Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 46db7af2c998cf8514d606408546d9be9699f03c / . / ssl / ssl_test.cc
blob: e12c613fb1475156297eb5e6e300f8f515cdfb06 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]62};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]63
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]64struct CurveTest {
65 // The rule string to apply.
66 const char *rule;
67 // The list of expected curves, in order.
68 std::vector<uint16_t> expected;
69};
70
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]71static const CipherTest kCipherTests[] = {
72 // Selecting individual ciphers should work.
73 {
74 "ECDHE-ECDSA-CHACHA20-POLY1305:"
75 "ECDHE-RSA-CHACHA20-POLY1305:"
76 "ECDHE-ECDSA-AES128-GCM-SHA256:"
77 "ECDHE-RSA-AES128-GCM-SHA256",
78 {
79 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]80 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]94 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
95 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]96 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
97 },
98 },
99 // ! banishes ciphers from future selections.
100 {
101 "!aRSA:"
102 "ECDHE-ECDSA-CHACHA20-POLY1305:"
103 "ECDHE-RSA-CHACHA20-POLY1305:"
104 "ECDHE-ECDSA-AES128-GCM-SHA256:"
105 "ECDHE-RSA-AES128-GCM-SHA256",
106 {
107 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]108 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
109 },
110 },
111 // Multiple masks can be ANDed in a single rule.
112 {
113 "kRSA+AESGCM+AES128",
114 {
115 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
116 },
117 },
118 // - removes selected ciphers, but preserves their order for future
119 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
120 // ECDHE_RSA.
121 {
122 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
123 "AESGCM+AES128+aRSA",
124 {
125 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
126 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
127 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
128 },
129 },
130 // Unknown selectors are no-ops.
131 {
132 "ECDHE-ECDSA-CHACHA20-POLY1305:"
133 "ECDHE-RSA-CHACHA20-POLY1305:"
134 "ECDHE-ECDSA-AES128-GCM-SHA256:"
135 "ECDHE-RSA-AES128-GCM-SHA256:"
136 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
137 {
138 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]139 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]140 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
141 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
142 },
143 },
144 // Square brackets specify equi-preference groups.
145 {
146 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
147 "[ECDHE-RSA-CHACHA20-POLY1305]:"
148 "ECDHE-RSA-AES128-GCM-SHA256",
149 {
150 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]151 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]152 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]153 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
154 },
155 },
156 // @STRENGTH performs a stable strength-sort of the selected ciphers and
157 // only the selected ciphers.
158 {
159 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]160 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
162 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]163 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]164 // Select ECDHE ones and sort them by strength. Ties should resolve
165 // based on the order above.
166 "kECDHE:@STRENGTH:-ALL:"
167 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
168 // by strength. Then RSA, backwards by strength.
169 "aRSA",
170 {
171 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
172 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]173 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
175 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
176 },
177 },
178 // Exact ciphers may not be used in multi-part rules; they are treated
179 // as unknown aliases.
180 {
181 "ECDHE-ECDSA-AES128-GCM-SHA256:"
182 "ECDHE-RSA-AES128-GCM-SHA256:"
183 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
184 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
185 {
186 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
187 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
188 },
189 },
190 // SSLv3 matches everything that existed before TLS 1.2.
191 {
192 "AES128-SHA:AES128-SHA256:!SSLv3",
193 {
194 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
195 },
196 },
197 // TLSv1.2 matches everything added in TLS 1.2.
198 {
199 "AES128-SHA:AES128-SHA256:!TLSv1.2",
200 {
201 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
202 },
203 },
204 // The two directives have no intersection.
205 {
206 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
207 {
208 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
209 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
210 },
211 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]212};
213
214static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]215 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]216 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
217 "RSA]",
218 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]219 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]220 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]221 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]222 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]223 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]224 "",
225 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]226 // COMPLEMENTOFDEFAULT is empty.
227 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]228 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]229 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]230 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]231 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
232 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
233 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
234 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]235 // Opcode supplied, but missing selector.
236 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]237};
238
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]239static const char *kMustNotIncludeNull[] = {
240 "ALL",
241 "DEFAULT",
242 "ALL:!eNULL",
243 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]244 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]245 "FIPS",
246 "SHA",
247 "SHA1",
248 "RSA",
249 "SSLv3",
250 "TLSv1",
251 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]252};
253
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]254static const CurveTest kCurveTests[] = {
255 {
256 "P-256",
257 { SSL_CURVE_SECP256R1 },
258 },
259 {
260 "P-256:P-384:P-521:X25519",
261 {
262 SSL_CURVE_SECP256R1,
263 SSL_CURVE_SECP384R1,
264 SSL_CURVE_SECP521R1,
265 SSL_CURVE_X25519,
266 },
267 },
268};
269
270static const char *kBadCurvesLists[] = {
271 "",
272 ":",
273 "::",
274 "P-256::X25519",
275 "RSA:P-256",
276 "P-256:RSA",
277 "X25519:P-256:",
278 ":X25519:P-256",
279};
280
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]281static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
282 bool in_group = false;
283 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]284 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
285 if (!in_group && list->in_group_flags[i]) {
286 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]287 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]288 }
289 fprintf(stderr, "\t");
290 if (in_group) {
291 fprintf(stderr, " ");
292 }
293 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
294 if (in_group && !list->in_group_flags[i]) {
295 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]296 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]297 }
298 }
299}
300
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]301static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]302 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]303 if (!ctx) {
304 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]305 }
306
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]307 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
308 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]309 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]310 }
311
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]312 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]313 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
314 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
315 PrintCipherPreferenceList(ctx->cipher_list);
316 return false;
317 }
318
319 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]320 const SSL_CIPHER *cipher =
321 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]322 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
323 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
324 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]325 PrintCipherPreferenceList(ctx->cipher_list);
326 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]327 }
328 }
329
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]330 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331}
332
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]333static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]334 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]335 if (!ctx) {
336 return false;
337 }
338 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
339 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
340 return false;
341 }
342 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
343 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
344 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
345 return false;
346 }
347 }
348 return true;
349}
350
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]351static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]352 for (const CipherTest &test : kCipherTests) {
353 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]354 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]355 }
356 }
357
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]358 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]359 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]360 if (!ctx) {
361 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]362 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]363 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
364 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]365 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]366 }
367 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]368 }
369
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]370 for (const char *rule : kMustNotIncludeNull) {
371 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]372 return false;
373 }
374 }
375
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]376 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]377}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]378
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]379static bool TestCurveRule(const CurveTest &t) {
380 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
381 if (!ctx) {
382 return false;
383 }
384
385 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
386 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
387 return false;
388 }
389
390 // Compare the two lists.
391 if (ctx->supported_group_list_len != t.expected.size()) {
392 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
393 return false;
394 }
395
396 for (size_t i = 0; i < t.expected.size(); i++) {
397 if (t.expected[i] != ctx->supported_group_list[i]) {
398 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
399 return false;
400 }
401 }
402
403 return true;
404}
405
406static bool TestCurveRules() {
407 for (const CurveTest &test : kCurveTests) {
408 if (!TestCurveRule(test)) {
409 return false;
410 }
411 }
412
413 for (const char *rule : kBadCurvesLists) {
414 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
415 if (!ctx) {
416 return false;
417 }
418 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
419 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
420 return false;
421 }
422 ERR_clear_error();
423 }
424
425 return true;
426}
427
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]428// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]429static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]430 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]431 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
432 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
433 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
434 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
435 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
436 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
437 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
438 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
439 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
440 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
441 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
442 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
443 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
444 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
445 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
446 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
447 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
448 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
449 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
450 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
451 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
452 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
453 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
454 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
455 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
456 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
457 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
458 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
459 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]460 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]461
462// kCustomSession is a custom serialized SSL_SESSION generated by
463// filling in missing fields from |kOpenSSLSession|. This includes
464// providing |peer_sha256|, so |peer| is not serialized.
465static const char kCustomSession[] =
466 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
467 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
468 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
469 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
470 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
471 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
472 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
473 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
474
475// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
476static const char kBoringSSLSession[] =
477 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
478 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
479 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
480 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
481 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
482 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
483 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
484 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
485 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
486 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
487 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
488 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
489 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
490 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
491 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
492 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
493 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
494 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
495 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
496 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
497 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
498 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
499 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
500 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
501 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
502 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
503 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
504 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
505 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
506 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
507 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
508 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
509 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
510 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
511 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
512 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
513 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
514 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
515 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
516 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
517 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
518 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
519 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
520 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
521 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
522 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
523 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
524 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
525 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
526 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
527 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
528 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
529 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
530 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
531 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
532 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
533 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
534 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
535 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
536 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
537 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
538 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
539 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
540 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
541 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
542 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
543 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
544 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
545 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
546 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
547 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
548 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
549 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
550 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
551 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
552 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
553 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
554 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
555 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
556 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
557 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
558 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
559 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
560 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
561 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
562 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
563 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
564 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
565 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
566 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
567 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
568 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
569 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
570 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
571 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
572
573// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
574// the final (optional) element of |kCustomSession| with tag number 30.
575static const char kBadSessionExtraField[] =
576 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
577 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
578 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
579 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
580 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
581 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
582 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
583 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
584
585// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
586// the version of |kCustomSession| with 2.
587static const char kBadSessionVersion[] =
588 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
589 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
590 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
591 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
592 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
593 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
594 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
595 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
596
597// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
598// appended.
599static const char kBadSessionTrailingData[] =
600 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
601 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
602 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
603 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
604 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
605 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
606 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
607 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
608
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]609static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]610 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]611 if (!EVP_DecodedLength(&len, strlen(in))) {
612 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]613 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]614 }
615
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]616 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]617 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]618 strlen(in))) {
619 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]620 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]621 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]622 out->resize(len);
623 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]624}
625
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]626static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]627 const uint8_t *cptr;
628 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]629
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]630 // Decode the input.
631 std::vector<uint8_t> input;
632 if (!DecodeBase64(&input, input_b64)) {
633 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]634 }
635
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]636 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame^]637 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
638 if (!ssl_ctx) {
639 return false;
640 }
641 bssl::UniquePtr<SSL_SESSION> session(
642 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]643 if (!session) {
644 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]645 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]646 }
647
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]648 // Verify the SSL_SESSION encoding round-trips.
649 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]650 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]651 uint8_t *encoded_raw;
652 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]653 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]654 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]655 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]656 encoded.reset(encoded_raw);
657 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]658 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]659 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]660 hexdump(stderr, "Before: ", input.data(), input.size());
661 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]662 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]663 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]664
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]665 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]666 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]667 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]668 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]669 fprintf(stderr, "d2i_SSL_SESSION failed\n");
670 return false;
671 }
672
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]673 // Verify the SSL_SESSION encoding round-trips via the legacy API.
674 int len = i2d_SSL_SESSION(session.get(), NULL);
675 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]676 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]677 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]678 }
679
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]680 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
681 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]683 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]684 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685
686 ptr = encoded.get();
687 len = i2d_SSL_SESSION(session.get(), &ptr);
688 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]689 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]690 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]691 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]693 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]695 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]696 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]697 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 }
700
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]701 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]702}
703
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]704static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
705 std::vector<uint8_t> input;
706 if (!DecodeBase64(&input, input_b64)) {
707 return false;
708 }
709
710 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame^]711 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
712 if (!ssl_ctx) {
713 return false;
714 }
715 bssl::UniquePtr<SSL_SESSION> session(
716 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]717 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]718 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]719 return false;
720 }
721 ERR_clear_error();
722 return true;
723}
724
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]725static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]726 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]727 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]728 if (!ctx) {
729 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]730 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]731 if (ctx->min_version != min_version || ctx->max_version != max_version) {
732 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
733 ctx->min_version, ctx->max_version, min_version, max_version);
734 return false;
735 }
736 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]737}
738
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]740 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
741 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]742 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]743 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]744 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]745 if (!rfc_name) {
746 return false;
747 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]748 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]749 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]750}
751
752typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]753 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]754 const char *rfc_name;
755} CIPHER_RFC_NAME_TEST;
756
757static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]758 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
759 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
760 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
761 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
762 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
763 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
764 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
765 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
766 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
767 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
768 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
769 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
770 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
771 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
772 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
773 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
774 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
775 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
776 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
777 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
778 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
779 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]780};
781
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]782static bool TestCipherGetRFCName(void) {
783 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]784 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]785 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]786 std::string rfc_name;
787 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
788 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
789 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]790 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]791 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]792 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]793 rfc_name.c_str(), test->rfc_name);
794 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]795 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]796 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]797 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]798}
799
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]800// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
801// version and ticket length or nullptr on failure.
802static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
803 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]804 std::vector<uint8_t> der;
805 if (!DecodeBase64(&der, kOpenSSLSession)) {
806 return nullptr;
807 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame^]808
809 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
810 if (!ssl_ctx) {
811 return nullptr;
812 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]813 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame^]814 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]815 if (!session) {
816 return nullptr;
817 }
818
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]819 session->ssl_version = version;
820
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]821 // Swap out the ticket for a garbage one.
822 OPENSSL_free(session->tlsext_tick);
823 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
824 if (session->tlsext_tick == nullptr) {
825 return nullptr;
826 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]827 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]828 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]829
830 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]831#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
832 session->time = 1234;
833#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]834 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]835#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]836 return session;
837}
838
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]839static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]840 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]841 if (!bio) {
842 return false;
843 }
844 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]845 BIO_up_ref(bio.get());
846 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]847 int ret = SSL_connect(ssl);
848 if (ret > 0) {
849 // SSL_connect should fail without a BIO to write to.
850 return false;
851 }
852 ERR_clear_error();
853
854 const uint8_t *client_hello;
855 size_t client_hello_len;
856 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
857 return false;
858 }
859 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
860 return true;
861}
862
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]863// GetClientHelloLen creates a client SSL connection with the specified version
864// and ticket length. It returns the length of the ClientHello, not including
865// the record header, on success and zero on error.
866static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
867 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]868 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]869 bssl::UniquePtr<SSL_SESSION> session =
870 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]871 if (!ctx || !session) {
872 return 0;
873 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]874
875 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]876 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]877 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]878 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
879 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]880 return 0;
881 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]882
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]883 std::vector<uint8_t> client_hello;
884 if (!GetClientHello(ssl.get(), &client_hello) ||
885 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]886 return 0;
887 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]888
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]889 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]890}
891
892struct PaddingTest {
893 size_t input_len, padded_len;
894};
895
896static const PaddingTest kPaddingTests[] = {
897 // ClientHellos of length below 0x100 do not require padding.
898 {0xfe, 0xfe},
899 {0xff, 0xff},
900 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
901 {0x100, 0x200},
902 {0x123, 0x200},
903 {0x1fb, 0x200},
904 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
905 // padding extension takes a minimum of four bytes plus one required content
906 // byte. (To work around yet more server bugs, we avoid empty final
907 // extensions.)
908 {0x1fc, 0x201},
909 {0x1fd, 0x202},
910 {0x1fe, 0x203},
911 {0x1ff, 0x204},
912 // Finally, larger ClientHellos need no padding.
913 {0x200, 0x200},
914 {0x201, 0x201},
915};
916
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]917static bool TestPaddingExtension(uint16_t max_version,
918 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]919 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]920 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]921 if (base_len == 0) {
922 return false;
923 }
924
925 for (const PaddingTest &test : kPaddingTests) {
926 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]927 fprintf(stderr,
928 "Baseline ClientHello too long (max_version = %04x, "
929 "session_version = %04x).\n",
930 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]931 return false;
932 }
933
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]934 size_t padded_len = GetClientHelloLen(max_version, session_version,
935 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]936 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]937 fprintf(stderr,
938 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
939 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]940 static_cast<unsigned>(test.input_len),
941 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]942 static_cast<unsigned>(test.padded_len), max_version,
943 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]944 return false;
945 }
946 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]947
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]948 return true;
949}
950
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]951// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
952// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]953TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]954 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]955 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]956 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]957 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]958
959 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]960 ASSERT_TRUE(stack);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]961 // |SSL_set_client_CA_list| takes ownership.
962 SSL_set_client_CA_list(ssl.get(), stack);
963
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]964 EXPECT_EQ(stack, SSL_get_client_CA_list(ssl.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]965}
966
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]967static void AppendSession(SSL_SESSION *session, void *arg) {
968 std::vector<SSL_SESSION*> *out =
969 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
970 out->push_back(session);
971}
972
973// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
974// order.
975static bool ExpectCache(SSL_CTX *ctx,
976 const std::vector<SSL_SESSION*> &expected) {
977 // Check the linked list.
978 SSL_SESSION *ptr = ctx->session_cache_head;
979 for (SSL_SESSION *session : expected) {
980 if (ptr != session) {
981 return false;
982 }
983 // TODO(davidben): This is an absurd way to denote the end of the list.
984 if (ptr->next ==
985 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
986 ptr = nullptr;
987 } else {
988 ptr = ptr->next;
989 }
990 }
991 if (ptr != nullptr) {
992 return false;
993 }
994
995 // Check the hash table.
996 std::vector<SSL_SESSION*> actual, expected_copy;
997 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
998 expected_copy = expected;
999
1000 std::sort(actual.begin(), actual.end());
1001 std::sort(expected_copy.begin(), expected_copy.end());
1002
1003 return actual == expected_copy;
1004}
1005
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1006static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame^]1007 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1008 if (!ssl_ctx) {
1009 return nullptr;
1010 }
1011 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1012 if (!ret) {
1013 return nullptr;
1014 }
1015
1016 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1017 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1018 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1019 return ret;
1020}
1021
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1022// Test that the internal session cache behaves as expected.
1023static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1024 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1025 if (!ctx) {
1026 return false;
1027 }
1028
1029 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1030 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1031 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1032 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1033 if (!session) {
1034 return false;
1035 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1036 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1037 }
1038
1039 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1040
1041 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1042 for (const auto &session : sessions) {
1043 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1044 return false;
1045 }
1046 }
1047
1048 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1049 std::vector<SSL_SESSION*> expected = {
1050 sessions[9].get(),
1051 sessions[8].get(),
1052 sessions[7].get(),
1053 sessions[6].get(),
1054 sessions[5].get(),
1055 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1056 if (!ExpectCache(ctx.get(), expected)) {
1057 return false;
1058 }
1059
1060 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1061 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1062 !ExpectCache(ctx.get(), expected)) {
1063 return false;
1064 }
1065
1066 // Although collisions should be impossible (256-bit session IDs), the cache
1067 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1068 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1069 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1070 return false;
1071 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1072 expected = {
1073 collision.get(),
1074 sessions[9].get(),
1075 sessions[8].get(),
1076 sessions[6].get(),
1077 sessions[5].get(),
1078 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1079 if (!ExpectCache(ctx.get(), expected)) {
1080 return false;
1081 }
1082
1083 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1084 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1085 return false;
1086 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1087 expected = {
1088 collision.get(),
1089 sessions[9].get(),
1090 sessions[8].get(),
1091 sessions[5].get(),
1092 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1093 if (!ExpectCache(ctx.get(), expected)) {
1094 return false;
1095 }
1096
1097 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1098 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1099 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1100 !ExpectCache(ctx.get(), expected)) {
1101 return false;
1102 }
1103
1104 return true;
1105}
1106
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1107static uint16_t EpochFromSequence(uint64_t seq) {
1108 return static_cast<uint16_t>(seq >> 48);
1109}
1110
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1111static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1112 static const char kCertPEM[] =
1113 "-----BEGIN CERTIFICATE-----\n"
1114 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1115 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1116 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1117 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1118 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1119 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1120 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1121 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1122 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1123 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1124 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1125 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1126 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1127 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1128 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1129 return bssl::UniquePtr<X509>(
1130 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1131}
1132
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1133static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1134 static const char kKeyPEM[] =
1135 "-----BEGIN RSA PRIVATE KEY-----\n"
1136 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1137 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1138 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1139 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1140 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1141 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1142 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1143 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1144 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1145 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1146 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1147 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1148 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1149 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1150 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1151 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1152 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1153}
1154
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1155static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1156 static const char kCertPEM[] =
1157 "-----BEGIN CERTIFICATE-----\n"
1158 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1159 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1160 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1161 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1162 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1163 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1164 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1165 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1166 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1167 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1168 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1169 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1170 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1171}
1172
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1173static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1174 static const char kKeyPEM[] =
1175 "-----BEGIN PRIVATE KEY-----\n"
1176 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1177 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1178 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1179 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1180 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1181 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1182 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1183}
1184
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1185static bssl::UniquePtr<X509> GetChainTestCertificate() {
1186 static const char kCertPEM[] =
1187 "-----BEGIN CERTIFICATE-----\n"
1188 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1189 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1190 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1191 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1192 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1193 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1194 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1195 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1196 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1197 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1198 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1199 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1200 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1201 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1202 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1203 "1ngWZ7Ih\n"
1204 "-----END CERTIFICATE-----\n";
1205 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1206 return bssl::UniquePtr<X509>(
1207 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1208}
1209
1210static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1211 static const char kCertPEM[] =
1212 "-----BEGIN CERTIFICATE-----\n"
1213 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1214 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1215 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1216 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1217 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1218 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1219 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1220 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1221 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1222 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1223 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1224 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1225 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1226 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1227 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1228 "-----END CERTIFICATE-----\n";
1229 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1230 return bssl::UniquePtr<X509>(
1231 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1232}
1233
1234static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1235 static const char kKeyPEM[] =
1236 "-----BEGIN PRIVATE KEY-----\n"
1237 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1238 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1239 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1240 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1241 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1242 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1243 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1244 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1245 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1246 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1247 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1248 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1249 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1250 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1251 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1252 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1253 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1254 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1255 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1256 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1257 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1258 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1259 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1260 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1261 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1262 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1263 "-----END PRIVATE KEY-----\n";
1264 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1265 return bssl::UniquePtr<EVP_PKEY>(
1266 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1267}
1268
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1269static bool CompleteHandshakes(SSL *client, SSL *server) {
1270 // Drive both their handshakes to completion.
1271 for (;;) {
1272 int client_ret = SSL_do_handshake(client);
1273 int client_err = SSL_get_error(client, client_ret);
1274 if (client_err != SSL_ERROR_NONE &&
1275 client_err != SSL_ERROR_WANT_READ &&
1276 client_err != SSL_ERROR_WANT_WRITE) {
1277 fprintf(stderr, "Client error: %d\n", client_err);
1278 return false;
1279 }
1280
1281 int server_ret = SSL_do_handshake(server);
1282 int server_err = SSL_get_error(server, server_ret);
1283 if (server_err != SSL_ERROR_NONE &&
1284 server_err != SSL_ERROR_WANT_READ &&
1285 server_err != SSL_ERROR_WANT_WRITE) {
1286 fprintf(stderr, "Server error: %d\n", server_err);
1287 return false;
1288 }
1289
1290 if (client_ret == 1 && server_ret == 1) {
1291 break;
1292 }
1293 }
1294
1295 return true;
1296}
1297
1298static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1299 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1300 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1301 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1302 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1303 if (!client || !server) {
1304 return false;
1305 }
1306 SSL_set_connect_state(client.get());
1307 SSL_set_accept_state(server.get());
1308
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1309 SSL_set_session(client.get(), session);
1310
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1311 BIO *bio1, *bio2;
1312 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1313 return false;
1314 }
1315 // SSL_set_bio takes ownership.
1316 SSL_set_bio(client.get(), bio1, bio1);
1317 SSL_set_bio(server.get(), bio2, bio2);
1318
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1319 if (!CompleteHandshakes(client.get(), server.get())) {
1320 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1321 }
1322
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1323 *out_client = std::move(client);
1324 *out_server = std::move(server);
1325 return true;
1326}
1327
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1328static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1329 uint16_t version) {
1330 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1331 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1332 if (!server_ctx || !client_ctx ||
1333 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1334 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1335 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1336 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1337 return false;
1338 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1339
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1340 bssl::UniquePtr<X509> cert = GetTestCertificate();
1341 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1342 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1343 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1344 return false;
1345 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1346
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1347 bssl::UniquePtr<SSL> client, server;
1348 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1349 server_ctx.get(), nullptr /* no session */)) {
1350 return false;
1351 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1352
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1353 // Drain any post-handshake messages to ensure there are no unread records
1354 // on either end.
1355 uint8_t byte = 0;
1356 if (SSL_read(client.get(), &byte, 1) > 0 ||
1357 SSL_read(server.get(), &byte, 1) > 0) {
1358 fprintf(stderr, "Received unexpected data.\n");
1359 return false;
1360 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1361
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1362 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1363 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1364 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1365 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1366
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1367 if (is_dtls) {
1368 // Both client and server must be at epoch 1.
1369 if (EpochFromSequence(client_read_seq) != 1 ||
1370 EpochFromSequence(client_write_seq) != 1 ||
1371 EpochFromSequence(server_read_seq) != 1 ||
1372 EpochFromSequence(server_write_seq) != 1) {
1373 fprintf(stderr, "Bad epochs.\n");
1374 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1375 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1376
1377 // The next record to be written should exceed the largest received.
1378 if (client_write_seq <= server_read_seq ||
1379 server_write_seq <= client_read_seq) {
1380 fprintf(stderr, "Inconsistent sequence numbers.\n");
1381 return false;
1382 }
1383 } else {
1384 // The next record to be written should equal the next to be received.
1385 if (client_write_seq != server_read_seq ||
1386 server_write_seq != client_read_seq) {
1387 fprintf(stderr, "Inconsistent sequence numbers.\n");
1388 return false;
1389 }
1390 }
1391
1392 // Send a record from client to server.
1393 if (SSL_write(client.get(), &byte, 1) != 1 ||
1394 SSL_read(server.get(), &byte, 1) != 1) {
1395 fprintf(stderr, "Could not send byte.\n");
1396 return false;
1397 }
1398
1399 // The client write and server read sequence numbers should have
1400 // incremented.
1401 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1402 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1403 fprintf(stderr, "Sequence numbers did not increment.\n");
1404 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1405 }
1406
1407 return true;
1408}
1409
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1410static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1411 uint16_t version) {
1412 // SSL_shutdown is a no-op in DTLS.
1413 if (is_dtls) {
1414 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1415 }
1416
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1417 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1418 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1419 bssl::UniquePtr<X509> cert = GetTestCertificate();
1420 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1421 if (!client_ctx || !server_ctx || !cert || !key ||
1422 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1423 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1424 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1425 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1426 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1427 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1428 return false;
1429 }
1430
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1431 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1432 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1433 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1434 return false;
1435 }
1436
1437 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1438 // one side has shut down.
1439 if (SSL_shutdown(client.get()) != 0) {
1440 fprintf(stderr, "Could not shutdown.\n");
1441 return false;
1442 }
1443
1444 // Reading from the server should consume the EOF.
1445 uint8_t byte;
1446 if (SSL_read(server.get(), &byte, 1) != 0 ||
1447 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1448 fprintf(stderr, "Connection was not shut down cleanly.\n");
1449 return false;
1450 }
1451
1452 // However, the server may continue to write data and then shut down the
1453 // connection.
1454 byte = 42;
1455 if (SSL_write(server.get(), &byte, 1) != 1 ||
1456 SSL_read(client.get(), &byte, 1) != 1 ||
1457 byte != 42) {
1458 fprintf(stderr, "Could not send byte.\n");
1459 return false;
1460 }
1461
1462 // The server may then shutdown the connection.
1463 if (SSL_shutdown(server.get()) != 1 ||
1464 SSL_shutdown(client.get()) != 1) {
1465 fprintf(stderr, "Could not complete shutdown.\n");
1466 return false;
1467 }
1468
1469 return true;
1470}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1471
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1472TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1473 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1474 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1475 ASSERT_TRUE(client_ctx);
1476 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1477
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1478 bssl::UniquePtr<X509> cert = GetTestCertificate();
1479 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1480 ASSERT_TRUE(cert);
1481 ASSERT_TRUE(key);
1482 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1483 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1484
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1485 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1486 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1487 server_ctx.get(),
1488 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1489
1490 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1491 bssl::UniquePtr<SSL_SESSION> session1(
1492 SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
1493 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1494
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1495 session1->not_resumable = 0;
1496
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1497 uint8_t *s0_bytes, *s1_bytes;
1498 size_t s0_len, s1_len;
1499
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1500 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1501 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1502
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1503 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1504 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1505
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1506 ASSERT_EQ(s0_len, s1_len);
1507 EXPECT_EQ(0, OPENSSL_memcmp(s0_bytes, s1_bytes, s0_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1508}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1509
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1510static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1511 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1512 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1513
1514 // The wrapper BIOs are always equal when fds are equal, even if set
1515 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1516 if (rfd == wfd) {
1517 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1518 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1519}
1520
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1521TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1522 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1523 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1524
1525 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1526 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1527 ASSERT_TRUE(ssl);
1528 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1529 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1530 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1531
1532 // Test setting the same FD.
1533 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1534 ASSERT_TRUE(ssl);
1535 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1536 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1537
1538 // Test setting the same FD one side at a time.
1539 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1540 ASSERT_TRUE(ssl);
1541 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1542 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1543 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1544
1545 // Test setting the same FD in the other order.
1546 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1547 ASSERT_TRUE(ssl);
1548 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1549 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1550 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1551
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1552 // Test changing the read FD partway through.
1553 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1554 ASSERT_TRUE(ssl);
1555 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1556 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1557 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1558
1559 // Test changing the write FD partway through.
1560 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1561 ASSERT_TRUE(ssl);
1562 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1563 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1564 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1565
1566 // Test a no-op change to the read FD partway through.
1567 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1568 ASSERT_TRUE(ssl);
1569 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1570 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1571 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1572
1573 // Test a no-op change to the write FD partway through.
1574 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1575 ASSERT_TRUE(ssl);
1576 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1577 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1578 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1579
1580 // ASan builds will implicitly test that the internal |BIO| reference-counting
1581 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1582}
1583
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1584TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1585 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1586 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1587
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1588 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1589 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1590 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1591 ASSERT_TRUE(ssl);
1592 ASSERT_TRUE(bio1);
1593 ASSERT_TRUE(bio2);
1594 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1595
1596 // SSL_set_bio takes one reference when the parameters are the same.
1597 BIO_up_ref(bio1.get());
1598 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1599
1600 // Repeating the call does nothing.
1601 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1602
1603 // It takes one reference each when the parameters are different.
1604 BIO_up_ref(bio2.get());
1605 BIO_up_ref(bio3.get());
1606 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1607
1608 // Repeating the call does nothing.
1609 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1610
1611 // It takes one reference when changing only wbio.
1612 BIO_up_ref(bio1.get());
1613 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1614
1615 // It takes one reference when changing only rbio and the two are different.
1616 BIO_up_ref(bio3.get());
1617 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1618
1619 // If setting wbio to rbio, it takes no additional references.
1620 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1621
1622 // From there, wbio may be switched to something else.
1623 BIO_up_ref(bio1.get());
1624 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1625
1626 // If setting rbio to wbio, it takes no additional references.
1627 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1628
1629 // From there, rbio may be switched to something else, but, for historical
1630 // reasons, it takes a reference to both parameters.
1631 BIO_up_ref(bio1.get());
1632 BIO_up_ref(bio2.get());
1633 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1634
1635 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1636 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1637}
1638
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1639static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1640
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1641static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1642 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1643 bssl::UniquePtr<X509> cert = GetTestCertificate();
1644 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1645 if (!cert || !key) {
1646 return false;
1647 }
1648
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1649 // Configure both client and server to accept any certificate.
1650 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1651 if (!ctx ||
1652 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1653 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1654 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1655 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1656 return false;
1657 }
1658 SSL_CTX_set_verify(
1659 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1660 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1661
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1662 bssl::UniquePtr<SSL> client, server;
1663 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1664 nullptr /* no session */)) {
1665 return false;
1666 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1667
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1668 // Client and server should both see the leaf certificate.
1669 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1670 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1671 fprintf(stderr, "Server peer certificate did not match.\n");
1672 return false;
1673 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1674
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1675 peer.reset(SSL_get_peer_certificate(client.get()));
1676 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1677 fprintf(stderr, "Client peer certificate did not match.\n");
1678 return false;
1679 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1680
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1681 // However, for historical reasons, the chain includes the leaf on the
1682 // client, but does not on the server.
1683 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1684 fprintf(stderr, "Client peer chain was incorrect.\n");
1685 return false;
1686 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1687
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1688 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1689 fprintf(stderr, "Server peer chain was incorrect.\n");
1690 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1691 }
1692
1693 return true;
1694}
1695
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1696static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1697 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1698 bssl::UniquePtr<X509> cert = GetTestCertificate();
1699 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1700 if (!cert || !key) {
1701 return false;
1702 }
1703
1704 uint8_t *cert_der = NULL;
1705 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1706 if (cert_der_len < 0) {
1707 return false;
1708 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1709 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1710
1711 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1712 SHA256(cert_der, cert_der_len, cert_sha256);
1713
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1714 // Configure both client and server to accept any certificate, but the
1715 // server must retain only the SHA-256 of the peer.
1716 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1717 if (!ctx ||
1718 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1719 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1720 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1721 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1722 return false;
1723 }
1724 SSL_CTX_set_verify(
1725 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1726 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1727 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1728
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1729 bssl::UniquePtr<SSL> client, server;
1730 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1731 nullptr /* no session */)) {
1732 return false;
1733 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1734
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1735 // The peer certificate has been dropped.
1736 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1737 if (peer) {
1738 fprintf(stderr, "Peer certificate was retained.\n");
1739 return false;
1740 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1741
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1742 SSL_SESSION *session = SSL_get_session(server.get());
1743 if (!session->peer_sha256_valid) {
1744 fprintf(stderr, "peer_sha256_valid was not set.\n");
1745 return false;
1746 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1747
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1748 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1749 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1750 fprintf(stderr, "peer_sha256 did not match.\n");
1751 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1752 }
1753
1754 return true;
1755}
1756
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1757static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1758 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1759 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1760 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1761 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1762 // Our default cipher list varies by CPU capabilities, so manually place
1763 // the ChaCha20 ciphers in front.
1764 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1765 return false;
1766 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1767
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1768 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1769 if (!ssl) {
1770 return false;
1771 }
1772 std::vector<uint8_t> client_hello;
1773 if (!GetClientHello(ssl.get(), &client_hello)) {
1774 return false;
1775 }
1776
1777 // Zero the client_random.
1778 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1779 1 + 3 + // handshake message header
1780 2; // client_version
1781 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1782 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1783 return false;
1784 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1785 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1786
1787 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1788 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1789 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1790 fprintf(stderr, "Got:\n\t");
1791 for (size_t i = 0; i < client_hello.size(); i++) {
1792 fprintf(stderr, "0x%02x, ", client_hello[i]);
1793 }
1794 fprintf(stderr, "\nWanted:\n\t");
1795 for (size_t i = 0; i < expected_len; i++) {
1796 fprintf(stderr, "0x%02x, ", expected[i]);
1797 }
1798 fprintf(stderr, "\n");
1799 return false;
1800 }
1801
1802 return true;
1803}
1804
1805// Tests that our ClientHellos do not change unexpectedly.
1806static bool TestClientHello() {
1807 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1808 0x16,
1809 0x03, 0x00,
1810 0x00, 0x3f,
1811 0x01,
1812 0x00, 0x00, 0x3b,
1813 0x03, 0x00,
1814 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1815 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1816 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1817 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1818 0x00,
1819 0x00, 0x14,
1820 0xc0, 0x09,
1821 0xc0, 0x13,
1822 0x00, 0x33,
1823 0xc0, 0x0a,
1824 0xc0, 0x14,
1825 0x00, 0x39,
1826 0x00, 0x2f,
1827 0x00, 0x35,
1828 0x00, 0x0a,
1829 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1830 };
1831 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1832 sizeof(kSSL3ClientHello))) {
1833 return false;
1834 }
1835
1836 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1837 0x16,
1838 0x03, 0x01,
1839 0x00, 0x5e,
1840 0x01,
1841 0x00, 0x00, 0x5a,
1842 0x03, 0x01,
1843 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1844 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1845 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1846 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1847 0x00,
1848 0x00, 0x12,
1849 0xc0, 0x09,
1850 0xc0, 0x13,
1851 0x00, 0x33,
1852 0xc0, 0x0a,
1853 0xc0, 0x14,
1854 0x00, 0x39,
1855 0x00, 0x2f,
1856 0x00, 0x35,
1857 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1858 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1859 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1860 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1861 };
1862 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1863 sizeof(kTLS1ClientHello))) {
1864 return false;
1865 }
1866
1867 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1868 0x16,
1869 0x03, 0x01,
1870 0x00, 0x5e,
1871 0x01,
1872 0x00, 0x00, 0x5a,
1873 0x03, 0x02,
1874 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1875 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1876 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1877 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1878 0x00,
1879 0x00, 0x12,
1880 0xc0, 0x09,
1881 0xc0, 0x13,
1882 0x00, 0x33,
1883 0xc0, 0x0a,
1884 0xc0, 0x14,
1885 0x00, 0x39,
1886 0x00, 0x2f,
1887 0x00, 0x35,
1888 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1889 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1890 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1891 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1892 };
1893 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1894 sizeof(kTLS11ClientHello))) {
1895 return false;
1896 }
1897
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1898 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1899 // builds.
1900#if defined(BORINGSSL_ANDROID_SYSTEM)
1901 return true;
1902#endif
1903
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1904 static const uint8_t kTLS12ClientHello[] = {
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1905 0x16, 0x03, 0x01, 0x00, 0x9a, 0x01, 0x00, 0x00, 0x96, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1906 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1907 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1908 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0xcc, 0xa9,
1909 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x2c, 0xc0, 0x30,
1910 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0x00, 0x33,
1911 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x28, 0x00, 0x39,
1912 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
1913 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
1914 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1915 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
1916 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
1917 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
1918 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1919 };
1920 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1921 sizeof(kTLS12ClientHello))) {
1922 return false;
1923 }
1924
1925 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1926 // implementation has settled enough that it won't change.
1927
1928 return true;
1929}
1930
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1931static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1932
1933static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1934 // Save the most recent session.
1935 g_last_session.reset(session);
1936 return 1;
1937}
1938
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1939static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1940 SSL_CTX *server_ctx) {
1941 g_last_session = nullptr;
1942 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1943
1944 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1945 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1946 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1947 nullptr /* no session */)) {
1948 fprintf(stderr, "Failed to connect client and server.\n");
1949 return nullptr;
1950 }
1951
1952 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1953 SSL_read(client.get(), nullptr, 0);
1954
1955 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1956
1957 if (!g_last_session) {
1958 fprintf(stderr, "Client did not receive a session.\n");
1959 return nullptr;
1960 }
1961 return std::move(g_last_session);
1962}
1963
1964static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1965 SSL_SESSION *session,
1966 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1967 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1968 if (!ConnectClientAndServer(&client, &server, client_ctx,
1969 server_ctx, session)) {
1970 fprintf(stderr, "Failed to connect client and server.\n");
1971 return false;
1972 }
1973
1974 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1975 fprintf(stderr, "Client and server were inconsistent.\n");
1976 return false;
1977 }
1978
1979 bool was_reused = !!SSL_session_reused(client.get());
1980 if (was_reused != reused) {
1981 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1982 was_reused ? "" : " not");
1983 return false;
1984 }
1985
1986 return true;
1987}
1988
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]1989static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
1990 SSL_CTX *server_ctx,
1991 SSL_SESSION *session) {
1992 g_last_session = nullptr;
1993 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1994
1995 bssl::UniquePtr<SSL> client, server;
1996 if (!ConnectClientAndServer(&client, &server, client_ctx,
1997 server_ctx, session)) {
1998 fprintf(stderr, "Failed to connect client and server.\n");
1999 return nullptr;
2000 }
2001
2002 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2003 fprintf(stderr, "Client and server were inconsistent.\n");
2004 return nullptr;
2005 }
2006
2007 if (!SSL_session_reused(client.get())) {
2008 fprintf(stderr, "Session was not reused.\n");
2009 return nullptr;
2010 }
2011
2012 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2013 SSL_read(client.get(), nullptr, 0);
2014
2015 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2016
2017 if (!g_last_session) {
2018 fprintf(stderr, "Client did not receive a renewed session.\n");
2019 return nullptr;
2020 }
2021 return std::move(g_last_session);
2022}
2023
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2024static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2025 static const uint8_t kContext[] = {3};
2026
2027 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2028 return SSL_TLSEXT_ERR_ALERT_FATAL;
2029 }
2030
2031 return SSL_TLSEXT_ERR_OK;
2032}
2033
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2034static int SwitchSessionIDContextEarly(const SSL_CLIENT_HELLO *client_hello) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2035 static const uint8_t kContext[] = {3};
2036
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2037 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2038 sizeof(kContext))) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2039 return -1;
2040 }
2041
2042 return 1;
2043}
2044
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2045static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2046 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2047 bssl::UniquePtr<X509> cert = GetTestCertificate();
2048 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2049 if (!cert || !key) {
2050 return false;
2051 }
2052
2053 static const uint8_t kContext1[] = {1};
2054 static const uint8_t kContext2[] = {2};
2055
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2056 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2057 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2058 if (!server_ctx || !client_ctx ||
2059 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2060 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2061 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2062 sizeof(kContext1)) ||
2063 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2064 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2065 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2066 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2067 return false;
2068 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2069
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2070 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2071 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2072
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2073 bssl::UniquePtr<SSL_SESSION> session =
2074 CreateClientSession(client_ctx.get(), server_ctx.get());
2075 if (!session) {
2076 fprintf(stderr, "Error getting session.\n");
2077 return false;
2078 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2079
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2080 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2081 true /* expect session reused */)) {
2082 fprintf(stderr, "Error resuming session.\n");
2083 return false;
2084 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2085
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2086 // Change the session ID context.
2087 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2088 sizeof(kContext2))) {
2089 return false;
2090 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2091
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2092 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2093 false /* expect session not reused */)) {
2094 fprintf(stderr, "Error connecting with a different context.\n");
2095 return false;
2096 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2097
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2098 // Change the session ID context back and install an SNI callback to switch
2099 // it.
2100 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2101 sizeof(kContext1))) {
2102 return false;
2103 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2104
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2105 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2106 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2107
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2108 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2109 false /* expect session not reused */)) {
2110 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2111 return false;
2112 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2113
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2114 // Switch the session ID context with the early callback instead.
2115 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2116 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2117 SwitchSessionIDContextEarly);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2118
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2119 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2120 false /* expect session not reused */)) {
2121 fprintf(stderr,
2122 "Error connecting with a context switch on early callback.\n");
2123 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2124 }
2125
2126 return true;
2127}
2128
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2129static timeval g_current_time;
2130
2131static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2132 *out_clock = g_current_time;
2133}
2134
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2135static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2136 out_clock->tv_sec = 1000;
2137 out_clock->tv_usec = 0;
2138}
2139
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2140static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2141 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2142 int encrypt) {
2143 static const uint8_t kZeros[16] = {0};
2144
2145 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2146 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2147 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2148 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2149 return 0;
2150 }
2151
2152 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2153 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2154 return -1;
2155 }
2156
2157 // Returning two from the callback in decrypt mode renews the
2158 // session in TLS 1.2 and below.
2159 return encrypt ? 1 : 2;
2160}
2161
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2162static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2163 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2164 return false;
2165 }
2166
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2167 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2168 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2169 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2170
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2171#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2172 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2173 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2174#else
2175 static const uint8_t kZeros[16] = {0};
2176 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2177 bssl::ScopedEVP_CIPHER_CTX ctx;
2178 int len1, len2;
2179 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2180 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2181 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2182 return false;
2183 }
2184
2185 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2186#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2187
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame^]2188 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2189 if (!ssl_ctx) {
2190 return false;
2191 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2192 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame^]2193 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2194 if (!server_session) {
2195 return false;
2196 }
2197
2198 *out = server_session->time;
2199 return true;
2200}
2201
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2202static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2203 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2204 bssl::UniquePtr<X509> cert = GetTestCertificate();
2205 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2206 if (!cert || !key) {
2207 return false;
2208 }
2209
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2210 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2211 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2212 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2213
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2214 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2215 // resumptions still perform ECDHE.
2216 const time_t timeout = version == TLS1_3_VERSION
2217 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2218 : SSL_DEFAULT_SESSION_TIMEOUT;
2219
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2220 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2221 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2222 if (!server_ctx || !client_ctx ||
2223 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2224 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2225 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2226 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2227 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2228 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2229 return false;
2230 }
2231
2232 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2233 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2234
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2235 // Both client and server must enforce session timeouts. We configure the
2236 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2237 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2238 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2239 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2240 } else {
2241 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2242 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2243 }
2244
2245 // Configure a ticket callback which renews tickets.
2246 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2247
2248 bssl::UniquePtr<SSL_SESSION> session =
2249 CreateClientSession(client_ctx.get(), server_ctx.get());
2250 if (!session) {
2251 fprintf(stderr, "Error getting session.\n");
2252 return false;
2253 }
2254
2255 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2256 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2257
2258 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2259 true /* expect session reused */)) {
2260 fprintf(stderr, "Error resuming session.\n");
2261 return false;
2262 }
2263
2264 // Advance the clock one more second.
2265 g_current_time.tv_sec++;
2266
2267 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2268 false /* expect session not reused */)) {
2269 fprintf(stderr, "Error resuming session.\n");
2270 return false;
2271 }
2272
2273 // Rewind the clock to before the session was minted.
2274 g_current_time.tv_sec = kStartTime - 1;
2275
2276 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2277 false /* expect session not reused */)) {
2278 fprintf(stderr, "Error resuming session.\n");
2279 return false;
2280 }
2281
2282 // SSL 3.0 cannot renew sessions.
2283 if (version == SSL3_VERSION) {
2284 continue;
2285 }
2286
2287 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2288 time_t new_start_time = kStartTime + timeout - 10;
2289 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2290 bssl::UniquePtr<SSL_SESSION> new_session =
2291 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2292 if (!new_session) {
2293 fprintf(stderr, "Error renewing session.\n");
2294 return false;
2295 }
2296
2297 // This new session is not the same object as before.
2298 if (session.get() == new_session.get()) {
2299 fprintf(stderr, "New and old sessions alias.\n");
2300 return false;
2301 }
2302
2303 // Check the sessions have timestamps measured from issuance.
2304 long session_time = 0;
2305 if (server_test) {
2306 if (!GetServerTicketTime(&session_time, new_session.get())) {
2307 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2308 return false;
2309 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2310 } else {
2311 session_time = new_session->time;
2312 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2313
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2314 if (session_time != g_current_time.tv_sec) {
2315 fprintf(stderr, "New session is not measured from issuance.\n");
2316 return false;
2317 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2318
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2319 if (version == TLS1_3_VERSION) {
2320 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2321 // lifetime TLS 1.3.
2322 g_current_time.tv_sec = new_start_time + timeout - 1;
2323 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2324 new_session.get(),
2325 true /* expect session reused */)) {
2326 fprintf(stderr, "Error resuming renewed session.\n");
2327 return false;
2328 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2329
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2330 // The new session expires after the new timeout.
2331 g_current_time.tv_sec = new_start_time + timeout + 1;
2332 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2333 new_session.get(),
2334 false /* expect session ot reused */)) {
2335 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2336 return false;
2337 }
2338
2339 // Renew the session until it begins just past the auth timeout.
2340 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2341 while (new_start_time < auth_end_time - 1000) {
2342 // Get as close as possible to target start time.
2343 new_start_time =
2344 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2345 g_current_time.tv_sec = new_start_time;
2346 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2347 new_session.get());
2348 if (!new_session) {
2349 fprintf(stderr, "Error renewing session.\n");
2350 return false;
2351 }
2352 }
2353
2354 // Now the session's lifetime is bound by the auth timeout.
2355 g_current_time.tv_sec = auth_end_time - 1;
2356 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2357 new_session.get(),
2358 true /* expect session reused */)) {
2359 fprintf(stderr, "Error resuming renewed session.\n");
2360 return false;
2361 }
2362
2363 g_current_time.tv_sec = auth_end_time + 1;
2364 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2365 new_session.get(),
2366 false /* expect session ot reused */)) {
2367 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2368 return false;
2369 }
2370 } else {
2371 // The new session is usable just before the old expiration.
2372 g_current_time.tv_sec = kStartTime + timeout - 1;
2373 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2374 new_session.get(),
2375 true /* expect session reused */)) {
2376 fprintf(stderr, "Error resuming renewed session.\n");
2377 return false;
2378 }
2379
2380 // Renewal does not extend the lifetime, so it is not usable beyond the
2381 // old expiration.
2382 g_current_time.tv_sec = kStartTime + timeout + 1;
2383 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2384 new_session.get(),
2385 false /* expect session not reused */)) {
2386 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2387 return false;
2388 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2389 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2390 }
2391
2392 return true;
2393}
2394
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2395static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2396 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2397 SSL_set_SSL_CTX(ssl, ctx);
2398 return SSL_TLSEXT_ERR_OK;
2399}
2400
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2401static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2402 uint16_t version) {
2403 // SSL 3.0 lacks extensions.
2404 if (version == SSL3_VERSION) {
2405 return true;
2406 }
2407
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2408 bssl::UniquePtr<X509> cert = GetTestCertificate();
2409 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2410 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2411 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2412 if (!cert || !key || !cert2 || !key2) {
2413 return false;
2414 }
2415
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2416 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2417 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2418
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2419 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2420 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2421 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2422 if (!server_ctx || !server_ctx2 || !client_ctx ||
2423 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2424 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2425 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2426 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2427 // Historically signing preferences would be lost in some cases with the
2428 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2429 // this doesn't happen when |version| is TLS 1.2, configure the private
2430 // key to only sign SHA-256.
2431 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2432 1) ||
2433 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2434 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2435 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2436 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2437 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2438 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2439 return false;
2440 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2441
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2442 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2443 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2444
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2445 bssl::UniquePtr<SSL> client, server;
2446 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2447 server_ctx.get(), nullptr)) {
2448 fprintf(stderr, "Handshake failed.\n");
2449 return false;
2450 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2451
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2452 // The client should have received |cert2|.
2453 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2454 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2455 fprintf(stderr, "Incorrect certificate received.\n");
2456 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2457 }
2458
2459 return true;
2460}
2461
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2462// Test that the early callback can swap the maximum version.
2463TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2464 bssl::UniquePtr<X509> cert = GetTestCertificate();
2465 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2466 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2467 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2468 ASSERT_TRUE(cert);
2469 ASSERT_TRUE(key);
2470 ASSERT_TRUE(server_ctx);
2471 ASSERT_TRUE(client_ctx);
2472 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2473 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2474 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2475 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2476
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2477 SSL_CTX_set_select_certificate_cb(
2478 server_ctx.get(), [](const SSL_CLIENT_HELLO *client_hello) -> int {
2479 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
2480 return -1;
2481 }
2482
2483 return 1;
2484 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2485
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2486 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2487 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2488 server_ctx.get(), nullptr));
2489 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2490}
2491
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2492TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2493 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2494 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2495
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2496 // Set valid TLS versions.
2497 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2498 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2499 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2500 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2501
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2502 // Invalid TLS versions are rejected.
2503 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2504 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2505 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2506 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2507 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2508 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2509
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2510 // Zero is the default version.
2511 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2512 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2513 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2514 EXPECT_EQ(SSL3_VERSION, ctx->min_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2515
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2516 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2517 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2518
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2519 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2520 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2521 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2522 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2523
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2524 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2525 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2526 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2527 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2528 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2529 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2530 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2531 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2532
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2533 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2534 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2535 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2536 EXPECT_EQ(TLS1_1_VERSION, ctx->min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2537}
2538
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2539static const char *GetVersionName(uint16_t version) {
2540 switch (version) {
2541 case SSL3_VERSION:
2542 return "SSLv3";
2543 case TLS1_VERSION:
2544 return "TLSv1";
2545 case TLS1_1_VERSION:
2546 return "TLSv1.1";
2547 case TLS1_2_VERSION:
2548 return "TLSv1.2";
2549 case TLS1_3_VERSION:
2550 return "TLSv1.3";
2551 case DTLS1_VERSION:
2552 return "DTLSv1";
2553 case DTLS1_2_VERSION:
2554 return "DTLSv1.2";
2555 default:
2556 return "???";
2557 }
2558}
2559
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2560static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2561 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2562 bssl::UniquePtr<X509> cert = GetTestCertificate();
2563 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2564 if (!cert || !key) {
2565 return false;
2566 }
2567
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2568 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2569 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2570 bssl::UniquePtr<SSL> client, server;
2571 if (!server_ctx || !client_ctx ||
2572 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2573 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2574 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2575 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2576 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2577 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2578 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2579 server_ctx.get(), nullptr /* no session */)) {
2580 fprintf(stderr, "Failed to connect.\n");
2581 return false;
2582 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2583
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2584 if (SSL_version(client.get()) != version ||
2585 SSL_version(server.get()) != version) {
2586 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2587 SSL_version(client.get()), SSL_version(server.get()), version);
2588 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2589 }
2590
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2591 // Test the version name is reported as expected.
2592 const char *version_name = GetVersionName(version);
2593 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2594 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2595 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2596 SSL_get_version(client.get()), SSL_get_version(server.get()),
2597 version_name);
2598 return false;
2599 }
2600
2601 // Test SSL_SESSION reports the same name.
2602 const char *client_name =
2603 SSL_SESSION_get_version(SSL_get_session(client.get()));
2604 const char *server_name =
2605 SSL_SESSION_get_version(SSL_get_session(server.get()));
2606 if (strcmp(version_name, client_name) != 0 ||
2607 strcmp(version_name, server_name) != 0) {
2608 fprintf(stderr,
2609 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2610 client_name, server_name, version_name);
2611 return false;
2612 }
2613
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2614 return true;
2615}
2616
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2617// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2618// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2619static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2620 uint16_t version) {
2621 // SSL 3.0 lacks extensions.
2622 if (version == SSL3_VERSION) {
2623 return true;
2624 }
2625
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2626 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2627
2628 bssl::UniquePtr<X509> cert = GetTestCertificate();
2629 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2630 if (!cert || !key) {
2631 return false;
2632 }
2633
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2634 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2635 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2636 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2637 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2638 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2639 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2640 0) {
2641 return false;
2642 }
2643
2644 // The ALPN callback does not fail the handshake on error, so have the
2645 // callback write a boolean.
2646 std::pair<uint16_t, bool> callback_state(version, false);
2647 SSL_CTX_set_alpn_select_cb(
2648 ctx.get(),
2649 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2650 unsigned in_len, void *arg) -> int {
2651 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2652 if (SSL_get_pending_cipher(ssl) != nullptr &&
2653 SSL_version(ssl) == state->first) {
2654 state->second = true;
2655 }
2656 return SSL_TLSEXT_ERR_NOACK;
2657 },
2658 &callback_state);
2659
2660 bssl::UniquePtr<SSL> client, server;
2661 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2662 nullptr /* no session */)) {
2663 return false;
2664 }
2665
2666 if (!callback_state.second) {
2667 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2668 return false;
2669 }
2670
2671 return true;
2672}
2673
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2674static bool TestSSLClearSessionResumption(bool is_dtls,
2675 const SSL_METHOD *method,
2676 uint16_t version) {
2677 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2678 // API pattern.
2679 if (version == TLS1_3_VERSION) {
2680 return true;
2681 }
2682
2683 bssl::UniquePtr<X509> cert = GetTestCertificate();
2684 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2685 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2686 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2687 if (!cert || !key || !server_ctx || !client_ctx ||
2688 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2689 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2690 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2691 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2692 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2693 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2694 return false;
2695 }
2696
2697 // Connect a client and a server.
2698 bssl::UniquePtr<SSL> client, server;
2699 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2700 server_ctx.get(), nullptr /* no session */)) {
2701 return false;
2702 }
2703
2704 if (SSL_session_reused(client.get()) ||
2705 SSL_session_reused(server.get())) {
2706 fprintf(stderr, "Session unexpectedly reused.\n");
2707 return false;
2708 }
2709
2710 // Reset everything.
2711 if (!SSL_clear(client.get()) ||
2712 !SSL_clear(server.get())) {
2713 fprintf(stderr, "SSL_clear failed.\n");
2714 return false;
2715 }
2716
2717 // Attempt to connect a second time.
2718 if (!CompleteHandshakes(client.get(), server.get())) {
2719 fprintf(stderr, "Could not reuse SSL objects.\n");
2720 return false;
2721 }
2722
2723 // |SSL_clear| should implicitly offer the previous session to the server.
2724 if (!SSL_session_reused(client.get()) ||
2725 !SSL_session_reused(server.get())) {
2726 fprintf(stderr, "Session was not reused in second try.\n");
2727 return false;
2728 }
2729
2730 return true;
2731}
2732
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2733static bool ChainsEqual(STACK_OF(X509) *chain,
2734 const std::vector<X509 *> &expected) {
2735 if (sk_X509_num(chain) != expected.size()) {
2736 return false;
2737 }
2738
2739 for (size_t i = 0; i < expected.size(); i++) {
2740 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2741 return false;
2742 }
2743 }
2744
2745 return true;
2746}
2747
2748static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2749 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2750 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2751 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2752 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2753 if (!cert || !intermediate || !key) {
2754 return false;
2755 }
2756
2757 // Configure both client and server to accept any certificate. Add
2758 // |intermediate| to the cert store.
2759 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2760 if (!ctx ||
2761 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2762 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2763 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2764 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2765 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2766 intermediate.get())) {
2767 return false;
2768 }
2769 SSL_CTX_set_verify(
2770 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2771 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2772
2773 // By default, the client and server should each only send the leaf.
2774 bssl::UniquePtr<SSL> client, server;
2775 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2776 nullptr /* no session */)) {
2777 return false;
2778 }
2779
2780 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2781 fprintf(stderr, "Client-received chain did not match.\n");
2782 return false;
2783 }
2784
2785 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2786 fprintf(stderr, "Server-received chain did not match.\n");
2787 return false;
2788 }
2789
2790 // If auto-chaining is enabled, then the intermediate is sent.
2791 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2792 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2793 nullptr /* no session */)) {
2794 return false;
2795 }
2796
2797 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2798 {cert.get(), intermediate.get()})) {
2799 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
2800 return false;
2801 }
2802
2803 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2804 {cert.get(), intermediate.get()})) {
2805 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
2806 return false;
2807 }
2808
2809 // Auto-chaining does not override explicitly-configured intermediates.
2810 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
2811 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2812 nullptr /* no session */)) {
2813 return false;
2814 }
2815
2816 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2817 {cert.get(), cert.get()})) {
2818 fprintf(stderr,
2819 "Client-received chain did not match (auto-chaining, explicit "
2820 "intermediate).\n");
2821 return false;
2822 }
2823
2824 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2825 {cert.get(), cert.get()})) {
2826 fprintf(stderr,
2827 "Server-received chain did not match (auto-chaining, explicit "
2828 "intermediate).\n");
2829 return false;
2830 }
2831
2832 return true;
2833}
2834
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2835static bool ExpectBadWriteRetry() {
2836 int err = ERR_get_error();
2837 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2838 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2839 char buf[ERR_ERROR_STRING_BUF_LEN];
2840 ERR_error_string_n(err, buf, sizeof(buf));
2841 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2842 return false;
2843 }
2844
2845 if (ERR_peek_error() != 0) {
2846 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2847 return false;
2848 }
2849
2850 return true;
2851}
2852
2853static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
2854 uint16_t version) {
2855 if (is_dtls) {
2856 return true;
2857 }
2858
2859 for (bool enable_partial_write : std::vector<bool>{false, true}) {
2860 // Connect a client and server.
2861 bssl::UniquePtr<X509> cert = GetTestCertificate();
2862 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2863 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2864 bssl::UniquePtr<SSL> client, server;
2865 if (!cert || !key || !ctx ||
2866 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2867 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2868 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2869 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2870 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2871 nullptr /* no session */)) {
2872 return false;
2873 }
2874
2875 if (enable_partial_write) {
2876 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
2877 }
2878
2879 // Write without reading until the buffer is full and we have an unfinished
2880 // write. Keep a count so we may reread it again later. "hello!" will be
2881 // written in two chunks, "hello" and "!".
2882 char data[] = "hello!";
2883 static const int kChunkLen = 5; // The length of "hello".
2884 unsigned count = 0;
2885 for (;;) {
2886 int ret = SSL_write(client.get(), data, kChunkLen);
2887 if (ret <= 0) {
2888 int err = SSL_get_error(client.get(), ret);
2889 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
2890 break;
2891 }
2892 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
2893 return false;
2894 }
2895
2896 if (ret != 5) {
2897 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
2898 return false;
2899 }
2900
2901 count++;
2902 }
2903
2904 // Retrying with the same parameters is legal.
2905 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
2906 SSL_ERROR_WANT_WRITE) {
2907 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2908 return false;
2909 }
2910
2911 // Retrying with the same buffer but shorter length is not legal.
2912 if (SSL_get_error(client.get(),
2913 SSL_write(client.get(), data, kChunkLen - 1)) !=
2914 SSL_ERROR_SSL ||
2915 !ExpectBadWriteRetry()) {
2916 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2917 return false;
2918 }
2919
2920 // Retrying with a different buffer pointer is not legal.
2921 char data2[] = "hello";
2922 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
2923 kChunkLen)) != SSL_ERROR_SSL ||
2924 !ExpectBadWriteRetry()) {
2925 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2926 return false;
2927 }
2928
2929 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
2930 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2931 if (SSL_get_error(client.get(),
2932 SSL_write(client.get(), data2, kChunkLen)) !=
2933 SSL_ERROR_WANT_WRITE) {
2934 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2935 return false;
2936 }
2937
2938 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
2939 if (SSL_get_error(client.get(),
2940 SSL_write(client.get(), data2, kChunkLen - 1)) !=
2941 SSL_ERROR_SSL ||
2942 !ExpectBadWriteRetry()) {
2943 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2944 return false;
2945 }
2946
2947 // Retrying with a larger buffer is legal.
2948 if (SSL_get_error(client.get(),
2949 SSL_write(client.get(), data, kChunkLen + 1)) !=
2950 SSL_ERROR_WANT_WRITE) {
2951 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2952 return false;
2953 }
2954
2955 // Drain the buffer.
2956 char buf[20];
2957 for (unsigned i = 0; i < count; i++) {
2958 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
2959 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
2960 fprintf(stderr, "Failed to read initial records.\n");
2961 return false;
2962 }
2963 }
2964
2965 // Now that there is space, a retry with a larger buffer should flush the
2966 // pending record, skip over that many bytes of input (on assumption they
2967 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
2968 // is set, this will complete in two steps.
2969 char data3[] = "_____!";
2970 if (enable_partial_write) {
2971 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
2972 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
2973 fprintf(stderr, "SSL_write retry failed.\n");
2974 return false;
2975 }
2976 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
2977 fprintf(stderr, "SSL_write retry failed.\n");
2978 return false;
2979 }
2980
2981 // Check the last write was correct. The data will be spread over two
2982 // records, so SSL_read returns twice.
2983 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
2984 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
2985 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
2986 buf[0] != '!') {
2987 fprintf(stderr, "Failed to read write retry.\n");
2988 return false;
2989 }
2990 }
2991
2992 return true;
2993}
2994
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2995static bool ForEachVersion(bool (*test_func)(bool is_dtls,
2996 const SSL_METHOD *method,
2997 uint16_t version)) {
2998 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]2999 SSL3_VERSION,
3000 TLS1_VERSION,
3001 TLS1_1_VERSION,
3002 TLS1_2_VERSION,
3003// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3004#if !defined(BORINGSSL_ANDROID_SYSTEM)
3005 TLS1_3_VERSION,
3006#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3007 };
3008
3009 static uint16_t kDTLSVersions[] = {
3010 DTLS1_VERSION, DTLS1_2_VERSION,
3011 };
3012
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3013 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3014 if (!test_func(false, TLS_method(), version)) {
3015 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3016 return false;
3017 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3018 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3019
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3020 for (uint16_t version : kDTLSVersions) {
3021 if (!test_func(true, DTLS_method(), version)) {
3022 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3023 return false;
3024 }
3025 }
3026
3027 return true;
3028}
3029
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3030TEST(SSLTest, AddChainCertHack) {
3031 // Ensure that we don't accidently break the hack that we have in place to
3032 // keep curl and serf happy when they use an |X509| even after transfering
3033 // ownership.
3034
3035 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3036 ASSERT_TRUE(ctx);
3037 X509 *cert = GetTestCertificate().release();
3038 ASSERT_TRUE(cert);
3039 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3040
3041 // This should not trigger a use-after-free.
3042 X509_cmp(cert, cert);
3043}
3044
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3045TEST(SSLTest, GetCertificate) {
3046 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3047 ASSERT_TRUE(ctx);
3048 bssl::UniquePtr<X509> cert = GetTestCertificate();
3049 ASSERT_TRUE(cert);
3050 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3051 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3052 ASSERT_TRUE(ssl);
3053
3054 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3055 ASSERT_TRUE(cert2);
3056 X509 *cert3 = SSL_get_certificate(ssl.get());
3057 ASSERT_TRUE(cert3);
3058
3059 // The old and new certificates must be identical.
3060 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3061 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3062
3063 uint8_t *der = nullptr;
3064 long der_len = i2d_X509(cert.get(), &der);
3065 ASSERT_LT(0, der_len);
3066 bssl::UniquePtr<uint8_t> free_der(der);
3067
3068 uint8_t *der2 = nullptr;
3069 long der2_len = i2d_X509(cert2, &der2);
3070 ASSERT_LT(0, der2_len);
3071 bssl::UniquePtr<uint8_t> free_der2(der2);
3072
3073 uint8_t *der3 = nullptr;
3074 long der3_len = i2d_X509(cert3, &der3);
3075 ASSERT_LT(0, der3_len);
3076 bssl::UniquePtr<uint8_t> free_der3(der3);
3077
3078 // They must also encode identically.
3079 ASSERT_EQ(der2_len, der_len);
3080 EXPECT_EQ(0, OPENSSL_memcmp(der, der2, static_cast<size_t>(der_len)));
3081 ASSERT_EQ(der3_len, der_len);
3082 EXPECT_EQ(0, OPENSSL_memcmp(der, der3, static_cast<size_t>(der_len)));
3083}
3084
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3085// TODO(davidben): Convert this file to GTest properly.
3086TEST(SSLTest, AllTests) {
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3087 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]3088 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3089 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
3090 !TestSSL_SESSIONEncoding(kCustomSession) ||
3091 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3092 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3093 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3094 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]3095 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3096 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
3097 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
3098 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
3099 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
3100 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
3101 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
3102 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
3103 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
3104 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3105 // Test the padding extension at TLS 1.2.
3106 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3107 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3108 // will be no PSK binder after the padding extension.
3109 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3110 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3111 // will be a PSK binder after the padding extension.
3112 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3113 !TestInternalSessionCache() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3114 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3115 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3116 !ForEachVersion(TestGetPeerCertificate) ||
3117 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3118 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3119 !ForEachVersion(TestSessionIDContext) ||
3120 !ForEachVersion(TestSessionTimeout) ||
3121 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3122 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3123 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3124 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3125 !ForEachVersion(TestAutoChain) ||
3126 !ForEachVersion(TestSSLWriteRetry)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3127 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3128 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3129}