Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 34b4c829fd4c0803bb0fca6088814985205f900b / . / ssl / ssl_test.cc
blob: 4180463815d2b65ce8b43b54903185f7135d4eed [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]62 // True if this cipher list should fail in strict mode.
63 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]64};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]65
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]66struct CurveTest {
67 // The rule string to apply.
68 const char *rule;
69 // The list of expected curves, in order.
70 std::vector<uint16_t> expected;
71};
72
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]73static const CipherTest kCipherTests[] = {
74 // Selecting individual ciphers should work.
75 {
76 "ECDHE-ECDSA-CHACHA20-POLY1305:"
77 "ECDHE-RSA-CHACHA20-POLY1305:"
78 "ECDHE-ECDSA-AES128-GCM-SHA256:"
79 "ECDHE-RSA-AES128-GCM-SHA256",
80 {
81 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]82 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]83 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
84 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
85 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]86 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]87 },
88 // + reorders selected ciphers to the end, keeping their relative order.
89 {
90 "ECDHE-ECDSA-CHACHA20-POLY1305:"
91 "ECDHE-RSA-CHACHA20-POLY1305:"
92 "ECDHE-ECDSA-AES128-GCM-SHA256:"
93 "ECDHE-RSA-AES128-GCM-SHA256:"
94 "+aRSA",
95 {
96 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]97 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]99 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
100 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]101 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]102 },
103 // ! banishes ciphers from future selections.
104 {
105 "!aRSA:"
106 "ECDHE-ECDSA-CHACHA20-POLY1305:"
107 "ECDHE-RSA-CHACHA20-POLY1305:"
108 "ECDHE-ECDSA-AES128-GCM-SHA256:"
109 "ECDHE-RSA-AES128-GCM-SHA256",
110 {
111 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]112 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
113 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]114 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]115 },
116 // Multiple masks can be ANDed in a single rule.
117 {
118 "kRSA+AESGCM+AES128",
119 {
120 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]122 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]123 },
124 // - removes selected ciphers, but preserves their order for future
125 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
126 // ECDHE_RSA.
127 {
128 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
129 "AESGCM+AES128+aRSA",
130 {
131 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
132 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
133 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
134 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]135 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]136 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]137 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]138 {
139 "ECDHE-ECDSA-CHACHA20-POLY1305:"
140 "ECDHE-RSA-CHACHA20-POLY1305:"
141 "ECDHE-ECDSA-AES128-GCM-SHA256:"
142 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]143 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
149 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]150 true,
151 },
152 // Unknown selectors are no-ops, except in strict mode.
153 {
154 "ECDHE-ECDSA-CHACHA20-POLY1305:"
155 "ECDHE-RSA-CHACHA20-POLY1305:"
156 "ECDHE-ECDSA-AES128-GCM-SHA256:"
157 "ECDHE-RSA-AES128-GCM-SHA256:"
158 "-BOGUS2:+BOGUS3:!BOGUS4",
159 {
160 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
161 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
162 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
163 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
164 },
165 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]166 },
167 // Square brackets specify equi-preference groups.
168 {
169 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
170 "[ECDHE-RSA-CHACHA20-POLY1305]:"
171 "ECDHE-RSA-AES128-GCM-SHA256",
172 {
173 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]175 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]176 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
177 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]178 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]179 },
180 // @STRENGTH performs a stable strength-sort of the selected ciphers and
181 // only the selected ciphers.
182 {
183 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]184 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]185 "!kEDH:!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]186 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]187 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]188 // Select ECDHE ones and sort them by strength. Ties should resolve
189 // based on the order above.
190 "kECDHE:@STRENGTH:-ALL:"
191 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
192 // by strength. Then RSA, backwards by strength.
193 "aRSA",
194 {
195 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
196 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]197 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]198 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
199 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
200 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]201 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]202 },
203 // Exact ciphers may not be used in multi-part rules; they are treated
204 // as unknown aliases.
205 {
206 "ECDHE-ECDSA-AES128-GCM-SHA256:"
207 "ECDHE-RSA-AES128-GCM-SHA256:"
208 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
209 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
210 {
211 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
212 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
213 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]214 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]215 },
216 // SSLv3 matches everything that existed before TLS 1.2.
217 {
218 "AES128-SHA:AES128-SHA256:!SSLv3",
219 {
220 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
221 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]222 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]223 },
224 // TLSv1.2 matches everything added in TLS 1.2.
225 {
226 "AES128-SHA:AES128-SHA256:!TLSv1.2",
227 {
228 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
229 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]230 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]231 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]232 // The two directives have no intersection. But each component is valid, so
233 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]234 {
235 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
236 {
237 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
238 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
239 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]240 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]241 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]242};
243
244static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]245 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]246 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
247 "RSA]",
248 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]249 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]250 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]251 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]252 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]253 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]254 "",
255 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]256 // COMPLEMENTOFDEFAULT is empty.
257 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]258 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]259 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]260 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]261 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
262 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
263 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
264 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]265 // Opcode supplied, but missing selector.
266 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]267};
268
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]269static const char *kMustNotIncludeNull[] = {
270 "ALL",
271 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]272 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]273 "FIPS",
274 "SHA",
275 "SHA1",
276 "RSA",
277 "SSLv3",
278 "TLSv1",
279 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]280};
281
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]282static const CurveTest kCurveTests[] = {
283 {
284 "P-256",
285 { SSL_CURVE_SECP256R1 },
286 },
287 {
288 "P-256:P-384:P-521:X25519",
289 {
290 SSL_CURVE_SECP256R1,
291 SSL_CURVE_SECP384R1,
292 SSL_CURVE_SECP521R1,
293 SSL_CURVE_X25519,
294 },
295 },
296};
297
298static const char *kBadCurvesLists[] = {
299 "",
300 ":",
301 "::",
302 "P-256::X25519",
303 "RSA:P-256",
304 "P-256:RSA",
305 "X25519:P-256:",
306 ":X25519:P-256",
307};
308
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]309static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
310 bool in_group = false;
311 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]312 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
313 if (!in_group && list->in_group_flags[i]) {
314 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]315 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]316 }
317 fprintf(stderr, "\t");
318 if (in_group) {
319 fprintf(stderr, " ");
320 }
321 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
322 if (in_group && !list->in_group_flags[i]) {
323 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]324 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]325 }
326 }
327}
328
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]329static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]330 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]331 if (!ctx) {
332 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]333 }
334
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]335 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
336 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]337 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]338 }
339
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]340 if (!SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule) != t.strict_fail) {
341 fprintf(stderr, "Unexpected strict failure result testing cipher rule '%s':"
342 " expected %d\n", t.rule, t.strict_fail);
343 return false;
344 }
345
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]346 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]347 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
348 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
349 PrintCipherPreferenceList(ctx->cipher_list);
350 return false;
351 }
352
353 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]354 const SSL_CIPHER *cipher =
355 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]356 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
357 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
358 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]359 PrintCipherPreferenceList(ctx->cipher_list);
360 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]361 }
362 }
363
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]364 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]365}
366
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]367static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]368 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]369 if (!ctx) {
370 return false;
371 }
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]372 if (!SSL_CTX_set_strict_cipher_list(ctx.get(), rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]373 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
374 return false;
375 }
376 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
377 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
378 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
379 return false;
380 }
381 }
382 return true;
383}
384
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]385static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]386 for (const CipherTest &test : kCipherTests) {
387 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]388 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]389 }
390 }
391
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]392 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]393 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]394 if (!ctx) {
395 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]396 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]397 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
398 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]399 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]400 }
401 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]402 }
403
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]404 for (const char *rule : kMustNotIncludeNull) {
405 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]406 return false;
407 }
408 }
409
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]410 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]411}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]412
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]413static bool TestCurveRule(const CurveTest &t) {
414 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
415 if (!ctx) {
416 return false;
417 }
418
419 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
420 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
421 return false;
422 }
423
424 // Compare the two lists.
425 if (ctx->supported_group_list_len != t.expected.size()) {
426 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
427 return false;
428 }
429
430 for (size_t i = 0; i < t.expected.size(); i++) {
431 if (t.expected[i] != ctx->supported_group_list[i]) {
432 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
433 return false;
434 }
435 }
436
437 return true;
438}
439
440static bool TestCurveRules() {
441 for (const CurveTest &test : kCurveTests) {
442 if (!TestCurveRule(test)) {
443 return false;
444 }
445 }
446
447 for (const char *rule : kBadCurvesLists) {
448 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
449 if (!ctx) {
450 return false;
451 }
452 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
453 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
454 return false;
455 }
456 ERR_clear_error();
457 }
458
459 return true;
460}
461
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]462// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]463static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]464 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]465 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
466 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
467 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
468 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
469 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
470 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
471 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
472 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
473 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
474 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
475 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
476 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
477 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
478 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
479 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
480 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
481 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
482 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
483 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
484 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
485 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
486 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
487 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
488 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
489 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
490 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
491 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
492 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
493 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]494 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]495
496// kCustomSession is a custom serialized SSL_SESSION generated by
497// filling in missing fields from |kOpenSSLSession|. This includes
498// providing |peer_sha256|, so |peer| is not serialized.
499static const char kCustomSession[] =
500 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
501 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
502 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
503 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
504 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
505 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
506 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
507 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
508
509// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
510static const char kBoringSSLSession[] =
511 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
512 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
513 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
514 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
515 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
516 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
517 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
518 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
519 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
520 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
521 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
522 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
523 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
524 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
525 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
526 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
527 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
528 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
529 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
530 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
531 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
532 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
533 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
534 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
535 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
536 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
537 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
538 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
539 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
540 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
541 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
542 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
543 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
544 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
545 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
546 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
547 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
548 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
549 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
550 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
551 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
552 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
553 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
554 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
555 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
556 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
557 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
558 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
559 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
560 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
561 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
562 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
563 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
564 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
565 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
566 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
567 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
568 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
569 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
570 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
571 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
572 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
573 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
574 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
575 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
576 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
577 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
578 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
579 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
580 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
581 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
582 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
583 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
584 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
585 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
586 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
587 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
588 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
589 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
590 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
591 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
592 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
593 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
594 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
595 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
596 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
597 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
598 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
599 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
600 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
601 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
602 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
603 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
604 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
605 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
606
607// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
608// the final (optional) element of |kCustomSession| with tag number 30.
609static const char kBadSessionExtraField[] =
610 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
611 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
612 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
613 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
614 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
615 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
616 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
617 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
618
619// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
620// the version of |kCustomSession| with 2.
621static const char kBadSessionVersion[] =
622 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
623 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
624 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
625 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
626 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
627 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
628 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
629 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
630
631// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
632// appended.
633static const char kBadSessionTrailingData[] =
634 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
635 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
636 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
637 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
638 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
639 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
640 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
641 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
642
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]643static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]644 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]645 if (!EVP_DecodedLength(&len, strlen(in))) {
646 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]647 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]648 }
649
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]650 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]651 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]652 strlen(in))) {
653 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]654 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]655 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]656 out->resize(len);
657 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]658}
659
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]660static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]661 const uint8_t *cptr;
662 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]663
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]664 // Decode the input.
665 std::vector<uint8_t> input;
666 if (!DecodeBase64(&input, input_b64)) {
667 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]668 }
669
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]670 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]671 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
672 if (!ssl_ctx) {
673 return false;
674 }
675 bssl::UniquePtr<SSL_SESSION> session(
676 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]677 if (!session) {
678 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]679 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]680 }
681
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]682 // Verify the SSL_SESSION encoding round-trips.
683 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]684 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 uint8_t *encoded_raw;
686 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]687 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]688 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]689 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]690 encoded.reset(encoded_raw);
691 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]692 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]693 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]694 hexdump(stderr, "Before: ", input.data(), input.size());
695 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]696 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]697 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]698
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]699 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]700 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]701 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]702 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]703 fprintf(stderr, "d2i_SSL_SESSION failed\n");
704 return false;
705 }
706
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]707 // Verify the SSL_SESSION encoding round-trips via the legacy API.
708 int len = i2d_SSL_SESSION(session.get(), NULL);
709 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]710 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]711 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]712 }
713
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]714 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
715 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]716 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]717 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]718 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]719
720 ptr = encoded.get();
721 len = i2d_SSL_SESSION(session.get(), &ptr);
722 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]723 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]724 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]725 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]726 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]727 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]728 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]729 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]730 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]731 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]732 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]733 }
734
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]735 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]736}
737
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]738static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
739 std::vector<uint8_t> input;
740 if (!DecodeBase64(&input, input_b64)) {
741 return false;
742 }
743
744 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]745 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
746 if (!ssl_ctx) {
747 return false;
748 }
749 bssl::UniquePtr<SSL_SESSION> session(
750 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]751 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]752 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]753 return false;
754 }
755 ERR_clear_error();
756 return true;
757}
758
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]759static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]760 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]761 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]762 if (!ctx) {
763 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]764 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]765 if (ctx->min_version != min_version || ctx->max_version != max_version) {
766 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
767 ctx->min_version, ctx->max_version, min_version, max_version);
768 return false;
769 }
770 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]771}
772
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]773static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]774 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
775 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]776 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]777 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]778 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]779 if (!rfc_name) {
780 return false;
781 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]782 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]783 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]784}
785
786typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]787 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]788 const char *rfc_name;
789} CIPHER_RFC_NAME_TEST;
790
791static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]792 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
793 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
794 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
795 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
796 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
797 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
798 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
799 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
800 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
801 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
802 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
803 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
804 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
805 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
806 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
807 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
808 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
809 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
810 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
811 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
812 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
813 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]814};
815
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]816static bool TestCipherGetRFCName(void) {
817 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]818 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]819 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]820 std::string rfc_name;
821 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
822 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
823 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]824 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]825 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]826 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]827 rfc_name.c_str(), test->rfc_name);
828 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]829 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]830 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]831 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]832}
833
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]834// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
835// version and ticket length or nullptr on failure.
836static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
837 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]838 std::vector<uint8_t> der;
839 if (!DecodeBase64(&der, kOpenSSLSession)) {
840 return nullptr;
841 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]842
843 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
844 if (!ssl_ctx) {
845 return nullptr;
846 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]847 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]848 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]849 if (!session) {
850 return nullptr;
851 }
852
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]853 session->ssl_version = version;
854
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]855 // Swap out the ticket for a garbage one.
856 OPENSSL_free(session->tlsext_tick);
857 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
858 if (session->tlsext_tick == nullptr) {
859 return nullptr;
860 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]861 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]862 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]863
864 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]865#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
866 session->time = 1234;
867#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]868 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]869#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]870 return session;
871}
872
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]873static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]874 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]875 if (!bio) {
876 return false;
877 }
878 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]879 BIO_up_ref(bio.get());
880 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]881 int ret = SSL_connect(ssl);
882 if (ret > 0) {
883 // SSL_connect should fail without a BIO to write to.
884 return false;
885 }
886 ERR_clear_error();
887
888 const uint8_t *client_hello;
889 size_t client_hello_len;
890 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
891 return false;
892 }
893 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
894 return true;
895}
896
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]897// GetClientHelloLen creates a client SSL connection with the specified version
898// and ticket length. It returns the length of the ClientHello, not including
899// the record header, on success and zero on error.
900static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
901 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]902 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]903 bssl::UniquePtr<SSL_SESSION> session =
904 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]905 if (!ctx || !session) {
906 return 0;
907 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]908
909 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]910 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]911 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]912 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]913 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]914 return 0;
915 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]916
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]917 std::vector<uint8_t> client_hello;
918 if (!GetClientHello(ssl.get(), &client_hello) ||
919 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]920 return 0;
921 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]922
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]923 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]924}
925
926struct PaddingTest {
927 size_t input_len, padded_len;
928};
929
930static const PaddingTest kPaddingTests[] = {
931 // ClientHellos of length below 0x100 do not require padding.
932 {0xfe, 0xfe},
933 {0xff, 0xff},
934 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
935 {0x100, 0x200},
936 {0x123, 0x200},
937 {0x1fb, 0x200},
938 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
939 // padding extension takes a minimum of four bytes plus one required content
940 // byte. (To work around yet more server bugs, we avoid empty final
941 // extensions.)
942 {0x1fc, 0x201},
943 {0x1fd, 0x202},
944 {0x1fe, 0x203},
945 {0x1ff, 0x204},
946 // Finally, larger ClientHellos need no padding.
947 {0x200, 0x200},
948 {0x201, 0x201},
949};
950
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]951static bool TestPaddingExtension(uint16_t max_version,
952 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]953 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]954 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]955 if (base_len == 0) {
956 return false;
957 }
958
959 for (const PaddingTest &test : kPaddingTests) {
960 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]961 fprintf(stderr,
962 "Baseline ClientHello too long (max_version = %04x, "
963 "session_version = %04x).\n",
964 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]965 return false;
966 }
967
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]968 size_t padded_len = GetClientHelloLen(max_version, session_version,
969 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]970 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]971 fprintf(stderr,
972 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
973 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]974 static_cast<unsigned>(test.input_len),
975 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]976 static_cast<unsigned>(test.padded_len), max_version,
977 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]978 return false;
979 }
980 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]981
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]982 return true;
983}
984
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]985// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
986// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]987TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]988 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]989 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]990 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]991 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]992
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]993 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
994 ASSERT_TRUE(name);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]995
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame^]996 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
997 ASSERT_TRUE(name_dup);
998
999 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
1000 ASSERT_TRUE(stack);
1001
1002 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
1003 name_dup.release();
1004
1005 // |SSL_set_client_CA_list| takes ownership.
1006 SSL_set_client_CA_list(ssl.get(), stack.release());
1007
1008 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1009 ASSERT_TRUE(result);
1010 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1011 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1012}
1013
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1014static void AppendSession(SSL_SESSION *session, void *arg) {
1015 std::vector<SSL_SESSION*> *out =
1016 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1017 out->push_back(session);
1018}
1019
1020// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
1021// order.
1022static bool ExpectCache(SSL_CTX *ctx,
1023 const std::vector<SSL_SESSION*> &expected) {
1024 // Check the linked list.
1025 SSL_SESSION *ptr = ctx->session_cache_head;
1026 for (SSL_SESSION *session : expected) {
1027 if (ptr != session) {
1028 return false;
1029 }
1030 // TODO(davidben): This is an absurd way to denote the end of the list.
1031 if (ptr->next ==
1032 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1033 ptr = nullptr;
1034 } else {
1035 ptr = ptr->next;
1036 }
1037 }
1038 if (ptr != nullptr) {
1039 return false;
1040 }
1041
1042 // Check the hash table.
1043 std::vector<SSL_SESSION*> actual, expected_copy;
1044 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1045 expected_copy = expected;
1046
1047 std::sort(actual.begin(), actual.end());
1048 std::sort(expected_copy.begin(), expected_copy.end());
1049
1050 return actual == expected_copy;
1051}
1052
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1053static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]1054 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1055 if (!ssl_ctx) {
1056 return nullptr;
1057 }
1058 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1059 if (!ret) {
1060 return nullptr;
1061 }
1062
1063 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1064 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1065 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1066 return ret;
1067}
1068
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1069// Test that the internal session cache behaves as expected.
1070static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1071 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1072 if (!ctx) {
1073 return false;
1074 }
1075
1076 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1077 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1078 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1079 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1080 if (!session) {
1081 return false;
1082 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1083 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1084 }
1085
1086 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1087
1088 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1089 for (const auto &session : sessions) {
1090 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1091 return false;
1092 }
1093 }
1094
1095 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1096 std::vector<SSL_SESSION*> expected = {
1097 sessions[9].get(),
1098 sessions[8].get(),
1099 sessions[7].get(),
1100 sessions[6].get(),
1101 sessions[5].get(),
1102 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1103 if (!ExpectCache(ctx.get(), expected)) {
1104 return false;
1105 }
1106
1107 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1108 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1109 !ExpectCache(ctx.get(), expected)) {
1110 return false;
1111 }
1112
1113 // Although collisions should be impossible (256-bit session IDs), the cache
1114 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1115 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1116 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1117 return false;
1118 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1119 expected = {
1120 collision.get(),
1121 sessions[9].get(),
1122 sessions[8].get(),
1123 sessions[6].get(),
1124 sessions[5].get(),
1125 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1126 if (!ExpectCache(ctx.get(), expected)) {
1127 return false;
1128 }
1129
1130 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1131 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1132 return false;
1133 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1134 expected = {
1135 collision.get(),
1136 sessions[9].get(),
1137 sessions[8].get(),
1138 sessions[5].get(),
1139 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1140 if (!ExpectCache(ctx.get(), expected)) {
1141 return false;
1142 }
1143
1144 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1145 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1146 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1147 !ExpectCache(ctx.get(), expected)) {
1148 return false;
1149 }
1150
1151 return true;
1152}
1153
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1154static uint16_t EpochFromSequence(uint64_t seq) {
1155 return static_cast<uint16_t>(seq >> 48);
1156}
1157
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1158static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1159 static const char kCertPEM[] =
1160 "-----BEGIN CERTIFICATE-----\n"
1161 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1162 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1163 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1164 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1165 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1166 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1167 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1168 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1169 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1170 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1171 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1172 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1173 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1174 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1175 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1176 return bssl::UniquePtr<X509>(
1177 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1178}
1179
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1180static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1181 static const char kKeyPEM[] =
1182 "-----BEGIN RSA PRIVATE KEY-----\n"
1183 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1184 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1185 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1186 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1187 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1188 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1189 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1190 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1191 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1192 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1193 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1194 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1195 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1196 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1198 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1199 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1200}
1201
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1202static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1203 static const char kCertPEM[] =
1204 "-----BEGIN CERTIFICATE-----\n"
1205 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1206 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1207 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1208 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1209 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1210 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1211 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1212 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1213 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1214 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1215 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1216 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1217 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1218}
1219
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1220static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1221 static const char kKeyPEM[] =
1222 "-----BEGIN PRIVATE KEY-----\n"
1223 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1224 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1225 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1226 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1227 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1228 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1229 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1230}
1231
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1232static bssl::UniquePtr<X509> GetChainTestCertificate() {
1233 static const char kCertPEM[] =
1234 "-----BEGIN CERTIFICATE-----\n"
1235 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1236 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1237 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1238 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1239 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1240 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1241 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1242 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1243 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1244 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1245 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1246 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1247 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1248 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1249 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1250 "1ngWZ7Ih\n"
1251 "-----END CERTIFICATE-----\n";
1252 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1253 return bssl::UniquePtr<X509>(
1254 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1255}
1256
1257static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1258 static const char kCertPEM[] =
1259 "-----BEGIN CERTIFICATE-----\n"
1260 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1261 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1262 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1263 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1264 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1265 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1266 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1267 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1268 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1269 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1270 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1271 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1272 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1273 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1274 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1275 "-----END CERTIFICATE-----\n";
1276 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1277 return bssl::UniquePtr<X509>(
1278 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1279}
1280
1281static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1282 static const char kKeyPEM[] =
1283 "-----BEGIN PRIVATE KEY-----\n"
1284 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1285 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1286 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1287 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1288 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1289 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1290 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1291 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1292 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1293 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1294 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1295 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1296 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1297 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1298 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1299 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1300 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1301 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1302 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1303 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1304 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1305 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1306 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1307 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1308 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1309 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1310 "-----END PRIVATE KEY-----\n";
1311 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1312 return bssl::UniquePtr<EVP_PKEY>(
1313 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1314}
1315
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1316static bool CompleteHandshakes(SSL *client, SSL *server) {
1317 // Drive both their handshakes to completion.
1318 for (;;) {
1319 int client_ret = SSL_do_handshake(client);
1320 int client_err = SSL_get_error(client, client_ret);
1321 if (client_err != SSL_ERROR_NONE &&
1322 client_err != SSL_ERROR_WANT_READ &&
1323 client_err != SSL_ERROR_WANT_WRITE) {
1324 fprintf(stderr, "Client error: %d\n", client_err);
1325 return false;
1326 }
1327
1328 int server_ret = SSL_do_handshake(server);
1329 int server_err = SSL_get_error(server, server_ret);
1330 if (server_err != SSL_ERROR_NONE &&
1331 server_err != SSL_ERROR_WANT_READ &&
1332 server_err != SSL_ERROR_WANT_WRITE) {
1333 fprintf(stderr, "Server error: %d\n", server_err);
1334 return false;
1335 }
1336
1337 if (client_ret == 1 && server_ret == 1) {
1338 break;
1339 }
1340 }
1341
1342 return true;
1343}
1344
1345static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1346 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1347 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1348 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1349 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1350 if (!client || !server) {
1351 return false;
1352 }
1353 SSL_set_connect_state(client.get());
1354 SSL_set_accept_state(server.get());
1355
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1356 SSL_set_session(client.get(), session);
1357
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1358 BIO *bio1, *bio2;
1359 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1360 return false;
1361 }
1362 // SSL_set_bio takes ownership.
1363 SSL_set_bio(client.get(), bio1, bio1);
1364 SSL_set_bio(server.get(), bio2, bio2);
1365
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1366 if (!CompleteHandshakes(client.get(), server.get())) {
1367 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1368 }
1369
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1370 *out_client = std::move(client);
1371 *out_server = std::move(server);
1372 return true;
1373}
1374
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1375static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1376 uint16_t version) {
1377 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1378 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1379 if (!server_ctx || !client_ctx ||
1380 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1381 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1382 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1383 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1384 return false;
1385 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1386
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1387 bssl::UniquePtr<X509> cert = GetTestCertificate();
1388 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1389 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1390 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1391 return false;
1392 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1393
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1394 bssl::UniquePtr<SSL> client, server;
1395 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1396 server_ctx.get(), nullptr /* no session */)) {
1397 return false;
1398 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1399
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1400 // Drain any post-handshake messages to ensure there are no unread records
1401 // on either end.
1402 uint8_t byte = 0;
1403 if (SSL_read(client.get(), &byte, 1) > 0 ||
1404 SSL_read(server.get(), &byte, 1) > 0) {
1405 fprintf(stderr, "Received unexpected data.\n");
1406 return false;
1407 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1408
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1409 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1410 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1411 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1412 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1413
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1414 if (is_dtls) {
1415 // Both client and server must be at epoch 1.
1416 if (EpochFromSequence(client_read_seq) != 1 ||
1417 EpochFromSequence(client_write_seq) != 1 ||
1418 EpochFromSequence(server_read_seq) != 1 ||
1419 EpochFromSequence(server_write_seq) != 1) {
1420 fprintf(stderr, "Bad epochs.\n");
1421 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1422 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1423
1424 // The next record to be written should exceed the largest received.
1425 if (client_write_seq <= server_read_seq ||
1426 server_write_seq <= client_read_seq) {
1427 fprintf(stderr, "Inconsistent sequence numbers.\n");
1428 return false;
1429 }
1430 } else {
1431 // The next record to be written should equal the next to be received.
1432 if (client_write_seq != server_read_seq ||
1433 server_write_seq != client_read_seq) {
1434 fprintf(stderr, "Inconsistent sequence numbers.\n");
1435 return false;
1436 }
1437 }
1438
1439 // Send a record from client to server.
1440 if (SSL_write(client.get(), &byte, 1) != 1 ||
1441 SSL_read(server.get(), &byte, 1) != 1) {
1442 fprintf(stderr, "Could not send byte.\n");
1443 return false;
1444 }
1445
1446 // The client write and server read sequence numbers should have
1447 // incremented.
1448 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1449 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1450 fprintf(stderr, "Sequence numbers did not increment.\n");
1451 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1452 }
1453
1454 return true;
1455}
1456
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1457static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1458 uint16_t version) {
1459 // SSL_shutdown is a no-op in DTLS.
1460 if (is_dtls) {
1461 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1462 }
1463
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1464 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1465 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1466 bssl::UniquePtr<X509> cert = GetTestCertificate();
1467 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1468 if (!client_ctx || !server_ctx || !cert || !key ||
1469 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1470 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1471 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1472 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1473 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1474 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1475 return false;
1476 }
1477
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1478 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1479 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1480 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1481 return false;
1482 }
1483
1484 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1485 // one side has shut down.
1486 if (SSL_shutdown(client.get()) != 0) {
1487 fprintf(stderr, "Could not shutdown.\n");
1488 return false;
1489 }
1490
1491 // Reading from the server should consume the EOF.
1492 uint8_t byte;
1493 if (SSL_read(server.get(), &byte, 1) != 0 ||
1494 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1495 fprintf(stderr, "Connection was not shut down cleanly.\n");
1496 return false;
1497 }
1498
1499 // However, the server may continue to write data and then shut down the
1500 // connection.
1501 byte = 42;
1502 if (SSL_write(server.get(), &byte, 1) != 1 ||
1503 SSL_read(client.get(), &byte, 1) != 1 ||
1504 byte != 42) {
1505 fprintf(stderr, "Could not send byte.\n");
1506 return false;
1507 }
1508
1509 // The server may then shutdown the connection.
1510 if (SSL_shutdown(server.get()) != 1 ||
1511 SSL_shutdown(client.get()) != 1) {
1512 fprintf(stderr, "Could not complete shutdown.\n");
1513 return false;
1514 }
1515
1516 return true;
1517}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1518
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1519TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1520 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1521 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1522 ASSERT_TRUE(client_ctx);
1523 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1524
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1525 bssl::UniquePtr<X509> cert = GetTestCertificate();
1526 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1527 ASSERT_TRUE(cert);
1528 ASSERT_TRUE(key);
1529 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1530 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1531
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1532 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1533 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1534 server_ctx.get(),
1535 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1536
1537 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1538 bssl::UniquePtr<SSL_SESSION> session1(
1539 SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
1540 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1541
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1542 session1->not_resumable = 0;
1543
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1544 uint8_t *s0_bytes, *s1_bytes;
1545 size_t s0_len, s1_len;
1546
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1547 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1548 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1549
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1550 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1551 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1552
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1553 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1554}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1555
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1556static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1557 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1558 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1559
1560 // The wrapper BIOs are always equal when fds are equal, even if set
1561 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1562 if (rfd == wfd) {
1563 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1564 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1565}
1566
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1567TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1568 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1569 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1570
1571 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1572 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1573 ASSERT_TRUE(ssl);
1574 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1575 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1576 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1577
1578 // Test setting the same FD.
1579 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1580 ASSERT_TRUE(ssl);
1581 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1582 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1583
1584 // Test setting the same FD one side at a time.
1585 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1586 ASSERT_TRUE(ssl);
1587 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1588 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1589 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1590
1591 // Test setting the same FD in the other order.
1592 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1593 ASSERT_TRUE(ssl);
1594 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1595 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1596 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1597
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1598 // Test changing the read FD partway through.
1599 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1600 ASSERT_TRUE(ssl);
1601 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1602 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1603 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1604
1605 // Test changing the write FD partway through.
1606 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1607 ASSERT_TRUE(ssl);
1608 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1609 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1610 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1611
1612 // Test a no-op change to the read FD partway through.
1613 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1614 ASSERT_TRUE(ssl);
1615 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1616 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1617 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1618
1619 // Test a no-op change to the write FD partway through.
1620 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1621 ASSERT_TRUE(ssl);
1622 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1623 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1624 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1625
1626 // ASan builds will implicitly test that the internal |BIO| reference-counting
1627 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1628}
1629
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1630TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1631 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1632 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1633
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1634 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1635 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1636 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1637 ASSERT_TRUE(ssl);
1638 ASSERT_TRUE(bio1);
1639 ASSERT_TRUE(bio2);
1640 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1641
1642 // SSL_set_bio takes one reference when the parameters are the same.
1643 BIO_up_ref(bio1.get());
1644 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1645
1646 // Repeating the call does nothing.
1647 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1648
1649 // It takes one reference each when the parameters are different.
1650 BIO_up_ref(bio2.get());
1651 BIO_up_ref(bio3.get());
1652 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1653
1654 // Repeating the call does nothing.
1655 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1656
1657 // It takes one reference when changing only wbio.
1658 BIO_up_ref(bio1.get());
1659 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1660
1661 // It takes one reference when changing only rbio and the two are different.
1662 BIO_up_ref(bio3.get());
1663 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1664
1665 // If setting wbio to rbio, it takes no additional references.
1666 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1667
1668 // From there, wbio may be switched to something else.
1669 BIO_up_ref(bio1.get());
1670 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1671
1672 // If setting rbio to wbio, it takes no additional references.
1673 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1674
1675 // From there, rbio may be switched to something else, but, for historical
1676 // reasons, it takes a reference to both parameters.
1677 BIO_up_ref(bio1.get());
1678 BIO_up_ref(bio2.get());
1679 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1680
1681 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1682 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1683}
1684
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1685static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1686
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1687static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1688 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1689 bssl::UniquePtr<X509> cert = GetTestCertificate();
1690 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1691 if (!cert || !key) {
1692 return false;
1693 }
1694
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1695 // Configure both client and server to accept any certificate.
1696 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1697 if (!ctx ||
1698 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1699 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1700 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1701 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1702 return false;
1703 }
1704 SSL_CTX_set_verify(
1705 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1706 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1707
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1708 bssl::UniquePtr<SSL> client, server;
1709 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1710 nullptr /* no session */)) {
1711 return false;
1712 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1713
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1714 // Client and server should both see the leaf certificate.
1715 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1716 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1717 fprintf(stderr, "Server peer certificate did not match.\n");
1718 return false;
1719 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1720
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1721 peer.reset(SSL_get_peer_certificate(client.get()));
1722 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1723 fprintf(stderr, "Client peer certificate did not match.\n");
1724 return false;
1725 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1726
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1727 // However, for historical reasons, the chain includes the leaf on the
1728 // client, but does not on the server.
1729 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1730 fprintf(stderr, "Client peer chain was incorrect.\n");
1731 return false;
1732 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1733
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1734 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1735 fprintf(stderr, "Server peer chain was incorrect.\n");
1736 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1737 }
1738
1739 return true;
1740}
1741
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1742static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1743 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1744 bssl::UniquePtr<X509> cert = GetTestCertificate();
1745 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1746 if (!cert || !key) {
1747 return false;
1748 }
1749
1750 uint8_t *cert_der = NULL;
1751 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1752 if (cert_der_len < 0) {
1753 return false;
1754 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1755 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1756
1757 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1758 SHA256(cert_der, cert_der_len, cert_sha256);
1759
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1760 // Configure both client and server to accept any certificate, but the
1761 // server must retain only the SHA-256 of the peer.
1762 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1763 if (!ctx ||
1764 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1765 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1766 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1767 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1768 return false;
1769 }
1770 SSL_CTX_set_verify(
1771 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1772 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1773 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1774
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1775 bssl::UniquePtr<SSL> client, server;
1776 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1777 nullptr /* no session */)) {
1778 return false;
1779 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1780
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1781 // The peer certificate has been dropped.
1782 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1783 if (peer) {
1784 fprintf(stderr, "Peer certificate was retained.\n");
1785 return false;
1786 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1787
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1788 SSL_SESSION *session = SSL_get_session(server.get());
1789 if (!session->peer_sha256_valid) {
1790 fprintf(stderr, "peer_sha256_valid was not set.\n");
1791 return false;
1792 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1793
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1794 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1795 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1796 fprintf(stderr, "peer_sha256 did not match.\n");
1797 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1798 }
1799
1800 return true;
1801}
1802
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1803static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1804 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1805 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1806 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1807 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1808 // Our default cipher list varies by CPU capabilities, so manually place
1809 // the ChaCha20 ciphers in front.
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]1810 !SSL_CTX_set_strict_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1811 return false;
1812 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1813
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1814 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1815 if (!ssl) {
1816 return false;
1817 }
1818 std::vector<uint8_t> client_hello;
1819 if (!GetClientHello(ssl.get(), &client_hello)) {
1820 return false;
1821 }
1822
1823 // Zero the client_random.
1824 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1825 1 + 3 + // handshake message header
1826 2; // client_version
1827 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1828 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1829 return false;
1830 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1831 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1832
1833 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1834 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1835 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1836 fprintf(stderr, "Got:\n\t");
1837 for (size_t i = 0; i < client_hello.size(); i++) {
1838 fprintf(stderr, "0x%02x, ", client_hello[i]);
1839 }
1840 fprintf(stderr, "\nWanted:\n\t");
1841 for (size_t i = 0; i < expected_len; i++) {
1842 fprintf(stderr, "0x%02x, ", expected[i]);
1843 }
1844 fprintf(stderr, "\n");
1845 return false;
1846 }
1847
1848 return true;
1849}
1850
1851// Tests that our ClientHellos do not change unexpectedly.
1852static bool TestClientHello() {
1853 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1854 0x16,
1855 0x03, 0x00,
1856 0x00, 0x3f,
1857 0x01,
1858 0x00, 0x00, 0x3b,
1859 0x03, 0x00,
1860 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1861 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1862 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1863 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1864 0x00,
1865 0x00, 0x14,
1866 0xc0, 0x09,
1867 0xc0, 0x13,
1868 0x00, 0x33,
1869 0xc0, 0x0a,
1870 0xc0, 0x14,
1871 0x00, 0x39,
1872 0x00, 0x2f,
1873 0x00, 0x35,
1874 0x00, 0x0a,
1875 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1876 };
1877 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1878 sizeof(kSSL3ClientHello))) {
1879 return false;
1880 }
1881
1882 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1883 0x16,
1884 0x03, 0x01,
1885 0x00, 0x5e,
1886 0x01,
1887 0x00, 0x00, 0x5a,
1888 0x03, 0x01,
1889 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1890 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1891 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1892 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1893 0x00,
1894 0x00, 0x12,
1895 0xc0, 0x09,
1896 0xc0, 0x13,
1897 0x00, 0x33,
1898 0xc0, 0x0a,
1899 0xc0, 0x14,
1900 0x00, 0x39,
1901 0x00, 0x2f,
1902 0x00, 0x35,
1903 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1904 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1905 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1906 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1907 };
1908 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1909 sizeof(kTLS1ClientHello))) {
1910 return false;
1911 }
1912
1913 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1914 0x16,
1915 0x03, 0x01,
1916 0x00, 0x5e,
1917 0x01,
1918 0x00, 0x00, 0x5a,
1919 0x03, 0x02,
1920 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1922 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1923 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1924 0x00,
1925 0x00, 0x12,
1926 0xc0, 0x09,
1927 0xc0, 0x13,
1928 0x00, 0x33,
1929 0xc0, 0x0a,
1930 0xc0, 0x14,
1931 0x00, 0x39,
1932 0x00, 0x2f,
1933 0x00, 0x35,
1934 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1935 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1936 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1937 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1938 };
1939 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1940 sizeof(kTLS11ClientHello))) {
1941 return false;
1942 }
1943
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1944 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1945 // builds.
1946#if defined(BORINGSSL_ANDROID_SYSTEM)
1947 return true;
1948#endif
1949
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1950 static const uint8_t kTLS12ClientHello[] = {
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1951 0x16, 0x03, 0x01, 0x00, 0x9a, 0x01, 0x00, 0x00, 0x96, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1952 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1953 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1954 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0xcc, 0xa9,
1955 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x2c, 0xc0, 0x30,
1956 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0x00, 0x33,
1957 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x28, 0x00, 0x39,
1958 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
1959 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
1960 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1961 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
1962 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
1963 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
1964 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1965 };
1966 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1967 sizeof(kTLS12ClientHello))) {
1968 return false;
1969 }
1970
1971 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1972 // implementation has settled enough that it won't change.
1973
1974 return true;
1975}
1976
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1977static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1978
1979static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1980 // Save the most recent session.
1981 g_last_session.reset(session);
1982 return 1;
1983}
1984
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1985static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1986 SSL_CTX *server_ctx) {
1987 g_last_session = nullptr;
1988 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1989
1990 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1991 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1992 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1993 nullptr /* no session */)) {
1994 fprintf(stderr, "Failed to connect client and server.\n");
1995 return nullptr;
1996 }
1997
1998 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1999 SSL_read(client.get(), nullptr, 0);
2000
2001 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2002
2003 if (!g_last_session) {
2004 fprintf(stderr, "Client did not receive a session.\n");
2005 return nullptr;
2006 }
2007 return std::move(g_last_session);
2008}
2009
2010static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2011 SSL_SESSION *session,
2012 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2013 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2014 if (!ConnectClientAndServer(&client, &server, client_ctx,
2015 server_ctx, session)) {
2016 fprintf(stderr, "Failed to connect client and server.\n");
2017 return false;
2018 }
2019
2020 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2021 fprintf(stderr, "Client and server were inconsistent.\n");
2022 return false;
2023 }
2024
2025 bool was_reused = !!SSL_session_reused(client.get());
2026 if (was_reused != reused) {
2027 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
2028 was_reused ? "" : " not");
2029 return false;
2030 }
2031
2032 return true;
2033}
2034
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2035static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2036 SSL_CTX *server_ctx,
2037 SSL_SESSION *session) {
2038 g_last_session = nullptr;
2039 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2040
2041 bssl::UniquePtr<SSL> client, server;
2042 if (!ConnectClientAndServer(&client, &server, client_ctx,
2043 server_ctx, session)) {
2044 fprintf(stderr, "Failed to connect client and server.\n");
2045 return nullptr;
2046 }
2047
2048 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2049 fprintf(stderr, "Client and server were inconsistent.\n");
2050 return nullptr;
2051 }
2052
2053 if (!SSL_session_reused(client.get())) {
2054 fprintf(stderr, "Session was not reused.\n");
2055 return nullptr;
2056 }
2057
2058 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2059 SSL_read(client.get(), nullptr, 0);
2060
2061 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2062
2063 if (!g_last_session) {
2064 fprintf(stderr, "Client did not receive a renewed session.\n");
2065 return nullptr;
2066 }
2067 return std::move(g_last_session);
2068}
2069
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2070static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2071 static const uint8_t kContext[] = {3};
2072
2073 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2074 return SSL_TLSEXT_ERR_ALERT_FATAL;
2075 }
2076
2077 return SSL_TLSEXT_ERR_OK;
2078}
2079
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2080static int SwitchSessionIDContextEarly(const SSL_CLIENT_HELLO *client_hello) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2081 static const uint8_t kContext[] = {3};
2082
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2083 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2084 sizeof(kContext))) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2085 return -1;
2086 }
2087
2088 return 1;
2089}
2090
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2091static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2092 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2093 bssl::UniquePtr<X509> cert = GetTestCertificate();
2094 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2095 if (!cert || !key) {
2096 return false;
2097 }
2098
2099 static const uint8_t kContext1[] = {1};
2100 static const uint8_t kContext2[] = {2};
2101
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2102 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2103 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2104 if (!server_ctx || !client_ctx ||
2105 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2106 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2107 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2108 sizeof(kContext1)) ||
2109 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2110 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2111 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2112 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2113 return false;
2114 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2115
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2116 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2117 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2118
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2119 bssl::UniquePtr<SSL_SESSION> session =
2120 CreateClientSession(client_ctx.get(), server_ctx.get());
2121 if (!session) {
2122 fprintf(stderr, "Error getting session.\n");
2123 return false;
2124 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2125
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2126 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2127 true /* expect session reused */)) {
2128 fprintf(stderr, "Error resuming session.\n");
2129 return false;
2130 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2131
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2132 // Change the session ID context.
2133 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2134 sizeof(kContext2))) {
2135 return false;
2136 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2137
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2138 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2139 false /* expect session not reused */)) {
2140 fprintf(stderr, "Error connecting with a different context.\n");
2141 return false;
2142 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2143
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2144 // Change the session ID context back and install an SNI callback to switch
2145 // it.
2146 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2147 sizeof(kContext1))) {
2148 return false;
2149 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2150
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2151 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2152 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2153
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2154 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2155 false /* expect session not reused */)) {
2156 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2157 return false;
2158 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2159
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2160 // Switch the session ID context with the early callback instead.
2161 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2162 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2163 SwitchSessionIDContextEarly);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2164
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2165 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2166 false /* expect session not reused */)) {
2167 fprintf(stderr,
2168 "Error connecting with a context switch on early callback.\n");
2169 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2170 }
2171
2172 return true;
2173}
2174
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2175static timeval g_current_time;
2176
2177static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2178 *out_clock = g_current_time;
2179}
2180
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2181static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2182 out_clock->tv_sec = 1000;
2183 out_clock->tv_usec = 0;
2184}
2185
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2186static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2187 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2188 int encrypt) {
2189 static const uint8_t kZeros[16] = {0};
2190
2191 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2192 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2193 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2194 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2195 return 0;
2196 }
2197
2198 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2199 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2200 return -1;
2201 }
2202
2203 // Returning two from the callback in decrypt mode renews the
2204 // session in TLS 1.2 and below.
2205 return encrypt ? 1 : 2;
2206}
2207
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2208static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2209 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2210 return false;
2211 }
2212
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2213 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2214 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2215 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2216
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2217#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2218 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2219 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2220#else
2221 static const uint8_t kZeros[16] = {0};
2222 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2223 bssl::ScopedEVP_CIPHER_CTX ctx;
2224 int len1, len2;
2225 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2226 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2227 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2228 return false;
2229 }
2230
2231 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2232#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2233
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2234 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2235 if (!ssl_ctx) {
2236 return false;
2237 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2238 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2239 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2240 if (!server_session) {
2241 return false;
2242 }
2243
2244 *out = server_session->time;
2245 return true;
2246}
2247
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2248static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2249 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2250 bssl::UniquePtr<X509> cert = GetTestCertificate();
2251 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2252 if (!cert || !key) {
2253 return false;
2254 }
2255
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2256 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2257 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2258 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2259
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2260 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2261 // resumptions still perform ECDHE.
2262 const time_t timeout = version == TLS1_3_VERSION
2263 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2264 : SSL_DEFAULT_SESSION_TIMEOUT;
2265
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2266 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2267 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2268 if (!server_ctx || !client_ctx ||
2269 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2270 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2271 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2272 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2273 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2274 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2275 return false;
2276 }
2277
2278 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2279 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2280
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2281 // Both client and server must enforce session timeouts. We configure the
2282 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2283 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2284 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2285 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2286 } else {
2287 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2288 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2289 }
2290
2291 // Configure a ticket callback which renews tickets.
2292 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2293
2294 bssl::UniquePtr<SSL_SESSION> session =
2295 CreateClientSession(client_ctx.get(), server_ctx.get());
2296 if (!session) {
2297 fprintf(stderr, "Error getting session.\n");
2298 return false;
2299 }
2300
2301 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2302 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2303
2304 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2305 true /* expect session reused */)) {
2306 fprintf(stderr, "Error resuming session.\n");
2307 return false;
2308 }
2309
2310 // Advance the clock one more second.
2311 g_current_time.tv_sec++;
2312
2313 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2314 false /* expect session not reused */)) {
2315 fprintf(stderr, "Error resuming session.\n");
2316 return false;
2317 }
2318
2319 // Rewind the clock to before the session was minted.
2320 g_current_time.tv_sec = kStartTime - 1;
2321
2322 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2323 false /* expect session not reused */)) {
2324 fprintf(stderr, "Error resuming session.\n");
2325 return false;
2326 }
2327
2328 // SSL 3.0 cannot renew sessions.
2329 if (version == SSL3_VERSION) {
2330 continue;
2331 }
2332
2333 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2334 time_t new_start_time = kStartTime + timeout - 10;
2335 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2336 bssl::UniquePtr<SSL_SESSION> new_session =
2337 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2338 if (!new_session) {
2339 fprintf(stderr, "Error renewing session.\n");
2340 return false;
2341 }
2342
2343 // This new session is not the same object as before.
2344 if (session.get() == new_session.get()) {
2345 fprintf(stderr, "New and old sessions alias.\n");
2346 return false;
2347 }
2348
2349 // Check the sessions have timestamps measured from issuance.
2350 long session_time = 0;
2351 if (server_test) {
2352 if (!GetServerTicketTime(&session_time, new_session.get())) {
2353 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2354 return false;
2355 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2356 } else {
2357 session_time = new_session->time;
2358 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2359
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2360 if (session_time != g_current_time.tv_sec) {
2361 fprintf(stderr, "New session is not measured from issuance.\n");
2362 return false;
2363 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2364
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2365 if (version == TLS1_3_VERSION) {
2366 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2367 // lifetime TLS 1.3.
2368 g_current_time.tv_sec = new_start_time + timeout - 1;
2369 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2370 new_session.get(),
2371 true /* expect session reused */)) {
2372 fprintf(stderr, "Error resuming renewed session.\n");
2373 return false;
2374 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2375
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2376 // The new session expires after the new timeout.
2377 g_current_time.tv_sec = new_start_time + timeout + 1;
2378 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2379 new_session.get(),
2380 false /* expect session ot reused */)) {
2381 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2382 return false;
2383 }
2384
2385 // Renew the session until it begins just past the auth timeout.
2386 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2387 while (new_start_time < auth_end_time - 1000) {
2388 // Get as close as possible to target start time.
2389 new_start_time =
2390 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2391 g_current_time.tv_sec = new_start_time;
2392 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2393 new_session.get());
2394 if (!new_session) {
2395 fprintf(stderr, "Error renewing session.\n");
2396 return false;
2397 }
2398 }
2399
2400 // Now the session's lifetime is bound by the auth timeout.
2401 g_current_time.tv_sec = auth_end_time - 1;
2402 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2403 new_session.get(),
2404 true /* expect session reused */)) {
2405 fprintf(stderr, "Error resuming renewed session.\n");
2406 return false;
2407 }
2408
2409 g_current_time.tv_sec = auth_end_time + 1;
2410 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2411 new_session.get(),
2412 false /* expect session ot reused */)) {
2413 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2414 return false;
2415 }
2416 } else {
2417 // The new session is usable just before the old expiration.
2418 g_current_time.tv_sec = kStartTime + timeout - 1;
2419 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2420 new_session.get(),
2421 true /* expect session reused */)) {
2422 fprintf(stderr, "Error resuming renewed session.\n");
2423 return false;
2424 }
2425
2426 // Renewal does not extend the lifetime, so it is not usable beyond the
2427 // old expiration.
2428 g_current_time.tv_sec = kStartTime + timeout + 1;
2429 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2430 new_session.get(),
2431 false /* expect session not reused */)) {
2432 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2433 return false;
2434 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2435 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2436 }
2437
2438 return true;
2439}
2440
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2441static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2442 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2443 SSL_set_SSL_CTX(ssl, ctx);
2444 return SSL_TLSEXT_ERR_OK;
2445}
2446
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2447static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2448 uint16_t version) {
2449 // SSL 3.0 lacks extensions.
2450 if (version == SSL3_VERSION) {
2451 return true;
2452 }
2453
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2454 bssl::UniquePtr<X509> cert = GetTestCertificate();
2455 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2456 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2457 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2458 if (!cert || !key || !cert2 || !key2) {
2459 return false;
2460 }
2461
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2462 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2463 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2464
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2465 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2466 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2467
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2468 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2469 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2470 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2471 if (!server_ctx || !server_ctx2 || !client_ctx ||
2472 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2473 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2474 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2475 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2476 !SSL_CTX_set_signed_cert_timestamp_list(server_ctx2.get(), kSCTList,
2477 sizeof(kSCTList)) ||
2478 !SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2479 sizeof(kOCSPResponse)) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2480 // Historically signing preferences would be lost in some cases with the
2481 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2482 // this doesn't happen when |version| is TLS 1.2, configure the private
2483 // key to only sign SHA-256.
2484 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2485 1) ||
2486 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2487 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2488 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2489 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2490 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2491 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2492 return false;
2493 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2494
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2495 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2496 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2497
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2498 SSL_CTX_enable_signed_cert_timestamps(client_ctx.get());
2499 SSL_CTX_enable_ocsp_stapling(client_ctx.get());
2500
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2501 bssl::UniquePtr<SSL> client, server;
2502 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2503 server_ctx.get(), nullptr)) {
2504 fprintf(stderr, "Handshake failed.\n");
2505 return false;
2506 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2507
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2508 // The client should have received |cert2|.
2509 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2510 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2511 fprintf(stderr, "Incorrect certificate received.\n");
2512 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2513 }
2514
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2515 // The client should have received |server_ctx2|'s SCT list.
2516 const uint8_t *data;
2517 size_t len;
2518 SSL_get0_signed_cert_timestamp_list(client.get(), &data, &len);
2519 if (Bytes(kSCTList) != Bytes(data, len)) {
2520 fprintf(stderr, "Incorrect SCT list received.\n");
2521 return false;
2522 }
2523
2524 // The client should have received |server_ctx2|'s OCSP response.
2525 SSL_get0_ocsp_response(client.get(), &data, &len);
2526 if (Bytes(kOCSPResponse) != Bytes(data, len)) {
2527 fprintf(stderr, "Incorrect OCSP response received.\n");
2528 return false;
2529 }
2530
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2531 return true;
2532}
2533
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2534// Test that the early callback can swap the maximum version.
2535TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2536 bssl::UniquePtr<X509> cert = GetTestCertificate();
2537 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2538 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2539 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2540 ASSERT_TRUE(cert);
2541 ASSERT_TRUE(key);
2542 ASSERT_TRUE(server_ctx);
2543 ASSERT_TRUE(client_ctx);
2544 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2545 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2546 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2547 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2548
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2549 SSL_CTX_set_select_certificate_cb(
2550 server_ctx.get(), [](const SSL_CLIENT_HELLO *client_hello) -> int {
2551 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
2552 return -1;
2553 }
2554
2555 return 1;
2556 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2557
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2558 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2559 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2560 server_ctx.get(), nullptr));
2561 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2562}
2563
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2564TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2565 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2566 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2567
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2568 // Set valid TLS versions.
2569 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2570 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2571 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2572 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2573
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2574 // Invalid TLS versions are rejected.
2575 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2576 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2577 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2578 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2579 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2580 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2581
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2582 // Zero is the default version.
2583 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2584 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2585 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2586 EXPECT_EQ(SSL3_VERSION, ctx->min_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2587
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2588 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2589 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2590
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2591 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2592 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2593 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2594 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2595
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2596 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2597 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2598 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2599 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2600 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2601 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2602 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2603 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2604
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2605 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2606 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2607 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2608 EXPECT_EQ(TLS1_1_VERSION, ctx->min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2609}
2610
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2611static const char *GetVersionName(uint16_t version) {
2612 switch (version) {
2613 case SSL3_VERSION:
2614 return "SSLv3";
2615 case TLS1_VERSION:
2616 return "TLSv1";
2617 case TLS1_1_VERSION:
2618 return "TLSv1.1";
2619 case TLS1_2_VERSION:
2620 return "TLSv1.2";
2621 case TLS1_3_VERSION:
2622 return "TLSv1.3";
2623 case DTLS1_VERSION:
2624 return "DTLSv1";
2625 case DTLS1_2_VERSION:
2626 return "DTLSv1.2";
2627 default:
2628 return "???";
2629 }
2630}
2631
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2632static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2633 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2634 bssl::UniquePtr<X509> cert = GetTestCertificate();
2635 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2636 if (!cert || !key) {
2637 return false;
2638 }
2639
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2640 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2641 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2642 bssl::UniquePtr<SSL> client, server;
2643 if (!server_ctx || !client_ctx ||
2644 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2645 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2646 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2647 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2648 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2649 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2650 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2651 server_ctx.get(), nullptr /* no session */)) {
2652 fprintf(stderr, "Failed to connect.\n");
2653 return false;
2654 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2655
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2656 if (SSL_version(client.get()) != version ||
2657 SSL_version(server.get()) != version) {
2658 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2659 SSL_version(client.get()), SSL_version(server.get()), version);
2660 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2661 }
2662
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2663 // Test the version name is reported as expected.
2664 const char *version_name = GetVersionName(version);
2665 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2666 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2667 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2668 SSL_get_version(client.get()), SSL_get_version(server.get()),
2669 version_name);
2670 return false;
2671 }
2672
2673 // Test SSL_SESSION reports the same name.
2674 const char *client_name =
2675 SSL_SESSION_get_version(SSL_get_session(client.get()));
2676 const char *server_name =
2677 SSL_SESSION_get_version(SSL_get_session(server.get()));
2678 if (strcmp(version_name, client_name) != 0 ||
2679 strcmp(version_name, server_name) != 0) {
2680 fprintf(stderr,
2681 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2682 client_name, server_name, version_name);
2683 return false;
2684 }
2685
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2686 return true;
2687}
2688
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2689// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2690// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2691static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2692 uint16_t version) {
2693 // SSL 3.0 lacks extensions.
2694 if (version == SSL3_VERSION) {
2695 return true;
2696 }
2697
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2698 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2699
2700 bssl::UniquePtr<X509> cert = GetTestCertificate();
2701 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2702 if (!cert || !key) {
2703 return false;
2704 }
2705
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2706 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2707 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2708 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2709 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2710 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2711 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2712 0) {
2713 return false;
2714 }
2715
2716 // The ALPN callback does not fail the handshake on error, so have the
2717 // callback write a boolean.
2718 std::pair<uint16_t, bool> callback_state(version, false);
2719 SSL_CTX_set_alpn_select_cb(
2720 ctx.get(),
2721 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2722 unsigned in_len, void *arg) -> int {
2723 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2724 if (SSL_get_pending_cipher(ssl) != nullptr &&
2725 SSL_version(ssl) == state->first) {
2726 state->second = true;
2727 }
2728 return SSL_TLSEXT_ERR_NOACK;
2729 },
2730 &callback_state);
2731
2732 bssl::UniquePtr<SSL> client, server;
2733 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2734 nullptr /* no session */)) {
2735 return false;
2736 }
2737
2738 if (!callback_state.second) {
2739 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2740 return false;
2741 }
2742
2743 return true;
2744}
2745
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2746static bool TestSSLClearSessionResumption(bool is_dtls,
2747 const SSL_METHOD *method,
2748 uint16_t version) {
2749 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2750 // API pattern.
2751 if (version == TLS1_3_VERSION) {
2752 return true;
2753 }
2754
2755 bssl::UniquePtr<X509> cert = GetTestCertificate();
2756 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2757 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2758 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2759 if (!cert || !key || !server_ctx || !client_ctx ||
2760 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2761 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2762 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2763 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2764 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2765 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2766 return false;
2767 }
2768
2769 // Connect a client and a server.
2770 bssl::UniquePtr<SSL> client, server;
2771 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2772 server_ctx.get(), nullptr /* no session */)) {
2773 return false;
2774 }
2775
2776 if (SSL_session_reused(client.get()) ||
2777 SSL_session_reused(server.get())) {
2778 fprintf(stderr, "Session unexpectedly reused.\n");
2779 return false;
2780 }
2781
2782 // Reset everything.
2783 if (!SSL_clear(client.get()) ||
2784 !SSL_clear(server.get())) {
2785 fprintf(stderr, "SSL_clear failed.\n");
2786 return false;
2787 }
2788
2789 // Attempt to connect a second time.
2790 if (!CompleteHandshakes(client.get(), server.get())) {
2791 fprintf(stderr, "Could not reuse SSL objects.\n");
2792 return false;
2793 }
2794
2795 // |SSL_clear| should implicitly offer the previous session to the server.
2796 if (!SSL_session_reused(client.get()) ||
2797 !SSL_session_reused(server.get())) {
2798 fprintf(stderr, "Session was not reused in second try.\n");
2799 return false;
2800 }
2801
2802 return true;
2803}
2804
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2805static bool ChainsEqual(STACK_OF(X509) *chain,
2806 const std::vector<X509 *> &expected) {
2807 if (sk_X509_num(chain) != expected.size()) {
2808 return false;
2809 }
2810
2811 for (size_t i = 0; i < expected.size(); i++) {
2812 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2813 return false;
2814 }
2815 }
2816
2817 return true;
2818}
2819
2820static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2821 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2822 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2823 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2824 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2825 if (!cert || !intermediate || !key) {
2826 return false;
2827 }
2828
2829 // Configure both client and server to accept any certificate. Add
2830 // |intermediate| to the cert store.
2831 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2832 if (!ctx ||
2833 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2834 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2835 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2836 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2837 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2838 intermediate.get())) {
2839 return false;
2840 }
2841 SSL_CTX_set_verify(
2842 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2843 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2844
2845 // By default, the client and server should each only send the leaf.
2846 bssl::UniquePtr<SSL> client, server;
2847 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2848 nullptr /* no session */)) {
2849 return false;
2850 }
2851
2852 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2853 fprintf(stderr, "Client-received chain did not match.\n");
2854 return false;
2855 }
2856
2857 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2858 fprintf(stderr, "Server-received chain did not match.\n");
2859 return false;
2860 }
2861
2862 // If auto-chaining is enabled, then the intermediate is sent.
2863 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2864 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2865 nullptr /* no session */)) {
2866 return false;
2867 }
2868
2869 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2870 {cert.get(), intermediate.get()})) {
2871 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
2872 return false;
2873 }
2874
2875 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2876 {cert.get(), intermediate.get()})) {
2877 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
2878 return false;
2879 }
2880
2881 // Auto-chaining does not override explicitly-configured intermediates.
2882 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
2883 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2884 nullptr /* no session */)) {
2885 return false;
2886 }
2887
2888 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2889 {cert.get(), cert.get()})) {
2890 fprintf(stderr,
2891 "Client-received chain did not match (auto-chaining, explicit "
2892 "intermediate).\n");
2893 return false;
2894 }
2895
2896 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2897 {cert.get(), cert.get()})) {
2898 fprintf(stderr,
2899 "Server-received chain did not match (auto-chaining, explicit "
2900 "intermediate).\n");
2901 return false;
2902 }
2903
2904 return true;
2905}
2906
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2907static bool ExpectBadWriteRetry() {
2908 int err = ERR_get_error();
2909 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2910 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2911 char buf[ERR_ERROR_STRING_BUF_LEN];
2912 ERR_error_string_n(err, buf, sizeof(buf));
2913 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2914 return false;
2915 }
2916
2917 if (ERR_peek_error() != 0) {
2918 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2919 return false;
2920 }
2921
2922 return true;
2923}
2924
2925static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
2926 uint16_t version) {
2927 if (is_dtls) {
2928 return true;
2929 }
2930
2931 for (bool enable_partial_write : std::vector<bool>{false, true}) {
2932 // Connect a client and server.
2933 bssl::UniquePtr<X509> cert = GetTestCertificate();
2934 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2935 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2936 bssl::UniquePtr<SSL> client, server;
2937 if (!cert || !key || !ctx ||
2938 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2939 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2940 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2941 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2942 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2943 nullptr /* no session */)) {
2944 return false;
2945 }
2946
2947 if (enable_partial_write) {
2948 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
2949 }
2950
2951 // Write without reading until the buffer is full and we have an unfinished
2952 // write. Keep a count so we may reread it again later. "hello!" will be
2953 // written in two chunks, "hello" and "!".
2954 char data[] = "hello!";
2955 static const int kChunkLen = 5; // The length of "hello".
2956 unsigned count = 0;
2957 for (;;) {
2958 int ret = SSL_write(client.get(), data, kChunkLen);
2959 if (ret <= 0) {
2960 int err = SSL_get_error(client.get(), ret);
2961 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
2962 break;
2963 }
2964 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
2965 return false;
2966 }
2967
2968 if (ret != 5) {
2969 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
2970 return false;
2971 }
2972
2973 count++;
2974 }
2975
2976 // Retrying with the same parameters is legal.
2977 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
2978 SSL_ERROR_WANT_WRITE) {
2979 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2980 return false;
2981 }
2982
2983 // Retrying with the same buffer but shorter length is not legal.
2984 if (SSL_get_error(client.get(),
2985 SSL_write(client.get(), data, kChunkLen - 1)) !=
2986 SSL_ERROR_SSL ||
2987 !ExpectBadWriteRetry()) {
2988 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2989 return false;
2990 }
2991
2992 // Retrying with a different buffer pointer is not legal.
2993 char data2[] = "hello";
2994 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
2995 kChunkLen)) != SSL_ERROR_SSL ||
2996 !ExpectBadWriteRetry()) {
2997 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2998 return false;
2999 }
3000
3001 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
3002 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
3003 if (SSL_get_error(client.get(),
3004 SSL_write(client.get(), data2, kChunkLen)) !=
3005 SSL_ERROR_WANT_WRITE) {
3006 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3007 return false;
3008 }
3009
3010 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
3011 if (SSL_get_error(client.get(),
3012 SSL_write(client.get(), data2, kChunkLen - 1)) !=
3013 SSL_ERROR_SSL ||
3014 !ExpectBadWriteRetry()) {
3015 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3016 return false;
3017 }
3018
3019 // Retrying with a larger buffer is legal.
3020 if (SSL_get_error(client.get(),
3021 SSL_write(client.get(), data, kChunkLen + 1)) !=
3022 SSL_ERROR_WANT_WRITE) {
3023 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3024 return false;
3025 }
3026
3027 // Drain the buffer.
3028 char buf[20];
3029 for (unsigned i = 0; i < count; i++) {
3030 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3031 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
3032 fprintf(stderr, "Failed to read initial records.\n");
3033 return false;
3034 }
3035 }
3036
3037 // Now that there is space, a retry with a larger buffer should flush the
3038 // pending record, skip over that many bytes of input (on assumption they
3039 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
3040 // is set, this will complete in two steps.
3041 char data3[] = "_____!";
3042 if (enable_partial_write) {
3043 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
3044 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
3045 fprintf(stderr, "SSL_write retry failed.\n");
3046 return false;
3047 }
3048 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3049 fprintf(stderr, "SSL_write retry failed.\n");
3050 return false;
3051 }
3052
3053 // Check the last write was correct. The data will be spread over two
3054 // records, so SSL_read returns twice.
3055 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3056 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3057 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3058 buf[0] != '!') {
3059 fprintf(stderr, "Failed to read write retry.\n");
3060 return false;
3061 }
3062 }
3063
3064 return true;
3065}
3066
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3067static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3068 const SSL_METHOD *method,
3069 uint16_t version)) {
3070 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]3071 SSL3_VERSION,
3072 TLS1_VERSION,
3073 TLS1_1_VERSION,
3074 TLS1_2_VERSION,
3075// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3076#if !defined(BORINGSSL_ANDROID_SYSTEM)
3077 TLS1_3_VERSION,
3078#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3079 };
3080
3081 static uint16_t kDTLSVersions[] = {
3082 DTLS1_VERSION, DTLS1_2_VERSION,
3083 };
3084
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3085 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3086 if (!test_func(false, TLS_method(), version)) {
3087 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3088 return false;
3089 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3090 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3091
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3092 for (uint16_t version : kDTLSVersions) {
3093 if (!test_func(true, DTLS_method(), version)) {
3094 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3095 return false;
3096 }
3097 }
3098
3099 return true;
3100}
3101
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3102TEST(SSLTest, AddChainCertHack) {
3103 // Ensure that we don't accidently break the hack that we have in place to
3104 // keep curl and serf happy when they use an |X509| even after transfering
3105 // ownership.
3106
3107 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3108 ASSERT_TRUE(ctx);
3109 X509 *cert = GetTestCertificate().release();
3110 ASSERT_TRUE(cert);
3111 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3112
3113 // This should not trigger a use-after-free.
3114 X509_cmp(cert, cert);
3115}
3116
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3117TEST(SSLTest, GetCertificate) {
3118 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3119 ASSERT_TRUE(ctx);
3120 bssl::UniquePtr<X509> cert = GetTestCertificate();
3121 ASSERT_TRUE(cert);
3122 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3123 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3124 ASSERT_TRUE(ssl);
3125
3126 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3127 ASSERT_TRUE(cert2);
3128 X509 *cert3 = SSL_get_certificate(ssl.get());
3129 ASSERT_TRUE(cert3);
3130
3131 // The old and new certificates must be identical.
3132 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3133 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3134
3135 uint8_t *der = nullptr;
3136 long der_len = i2d_X509(cert.get(), &der);
3137 ASSERT_LT(0, der_len);
3138 bssl::UniquePtr<uint8_t> free_der(der);
3139
3140 uint8_t *der2 = nullptr;
3141 long der2_len = i2d_X509(cert2, &der2);
3142 ASSERT_LT(0, der2_len);
3143 bssl::UniquePtr<uint8_t> free_der2(der2);
3144
3145 uint8_t *der3 = nullptr;
3146 long der3_len = i2d_X509(cert3, &der3);
3147 ASSERT_LT(0, der3_len);
3148 bssl::UniquePtr<uint8_t> free_der3(der3);
3149
3150 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3151 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3152 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3153}
3154
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3155// TODO(davidben): Convert this file to GTest properly.
3156TEST(SSLTest, AllTests) {
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3157 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]3158 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3159 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
3160 !TestSSL_SESSIONEncoding(kCustomSession) ||
3161 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3162 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3163 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3164 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]3165 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3166 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
3167 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
3168 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
3169 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
3170 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
3171 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
3172 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
3173 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
3174 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3175 // Test the padding extension at TLS 1.2.
3176 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3177 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3178 // will be no PSK binder after the padding extension.
3179 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3180 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3181 // will be a PSK binder after the padding extension.
3182 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3183 !TestInternalSessionCache() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3184 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3185 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3186 !ForEachVersion(TestGetPeerCertificate) ||
3187 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3188 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3189 !ForEachVersion(TestSessionIDContext) ||
3190 !ForEachVersion(TestSessionTimeout) ||
3191 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3192 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3193 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3194 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3195 !ForEachVersion(TestAutoChain) ||
3196 !ForEachVersion(TestSSLWriteRetry)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3197 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3198 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3199}