_TRUE(ssl3_ctx);
3778 ASSERT_TRUE(SSL_CTX_use_certificate(ssl3_ctx.get(), cert.get()));
3779 bssl::UniquePtr<SSL> ssl(SSL_new(ssl3_ctx.get()));
3780 EXPECT_TRUE(ssl);
3781
3782 // Create a normal TLS context to test against.
3783 bssl::UniquePtr<SSL_CTX> tls_ctx(SSL_CTX_new(TLS_method()));
3784 ASSERT_TRUE(tls_ctx);
3785 ASSERT_TRUE(SSL_CTX_use_certificate(tls_ctx.get(), cert.get()));
3786
3787 // However, handshaking an SSLv3_method server should fail to resolve the
3788 // version range. Explicit calls to SSL_CTX_set_min_proto_version are the only
3789 // way to enable SSL 3.0.
3790 bssl::UniquePtr<SSL> client, server;
3791 EXPECT_FALSE(ConnectClientAndServer(&client, &server, tls_ctx.get(),
3792 ssl3_ctx.get(),
3793 nullptr /* no session */));
3794 uint32_t err = ERR_get_error();
3795 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3796 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3797
3798 // Likewise for SSLv3_method clients.
3799 EXPECT_FALSE(ConnectClientAndServer(&client, &server, ssl3_ctx.get(),
3800 tls_ctx.get(),
3801 nullptr /* no session */));
3802 err = ERR_get_error();
3803 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3804 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3805}
3806
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]3807TEST(SSLTest, SelectNextProto) {
3808 uint8_t *result;
3809 uint8_t result_len;
3810
3811 // If there is an overlap, it should be returned.
3812 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3813 SSL_select_next_proto(&result, &result_len,
3814 (const uint8_t *)"\1a\2bb\3ccc", 9,
3815 (const uint8_t *)"\1x\1y\1a\1z", 8));
3816 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3817
3818 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3819 SSL_select_next_proto(&result, &result_len,
3820 (const uint8_t *)"\1a\2bb\3ccc", 9,
3821 (const uint8_t *)"\1x\1y\2bb\1z", 9));
3822 EXPECT_EQ(Bytes("bb"), Bytes(result, result_len));
3823
3824 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3825 SSL_select_next_proto(&result, &result_len,
3826 (const uint8_t *)"\1a\2bb\3ccc", 9,
3827 (const uint8_t *)"\1x\1y\3ccc\1z", 10));
3828 EXPECT_EQ(Bytes("ccc"), Bytes(result, result_len));
3829
3830 // Peer preference order takes precedence over local.
3831 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3832 SSL_select_next_proto(&result, &result_len,
3833 (const uint8_t *)"\1a\2bb\3ccc", 9,
3834 (const uint8_t *)"\3ccc\2bb\1a", 9));
3835 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3836
3837 // If there is no overlap, return the first local protocol.
3838 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3839 SSL_select_next_proto(&result, &result_len,
3840 (const uint8_t *)"\1a\2bb\3ccc", 9,
3841 (const uint8_t *)"\1x\2yy\3zzz", 9));
3842 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3843
3844 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3845 SSL_select_next_proto(&result, &result_len, nullptr, 0,
3846 (const uint8_t *)"\1x\2yy\3zzz", 9));
3847 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3848}
3849
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3850TEST(SSLTest, SealRecord) {
3851 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3852 server_ctx(SSL_CTX_new(TLS_method()));
3853 ASSERT_TRUE(client_ctx);
3854 ASSERT_TRUE(server_ctx);
3855
3856 bssl::UniquePtr<X509> cert = GetTestCertificate();
3857 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3858 ASSERT_TRUE(cert);
3859 ASSERT_TRUE(key);
3860 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3861 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3862
3863 bssl::UniquePtr<SSL> client, server;
3864 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3865 server_ctx.get(),
3866 nullptr /* no session */));
3867
3868 const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3869 std::vector<uint8_t> prefix(
3870 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3871 body(record.size()),
3872 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3873 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3874 bssl::MakeSpan(body), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3875 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3876
3877 std::vector<uint8_t> sealed;
3878 sealed.insert(sealed.end(), prefix.begin(), prefix.end());
3879 sealed.insert(sealed.end(), body.begin(), body.end());
3880 sealed.insert(sealed.end(), suffix.begin(), suffix.end());
3881 std::vector<uint8_t> sealed_copy = sealed;
3882
3883 bssl::Span<uint8_t> plaintext;
3884 size_t record_len;
3885 uint8_t alert = 255;
3886 EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
3887 bssl::MakeSpan(sealed)),
3888 bssl::OpenRecordResult::kOK);
3889 EXPECT_EQ(record_len, sealed.size());
3890 EXPECT_EQ(plaintext, record);
3891 EXPECT_EQ(255, alert);
3892}
3893
3894TEST(SSLTest, SealRecordInPlace) {
3895 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3896 server_ctx(SSL_CTX_new(TLS_method()));
3897 ASSERT_TRUE(client_ctx);
3898 ASSERT_TRUE(server_ctx);
3899
3900 bssl::UniquePtr<X509> cert = GetTestCertificate();
3901 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3902 ASSERT_TRUE(cert);
3903 ASSERT_TRUE(key);
3904 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3905 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3906
3907 bssl::UniquePtr<SSL> client, server;
3908 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3909 server_ctx.get(),
3910 nullptr /* no session */));
3911
3912 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3913 std::vector<uint8_t> record = plaintext;
3914 std::vector<uint8_t> prefix(
3915 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3916 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3917 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3918 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3919 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3920 record.insert(record.begin(), prefix.begin(), prefix.end());
3921 record.insert(record.end(), suffix.begin(), suffix.end());
3922
3923 bssl::Span<uint8_t> result;
3924 size_t record_len;
3925 uint8_t alert;
3926 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3927 bssl::MakeSpan(record)),
3928 bssl::OpenRecordResult::kOK);
3929 EXPECT_EQ(record_len, record.size());
3930 EXPECT_EQ(plaintext, result);
3931}
3932
3933TEST(SSLTest, SealRecordTrailingData) {
3934 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3935 server_ctx(SSL_CTX_new(TLS_method()));
3936 ASSERT_TRUE(client_ctx);
3937 ASSERT_TRUE(server_ctx);
3938
3939 bssl::UniquePtr<X509> cert = GetTestCertificate();
3940 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3941 ASSERT_TRUE(cert);
3942 ASSERT_TRUE(key);
3943 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3944 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3945
3946 bssl::UniquePtr<SSL> client, server;
3947 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3948 server_ctx.get(),
3949 nullptr /* no session */));
3950
3951 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3952 std::vector<uint8_t> record = plaintext;
3953 std::vector<uint8_t> prefix(
3954 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3955 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3956 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3957 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3958 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3959 record.insert(record.begin(), prefix.begin(), prefix.end());
3960 record.insert(record.end(), suffix.begin(), suffix.end());
3961 record.insert(record.end(), {5, 4, 3, 2, 1});
3962
3963 bssl::Span<uint8_t> result;
3964 size_t record_len;
3965 uint8_t alert;
3966 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3967 bssl::MakeSpan(record)),
3968 bssl::OpenRecordResult::kOK);
3969 EXPECT_EQ(record_len, record.size() - 5);
3970 EXPECT_EQ(plaintext, result);
3971}
3972
3973TEST(SSLTest, SealRecordInvalidSpanSize) {
3974 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3975 server_ctx(SSL_CTX_new(TLS_method()));
3976 ASSERT_TRUE(client_ctx);
3977 ASSERT_TRUE(server_ctx);
3978
3979 bssl::UniquePtr<X509> cert = GetTestCertificate();
3980 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3981 ASSERT_TRUE(cert);
3982 ASSERT_TRUE(key);
3983 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3984 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3985
3986 bssl::UniquePtr<SSL> client, server;
3987 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3988 server_ctx.get(),
3989 nullptr /* no session */));
3990
3991 std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3992 std::vector<uint8_t> prefix(
3993 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3994 body(record.size()),
3995 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3996
3997 auto expect_err = []() {
3998 int err = ERR_get_error();
3999 EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
4000 EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
4001 ERR_clear_error();
4002 };
4003 EXPECT_FALSE(bssl::SealRecord(
4004 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4005 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4006 expect_err();
4007 EXPECT_FALSE(bssl::SealRecord(
4008 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4009 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4010 expect_err();
4011
4012 EXPECT_FALSE(
4013 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
4014 bssl::MakeSpan(record.data(), record.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4015 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4016 expect_err();
4017 EXPECT_FALSE(
4018 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
4019 bssl::MakeSpan(record.data(), record.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4020 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4021 expect_err();
4022
4023 EXPECT_FALSE(bssl::SealRecord(
4024 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4025 bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4026 expect_err();
4027 EXPECT_FALSE(bssl::SealRecord(
4028 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]4029 bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]4030 expect_err();
4031}
4032
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]4033// TODO(davidben): Convert this file to GTest properly.
4034TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]4035 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]4036 !TestSSL_SESSIONEncoding(kCustomSession) ||
4037 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
4038 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
4039 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
4040 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]4041 // Test the padding extension at TLS 1.2.
4042 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
4043 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
4044 // will be no PSK binder after the padding extension.
4045 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
4046 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
4047 // will be a PSK binder after the padding extension.
4048 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4049 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]4050 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4051 !ForEachVersion(TestGetPeerCertificate) ||
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]4052 !ForEachVersion(TestNoPeerCertificate) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4053 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]4054 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4055 !ForEachVersion(TestSessionIDContext) ||
4056 !ForEachVersion(TestSessionTimeout) ||
4057 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]4058 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]4059 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]4060 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]4061 !ForEachVersion(TestAutoChain) ||
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]4062 !ForEachVersion(TestSSLWriteRetry) ||
4063 !ForEachVersion(TestRecordCallback)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]4064 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]4065 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]4066}