Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 0fef3056eb7475d7a9382d068ae3a624045f5a77 / . / ssl / ssl_test.cc
blob: f0d4a18562b8a11cf3c02abf4e3f958b9b1289d4 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]24#include <openssl/base64.h>
25#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]26#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]27#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]28#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]29#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]30#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]31#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]32#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]33#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]34#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]35
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]36#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]37#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]38#include "../crypto/test/test_util.h"
39
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]40#if defined(OPENSSL_WINDOWS)
41/* Windows defines struct timeval in winsock2.h. */
42OPENSSL_MSVC_PRAGMA(warning(push, 3))
43#include <winsock2.h>
44OPENSSL_MSVC_PRAGMA(warning(pop))
45#else
46#include <sys/time.h>
47#endif
48
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]49
50struct ExpectedCipher {
51 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]52 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]53};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55struct CipherTest {
56 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]57 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]58 // The list of expected ciphers, in order.
59 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]60};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]61
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]62struct CurveTest {
63 // The rule string to apply.
64 const char *rule;
65 // The list of expected curves, in order.
66 std::vector<uint16_t> expected;
67};
68
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]69static const CipherTest kCipherTests[] = {
70 // Selecting individual ciphers should work.
71 {
72 "ECDHE-ECDSA-CHACHA20-POLY1305:"
73 "ECDHE-RSA-CHACHA20-POLY1305:"
74 "ECDHE-ECDSA-AES128-GCM-SHA256:"
75 "ECDHE-RSA-AES128-GCM-SHA256",
76 {
77 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
78 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
79 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
80 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
94 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
95 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
96 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
97 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
99 },
100 },
101 // ! banishes ciphers from future selections.
102 {
103 "!aRSA:"
104 "ECDHE-ECDSA-CHACHA20-POLY1305:"
105 "ECDHE-RSA-CHACHA20-POLY1305:"
106 "ECDHE-ECDSA-AES128-GCM-SHA256:"
107 "ECDHE-RSA-AES128-GCM-SHA256",
108 {
109 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
110 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
111 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
112 },
113 },
114 // Multiple masks can be ANDed in a single rule.
115 {
116 "kRSA+AESGCM+AES128",
117 {
118 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
119 },
120 },
121 // - removes selected ciphers, but preserves their order for future
122 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
123 // ECDHE_RSA.
124 {
125 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
126 "AESGCM+AES128+aRSA",
127 {
128 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
129 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
130 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
131 },
132 },
133 // Unknown selectors are no-ops.
134 {
135 "ECDHE-ECDSA-CHACHA20-POLY1305:"
136 "ECDHE-RSA-CHACHA20-POLY1305:"
137 "ECDHE-ECDSA-AES128-GCM-SHA256:"
138 "ECDHE-RSA-AES128-GCM-SHA256:"
139 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
140 {
141 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
142 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
143 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
144 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
145 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
146 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
147 },
148 },
149 // Square brackets specify equi-preference groups.
150 {
151 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
152 "[ECDHE-RSA-CHACHA20-POLY1305]:"
153 "ECDHE-RSA-AES128-GCM-SHA256",
154 {
155 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
156 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1},
157 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
158 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1},
159 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
160 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
161 },
162 },
163 // @STRENGTH performs a stable strength-sort of the selected ciphers and
164 // only the selected ciphers.
165 {
166 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]167 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]168 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
169 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]170 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]171 // Select ECDHE ones and sort them by strength. Ties should resolve
172 // based on the order above.
173 "kECDHE:@STRENGTH:-ALL:"
174 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
175 // by strength. Then RSA, backwards by strength.
176 "aRSA",
177 {
178 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
179 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
180 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]181 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]182 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
183 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
184 },
185 },
186 // Exact ciphers may not be used in multi-part rules; they are treated
187 // as unknown aliases.
188 {
189 "ECDHE-ECDSA-AES128-GCM-SHA256:"
190 "ECDHE-RSA-AES128-GCM-SHA256:"
191 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
192 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
193 {
194 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
195 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
196 },
197 },
198 // SSLv3 matches everything that existed before TLS 1.2.
199 {
200 "AES128-SHA:AES128-SHA256:!SSLv3",
201 {
202 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
203 },
204 },
205 // TLSv1.2 matches everything added in TLS 1.2.
206 {
207 "AES128-SHA:AES128-SHA256:!TLSv1.2",
208 {
209 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
210 },
211 },
212 // The two directives have no intersection.
213 {
214 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
215 {
216 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
217 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
218 },
219 },
220 // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher
221 // name and not an alias. It may not be used in a multipart rule. (That the
222 // shared name works is covered by the standard tests.)
223 {
224 "ECDHE-ECDSA-CHACHA20-POLY1305:"
225 "ECDHE-RSA-CHACHA20-POLY1305:"
226 "!ECDHE-RSA-CHACHA20-POLY1305+RSA:"
227 "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305",
228 {
229 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
230 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
231 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
232 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
233 },
234 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]235};
236
237static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]238 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]239 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
240 "RSA]",
241 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]242 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]243 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]244 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]245 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]246 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]247 "",
248 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]249 // COMPLEMENTOFDEFAULT is empty.
250 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]251 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]252 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]253 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]254 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
255 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
256 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
257 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]258 // Opcode supplied, but missing selector.
259 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]260};
261
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]262static const char *kMustNotIncludeNull[] = {
263 "ALL",
264 "DEFAULT",
265 "ALL:!eNULL",
266 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]267 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]268 "FIPS",
269 "SHA",
270 "SHA1",
271 "RSA",
272 "SSLv3",
273 "TLSv1",
274 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]275};
276
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]277static const char *kMustNotIncludeCECPQ1[] = {
278 "ALL",
279 "DEFAULT",
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]280 "HIGH",
281 "FIPS",
282 "SHA",
283 "SHA1",
284 "SHA256",
285 "SHA384",
286 "RSA",
287 "SSLv3",
288 "TLSv1",
289 "TLSv1.2",
290 "aRSA",
291 "RSA",
292 "aECDSA",
293 "ECDSA",
294 "AES",
295 "AES128",
296 "AES256",
297 "AESGCM",
298 "CHACHA20",
299};
300
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]301static const CurveTest kCurveTests[] = {
302 {
303 "P-256",
304 { SSL_CURVE_SECP256R1 },
305 },
306 {
307 "P-256:P-384:P-521:X25519",
308 {
309 SSL_CURVE_SECP256R1,
310 SSL_CURVE_SECP384R1,
311 SSL_CURVE_SECP521R1,
312 SSL_CURVE_X25519,
313 },
314 },
315};
316
317static const char *kBadCurvesLists[] = {
318 "",
319 ":",
320 "::",
321 "P-256::X25519",
322 "RSA:P-256",
323 "P-256:RSA",
324 "X25519:P-256:",
325 ":X25519:P-256",
326};
327
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]328static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
329 bool in_group = false;
330 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
332 if (!in_group && list->in_group_flags[i]) {
333 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]334 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]335 }
336 fprintf(stderr, "\t");
337 if (in_group) {
338 fprintf(stderr, " ");
339 }
340 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
341 if (in_group && !list->in_group_flags[i]) {
342 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]343 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]344 }
345 }
346}
347
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]348static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]349 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]350 if (!ctx) {
351 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]352 }
353
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]354 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
355 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]356 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]357 }
358
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]359 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]360 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
361 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
362 PrintCipherPreferenceList(ctx->cipher_list);
363 return false;
364 }
365
366 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]367 const SSL_CIPHER *cipher =
368 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]369 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
370 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
371 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]372 PrintCipherPreferenceList(ctx->cipher_list);
373 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]374 }
375 }
376
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]377 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]378}
379
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]380static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]381 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]382 if (!ctx) {
383 return false;
384 }
385 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
386 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
387 return false;
388 }
389 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
390 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
391 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
392 return false;
393 }
394 }
395 return true;
396}
397
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]398static bool TestRuleDoesNotIncludeCECPQ1(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]399 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]400 if (!ctx) {
401 return false;
402 }
403 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
404 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
405 return false;
406 }
407 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
408 if (SSL_CIPHER_is_CECPQ1(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
409 fprintf(stderr, "Error: cipher rule '%s' includes CECPQ1\n",rule);
410 return false;
411 }
412 }
413 return true;
414}
415
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]416static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]417 for (const CipherTest &test : kCipherTests) {
418 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]419 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]420 }
421 }
422
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]423 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]424 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]425 if (!ctx) {
426 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]427 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]428 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
429 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]430 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]431 }
432 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]433 }
434
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]435 for (const char *rule : kMustNotIncludeNull) {
436 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]437 return false;
438 }
439 }
440
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]441 for (const char *rule : kMustNotIncludeCECPQ1) {
442 if (!TestRuleDoesNotIncludeCECPQ1(rule)) {
443 return false;
444 }
445 }
446
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]447 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]448}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]449
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]450static bool TestCurveRule(const CurveTest &t) {
451 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
452 if (!ctx) {
453 return false;
454 }
455
456 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
457 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
458 return false;
459 }
460
461 // Compare the two lists.
462 if (ctx->supported_group_list_len != t.expected.size()) {
463 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
464 return false;
465 }
466
467 for (size_t i = 0; i < t.expected.size(); i++) {
468 if (t.expected[i] != ctx->supported_group_list[i]) {
469 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
470 return false;
471 }
472 }
473
474 return true;
475}
476
477static bool TestCurveRules() {
478 for (const CurveTest &test : kCurveTests) {
479 if (!TestCurveRule(test)) {
480 return false;
481 }
482 }
483
484 for (const char *rule : kBadCurvesLists) {
485 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
486 if (!ctx) {
487 return false;
488 }
489 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
490 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
491 return false;
492 }
493 ERR_clear_error();
494 }
495
496 return true;
497}
498
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]499// kOpenSSLSession is a serialized SSL_SESSION generated from openssl
500// s_client -sess_out.
501static const char kOpenSSLSession[] =
502 "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
503 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
504 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
505 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
506 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
507 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
508 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
509 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
510 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
511 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
512 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
513 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
514 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
515 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
516 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
517 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
518 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
519 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
520 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
521 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
522 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
523 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
524 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
525 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
526 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
527 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
528 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
529 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
530 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
531 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
532 "i4gv7Y5oliyn";
533
534// kCustomSession is a custom serialized SSL_SESSION generated by
535// filling in missing fields from |kOpenSSLSession|. This includes
536// providing |peer_sha256|, so |peer| is not serialized.
537static const char kCustomSession[] =
538 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
539 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
540 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
541 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
542 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
543 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
544 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
545 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
546
547// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
548static const char kBoringSSLSession[] =
549 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
550 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
551 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
552 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
553 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
554 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
555 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
556 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
557 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
558 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
559 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
560 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
561 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
562 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
563 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
564 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
565 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
566 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
567 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
568 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
569 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
570 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
571 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
572 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
573 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
574 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
575 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
576 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
577 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
578 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
579 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
580 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
581 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
582 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
583 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
584 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
585 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
586 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
587 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
588 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
589 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
590 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
591 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
592 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
593 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
594 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
595 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
596 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
597 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
598 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
599 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
600 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
601 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
602 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
603 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
604 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
605 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
606 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
607 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
608 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
609 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
610 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
611 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
612 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
613 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
614 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
615 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
616 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
617 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
618 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
619 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
620 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
621 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
622 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
623 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
624 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
625 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
626 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
627 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
628 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
629 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
630 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
631 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
632 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
633 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
634 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
635 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
636 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
637 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
638 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
639 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
640 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
641 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
642 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
643 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
644
645// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
646// the final (optional) element of |kCustomSession| with tag number 30.
647static const char kBadSessionExtraField[] =
648 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
649 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
650 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
651 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
652 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
653 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
654 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
655 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
656
657// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
658// the version of |kCustomSession| with 2.
659static const char kBadSessionVersion[] =
660 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
661 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
662 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
663 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
664 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
665 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
666 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
667 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
668
669// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
670// appended.
671static const char kBadSessionTrailingData[] =
672 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
673 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
674 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
675 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
676 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
677 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
678 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
679 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
680
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]683 if (!EVP_DecodedLength(&len, strlen(in))) {
684 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]686 }
687
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]688 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]689 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 strlen(in))) {
691 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]693 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694 out->resize(len);
695 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]696}
697
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 const uint8_t *cptr;
700 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]701
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]702 // Decode the input.
703 std::vector<uint8_t> input;
704 if (!DecodeBase64(&input, input_b64)) {
705 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 }
707
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]708 // Verify the SSL_SESSION decodes.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]709 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]710 if (!session) {
711 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]712 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]713 }
714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Verify the SSL_SESSION encoding round-trips.
716 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]717 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 uint8_t *encoded_raw;
719 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]720 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]722 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]723 encoded.reset(encoded_raw);
724 if (encoded_len != input.size() ||
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]725 memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]726 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]727 hexdump(stderr, "Before: ", input.data(), input.size());
728 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]729 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]730 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]731
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]732 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]733 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]734 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]735 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]736 fprintf(stderr, "d2i_SSL_SESSION failed\n");
737 return false;
738 }
739
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]740 // Verify the SSL_SESSION encoding round-trips via the legacy API.
741 int len = i2d_SSL_SESSION(session.get(), NULL);
742 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]743 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]744 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]745 }
746
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
748 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]749 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]750 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]751 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]752
753 ptr = encoded.get();
754 len = i2d_SSL_SESSION(session.get(), &ptr);
755 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]756 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]757 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]758 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]759 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]760 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]761 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]762 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]763 if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]764 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]765 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]766 }
767
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769}
770
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]771static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
772 std::vector<uint8_t> input;
773 if (!DecodeBase64(&input, input_b64)) {
774 return false;
775 }
776
777 // Verify that the SSL_SESSION fails to decode.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]778 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]779 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]780 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]781 return false;
782 }
783 ERR_clear_error();
784 return true;
785}
786
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]787static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]788 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]789 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]790 if (!ctx) {
791 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]792 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]793 if (ctx->min_version != min_version || ctx->max_version != max_version) {
794 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
795 ctx->min_version, ctx->max_version, min_version, max_version);
796 return false;
797 }
798 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]799}
800
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]801static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]802 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
803 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]804 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]805 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]806 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]807 if (!rfc_name) {
808 return false;
809 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]810 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]811 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]812}
813
814typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]815 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]816 const char *rfc_name;
817} CIPHER_RFC_NAME_TEST;
818
819static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]820 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
821 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
822 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
823 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
824 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
825 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
826 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
827 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
828 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
829 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
830 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
831 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
832 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
833 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
834 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
835 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
836 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
837 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
838 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
839 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
840 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
841 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
842
843 // These names are non-standard:
844 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
845 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
846 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
847 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]848};
849
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]850static bool TestCipherGetRFCName(void) {
851 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]852 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]853 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]854 std::string rfc_name;
855 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
856 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
857 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]858 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]859 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]860 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]861 rfc_name.c_str(), test->rfc_name);
862 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]863 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]864 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]865 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]866}
867
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]868// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
869// version and ticket length or nullptr on failure.
870static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
871 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]872 std::vector<uint8_t> der;
873 if (!DecodeBase64(&der, kOpenSSLSession)) {
874 return nullptr;
875 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]876 bssl::UniquePtr<SSL_SESSION> session(
877 SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]878 if (!session) {
879 return nullptr;
880 }
881
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]882 session->ssl_version = version;
883
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]884 // Swap out the ticket for a garbage one.
885 OPENSSL_free(session->tlsext_tick);
886 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
887 if (session->tlsext_tick == nullptr) {
888 return nullptr;
889 }
890 memset(session->tlsext_tick, 'a', ticket_len);
891 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]892
893 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]894#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
895 session->time = 1234;
896#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]897 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]898#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]899 return session;
900}
901
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]902static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]903 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]904 if (!bio) {
905 return false;
906 }
907 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]908 BIO_up_ref(bio.get());
909 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]910 int ret = SSL_connect(ssl);
911 if (ret > 0) {
912 // SSL_connect should fail without a BIO to write to.
913 return false;
914 }
915 ERR_clear_error();
916
917 const uint8_t *client_hello;
918 size_t client_hello_len;
919 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
920 return false;
921 }
922 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
923 return true;
924}
925
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]926// GetClientHelloLen creates a client SSL connection with the specified version
927// and ticket length. It returns the length of the ClientHello, not including
928// the record header, on success and zero on error.
929static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
930 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]931 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]932 bssl::UniquePtr<SSL_SESSION> session =
933 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]934 if (!ctx || !session) {
935 return 0;
936 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]937
938 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]939 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]940 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]941 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
942 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]943 return 0;
944 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]945
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]946 std::vector<uint8_t> client_hello;
947 if (!GetClientHello(ssl.get(), &client_hello) ||
948 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]949 return 0;
950 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]951
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]952 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]953}
954
955struct PaddingTest {
956 size_t input_len, padded_len;
957};
958
959static const PaddingTest kPaddingTests[] = {
960 // ClientHellos of length below 0x100 do not require padding.
961 {0xfe, 0xfe},
962 {0xff, 0xff},
963 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
964 {0x100, 0x200},
965 {0x123, 0x200},
966 {0x1fb, 0x200},
967 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
968 // padding extension takes a minimum of four bytes plus one required content
969 // byte. (To work around yet more server bugs, we avoid empty final
970 // extensions.)
971 {0x1fc, 0x201},
972 {0x1fd, 0x202},
973 {0x1fe, 0x203},
974 {0x1ff, 0x204},
975 // Finally, larger ClientHellos need no padding.
976 {0x200, 0x200},
977 {0x201, 0x201},
978};
979
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]980static bool TestPaddingExtension(uint16_t max_version,
981 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]982 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]983 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]984 if (base_len == 0) {
985 return false;
986 }
987
988 for (const PaddingTest &test : kPaddingTests) {
989 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]990 fprintf(stderr,
991 "Baseline ClientHello too long (max_version = %04x, "
992 "session_version = %04x).\n",
993 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]994 return false;
995 }
996
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]997 size_t padded_len = GetClientHelloLen(max_version, session_version,
998 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]999 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1000 fprintf(stderr,
1001 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1002 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1003 static_cast<unsigned>(test.input_len),
1004 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1005 static_cast<unsigned>(test.padded_len), max_version,
1006 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1007 return false;
1008 }
1009 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1010
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1011 return true;
1012}
1013
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1014// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1015// before configuring as a server.
1016static bool TestClientCAList() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1018 if (!ctx) {
1019 return false;
1020 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1021 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1022 if (!ssl) {
1023 return false;
1024 }
1025
1026 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
1027 if (stack == nullptr) {
1028 return false;
1029 }
1030 // |SSL_set_client_CA_list| takes ownership.
1031 SSL_set_client_CA_list(ssl.get(), stack);
1032
1033 return SSL_get_client_CA_list(ssl.get()) == stack;
1034}
1035
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1036static void AppendSession(SSL_SESSION *session, void *arg) {
1037 std::vector<SSL_SESSION*> *out =
1038 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1039 out->push_back(session);
1040}
1041
1042// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
1043// order.
1044static bool ExpectCache(SSL_CTX *ctx,
1045 const std::vector<SSL_SESSION*> &expected) {
1046 // Check the linked list.
1047 SSL_SESSION *ptr = ctx->session_cache_head;
1048 for (SSL_SESSION *session : expected) {
1049 if (ptr != session) {
1050 return false;
1051 }
1052 // TODO(davidben): This is an absurd way to denote the end of the list.
1053 if (ptr->next ==
1054 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1055 ptr = nullptr;
1056 } else {
1057 ptr = ptr->next;
1058 }
1059 }
1060 if (ptr != nullptr) {
1061 return false;
1062 }
1063
1064 // Check the hash table.
1065 std::vector<SSL_SESSION*> actual, expected_copy;
1066 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1067 expected_copy = expected;
1068
1069 std::sort(actual.begin(), actual.end());
1070 std::sort(expected_copy.begin(), expected_copy.end());
1071
1072 return actual == expected_copy;
1073}
1074
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1075static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
1076 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new());
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1077 if (!ret) {
1078 return nullptr;
1079 }
1080
1081 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
1082 memset(ret->session_id, 0, ret->session_id_length);
1083 memcpy(ret->session_id, &number, sizeof(number));
1084 return ret;
1085}
1086
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1087// Test that the internal session cache behaves as expected.
1088static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1089 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1090 if (!ctx) {
1091 return false;
1092 }
1093
1094 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1095 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1096 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1097 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1098 if (!session) {
1099 return false;
1100 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1101 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1102 }
1103
1104 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1105
1106 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1107 for (const auto &session : sessions) {
1108 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1109 return false;
1110 }
1111 }
1112
1113 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1114 std::vector<SSL_SESSION*> expected = {
1115 sessions[9].get(),
1116 sessions[8].get(),
1117 sessions[7].get(),
1118 sessions[6].get(),
1119 sessions[5].get(),
1120 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1121 if (!ExpectCache(ctx.get(), expected)) {
1122 return false;
1123 }
1124
1125 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1126 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1127 !ExpectCache(ctx.get(), expected)) {
1128 return false;
1129 }
1130
1131 // Although collisions should be impossible (256-bit session IDs), the cache
1132 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1133 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1134 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1135 return false;
1136 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1137 expected = {
1138 collision.get(),
1139 sessions[9].get(),
1140 sessions[8].get(),
1141 sessions[6].get(),
1142 sessions[5].get(),
1143 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1144 if (!ExpectCache(ctx.get(), expected)) {
1145 return false;
1146 }
1147
1148 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1149 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1150 return false;
1151 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1152 expected = {
1153 collision.get(),
1154 sessions[9].get(),
1155 sessions[8].get(),
1156 sessions[5].get(),
1157 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1158 if (!ExpectCache(ctx.get(), expected)) {
1159 return false;
1160 }
1161
1162 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1163 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1164 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1165 !ExpectCache(ctx.get(), expected)) {
1166 return false;
1167 }
1168
1169 return true;
1170}
1171
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1172static uint16_t EpochFromSequence(uint64_t seq) {
1173 return static_cast<uint16_t>(seq >> 48);
1174}
1175
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1176static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1177 static const char kCertPEM[] =
1178 "-----BEGIN CERTIFICATE-----\n"
1179 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1180 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1181 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1182 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1183 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1184 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1185 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1186 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1187 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1188 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1189 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1190 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1191 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1192 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1193 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1194 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1195}
1196
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1198 static const char kKeyPEM[] =
1199 "-----BEGIN RSA PRIVATE KEY-----\n"
1200 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1201 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1202 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1203 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1204 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1205 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1206 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1207 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1208 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1209 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1210 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1211 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1212 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1213 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1214 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1215 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1216 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1217}
1218
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1219static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1220 static const char kCertPEM[] =
1221 "-----BEGIN CERTIFICATE-----\n"
1222 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1223 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1224 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1225 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1226 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1227 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1228 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1229 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1230 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1231 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1232 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1233 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1234 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1235}
1236
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1237static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1238 static const char kKeyPEM[] =
1239 "-----BEGIN PRIVATE KEY-----\n"
1240 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1241 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1242 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1243 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1244 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1245 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1246 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1247}
1248
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1249static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1250 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1251 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1252 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1253 if (!client || !server) {
1254 return false;
1255 }
1256 SSL_set_connect_state(client.get());
1257 SSL_set_accept_state(server.get());
1258
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1259 SSL_set_session(client.get(), session);
1260
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1261 BIO *bio1, *bio2;
1262 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1263 return false;
1264 }
1265 // SSL_set_bio takes ownership.
1266 SSL_set_bio(client.get(), bio1, bio1);
1267 SSL_set_bio(server.get(), bio2, bio2);
1268
1269 // Drive both their handshakes to completion.
1270 for (;;) {
1271 int client_ret = SSL_do_handshake(client.get());
1272 int client_err = SSL_get_error(client.get(), client_ret);
1273 if (client_err != SSL_ERROR_NONE &&
1274 client_err != SSL_ERROR_WANT_READ &&
1275 client_err != SSL_ERROR_WANT_WRITE) {
1276 fprintf(stderr, "Client error: %d\n", client_err);
1277 return false;
1278 }
1279
1280 int server_ret = SSL_do_handshake(server.get());
1281 int server_err = SSL_get_error(server.get(), server_ret);
1282 if (server_err != SSL_ERROR_NONE &&
1283 server_err != SSL_ERROR_WANT_READ &&
1284 server_err != SSL_ERROR_WANT_WRITE) {
1285 fprintf(stderr, "Server error: %d\n", server_err);
1286 return false;
1287 }
1288
1289 if (client_ret == 1 && server_ret == 1) {
1290 break;
1291 }
1292 }
1293
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1294 *out_client = std::move(client);
1295 *out_server = std::move(server);
1296 return true;
1297}
1298
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1299static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1300 uint16_t version) {
1301 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1302 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1303 if (!server_ctx || !client_ctx ||
1304 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1305 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1306 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1307 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1308 return false;
1309 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1310
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1311 bssl::UniquePtr<X509> cert = GetTestCertificate();
1312 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1313 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1314 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1315 return false;
1316 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1317
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1318 bssl::UniquePtr<SSL> client, server;
1319 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1320 server_ctx.get(), nullptr /* no session */)) {
1321 return false;
1322 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1323
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1324 // Drain any post-handshake messages to ensure there are no unread records
1325 // on either end.
1326 uint8_t byte = 0;
1327 if (SSL_read(client.get(), &byte, 1) > 0 ||
1328 SSL_read(server.get(), &byte, 1) > 0) {
1329 fprintf(stderr, "Received unexpected data.\n");
1330 return false;
1331 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1332
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1333 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1334 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1335 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1336 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1337
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1338 if (is_dtls) {
1339 // Both client and server must be at epoch 1.
1340 if (EpochFromSequence(client_read_seq) != 1 ||
1341 EpochFromSequence(client_write_seq) != 1 ||
1342 EpochFromSequence(server_read_seq) != 1 ||
1343 EpochFromSequence(server_write_seq) != 1) {
1344 fprintf(stderr, "Bad epochs.\n");
1345 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1346 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1347
1348 // The next record to be written should exceed the largest received.
1349 if (client_write_seq <= server_read_seq ||
1350 server_write_seq <= client_read_seq) {
1351 fprintf(stderr, "Inconsistent sequence numbers.\n");
1352 return false;
1353 }
1354 } else {
1355 // The next record to be written should equal the next to be received.
1356 if (client_write_seq != server_read_seq ||
1357 server_write_seq != client_read_seq) {
1358 fprintf(stderr, "Inconsistent sequence numbers.\n");
1359 return false;
1360 }
1361 }
1362
1363 // Send a record from client to server.
1364 if (SSL_write(client.get(), &byte, 1) != 1 ||
1365 SSL_read(server.get(), &byte, 1) != 1) {
1366 fprintf(stderr, "Could not send byte.\n");
1367 return false;
1368 }
1369
1370 // The client write and server read sequence numbers should have
1371 // incremented.
1372 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1373 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1374 fprintf(stderr, "Sequence numbers did not increment.\n");
1375 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1376 }
1377
1378 return true;
1379}
1380
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1381static bool TestOneSidedShutdown() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1382 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1383 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1384 if (!client_ctx || !server_ctx) {
1385 return false;
1386 }
1387
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1388 bssl::UniquePtr<X509> cert = GetTestCertificate();
1389 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1390 if (!cert || !key ||
1391 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1392 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1393 return false;
1394 }
1395
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1396 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1397 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1398 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1399 return false;
1400 }
1401
1402 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1403 // one side has shut down.
1404 if (SSL_shutdown(client.get()) != 0) {
1405 fprintf(stderr, "Could not shutdown.\n");
1406 return false;
1407 }
1408
1409 // Reading from the server should consume the EOF.
1410 uint8_t byte;
1411 if (SSL_read(server.get(), &byte, 1) != 0 ||
1412 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1413 fprintf(stderr, "Connection was not shut down cleanly.\n");
1414 return false;
1415 }
1416
1417 // However, the server may continue to write data and then shut down the
1418 // connection.
1419 byte = 42;
1420 if (SSL_write(server.get(), &byte, 1) != 1 ||
1421 SSL_read(client.get(), &byte, 1) != 1 ||
1422 byte != 42) {
1423 fprintf(stderr, "Could not send byte.\n");
1424 return false;
1425 }
1426
1427 // The server may then shutdown the connection.
1428 if (SSL_shutdown(server.get()) != 1 ||
1429 SSL_shutdown(client.get()) != 1) {
1430 fprintf(stderr, "Could not complete shutdown.\n");
1431 return false;
1432 }
1433
1434 return true;
1435}
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1436static bool TestSessionDuplication() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1437 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1438 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1439 if (!client_ctx || !server_ctx) {
1440 return false;
1441 }
1442
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1443 bssl::UniquePtr<X509> cert = GetTestCertificate();
1444 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1445 if (!cert || !key ||
1446 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1447 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1448 return false;
1449 }
1450
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1451 bssl::UniquePtr<SSL> client, server;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1452 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1453 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1454 return false;
1455 }
1456
1457 SSL_SESSION *session0 = SSL_get_session(client.get());
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1458 bssl::UniquePtr<SSL_SESSION> session1(SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1459 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1460 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1461 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1462
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1463 session1->not_resumable = 0;
1464
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1465 uint8_t *s0_bytes, *s1_bytes;
1466 size_t s0_len, s1_len;
1467
1468 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1469 return false;
1470 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1471 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1472
1473 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1474 return false;
1475 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1476 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1477
1478 return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
1479}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1480
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1481static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1482 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1483 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1484 SSL_get_wfd(ssl), rfd, wfd);
1485 return false;
1486 }
1487
1488 // The wrapper BIOs are always equal when fds are equal, even if set
1489 // individually.
1490 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1491 fprintf(stderr, "rbio and wbio did not match.\n");
1492 return false;
1493 }
1494
1495 return true;
1496}
1497
1498static bool TestSetFD() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1499 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1500 if (!ctx) {
1501 return false;
1502 }
1503
1504 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1505 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1506 if (!ssl ||
1507 !SSL_set_rfd(ssl.get(), 1) ||
1508 !SSL_set_wfd(ssl.get(), 2) ||
1509 !ExpectFDs(ssl.get(), 1, 2)) {
1510 return false;
1511 }
1512
1513 // Test setting the same FD.
1514 ssl.reset(SSL_new(ctx.get()));
1515 if (!ssl ||
1516 !SSL_set_fd(ssl.get(), 1) ||
1517 !ExpectFDs(ssl.get(), 1, 1)) {
1518 return false;
1519 }
1520
1521 // Test setting the same FD one side at a time.
1522 ssl.reset(SSL_new(ctx.get()));
1523 if (!ssl ||
1524 !SSL_set_rfd(ssl.get(), 1) ||
1525 !SSL_set_wfd(ssl.get(), 1) ||
1526 !ExpectFDs(ssl.get(), 1, 1)) {
1527 return false;
1528 }
1529
1530 // Test setting the same FD in the other order.
1531 ssl.reset(SSL_new(ctx.get()));
1532 if (!ssl ||
1533 !SSL_set_wfd(ssl.get(), 1) ||
1534 !SSL_set_rfd(ssl.get(), 1) ||
1535 !ExpectFDs(ssl.get(), 1, 1)) {
1536 return false;
1537 }
1538
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1539 // Test changing the read FD partway through.
1540 ssl.reset(SSL_new(ctx.get()));
1541 if (!ssl ||
1542 !SSL_set_fd(ssl.get(), 1) ||
1543 !SSL_set_rfd(ssl.get(), 2) ||
1544 !ExpectFDs(ssl.get(), 2, 1)) {
1545 return false;
1546 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1547
1548 // Test changing the write FD partway through.
1549 ssl.reset(SSL_new(ctx.get()));
1550 if (!ssl ||
1551 !SSL_set_fd(ssl.get(), 1) ||
1552 !SSL_set_wfd(ssl.get(), 2) ||
1553 !ExpectFDs(ssl.get(), 1, 2)) {
1554 return false;
1555 }
1556
1557 // Test a no-op change to the read FD partway through.
1558 ssl.reset(SSL_new(ctx.get()));
1559 if (!ssl ||
1560 !SSL_set_fd(ssl.get(), 1) ||
1561 !SSL_set_rfd(ssl.get(), 1) ||
1562 !ExpectFDs(ssl.get(), 1, 1)) {
1563 return false;
1564 }
1565
1566 // Test a no-op change to the write FD partway through.
1567 ssl.reset(SSL_new(ctx.get()));
1568 if (!ssl ||
1569 !SSL_set_fd(ssl.get(), 1) ||
1570 !SSL_set_wfd(ssl.get(), 1) ||
1571 !ExpectFDs(ssl.get(), 1, 1)) {
1572 return false;
1573 }
1574
1575 // ASan builds will implicitly test that the internal |BIO| reference-counting
1576 // is correct.
1577
1578 return true;
1579}
1580
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1581static bool TestSetBIO() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1582 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1583 if (!ctx) {
1584 return false;
1585 }
1586
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1587 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1588 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1589 bio3(BIO_new(BIO_s_mem()));
1590 if (!ssl || !bio1 || !bio2 || !bio3) {
1591 return false;
1592 }
1593
1594 // SSL_set_bio takes one reference when the parameters are the same.
1595 BIO_up_ref(bio1.get());
1596 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1597
1598 // Repeating the call does nothing.
1599 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1600
1601 // It takes one reference each when the parameters are different.
1602 BIO_up_ref(bio2.get());
1603 BIO_up_ref(bio3.get());
1604 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1605
1606 // Repeating the call does nothing.
1607 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1608
1609 // It takes one reference when changing only wbio.
1610 BIO_up_ref(bio1.get());
1611 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1612
1613 // It takes one reference when changing only rbio and the two are different.
1614 BIO_up_ref(bio3.get());
1615 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1616
1617 // If setting wbio to rbio, it takes no additional references.
1618 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1619
1620 // From there, wbio may be switched to something else.
1621 BIO_up_ref(bio1.get());
1622 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1623
1624 // If setting rbio to wbio, it takes no additional references.
1625 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1626
1627 // From there, rbio may be switched to something else, but, for historical
1628 // reasons, it takes a reference to both parameters.
1629 BIO_up_ref(bio1.get());
1630 BIO_up_ref(bio2.get());
1631 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1632
1633 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1634 // is correct.
1635 return true;
1636}
1637
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1638static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1639
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1640static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1641 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1642 bssl::UniquePtr<X509> cert = GetTestCertificate();
1643 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1644 if (!cert || !key) {
1645 return false;
1646 }
1647
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1648 // Configure both client and server to accept any certificate.
1649 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1650 if (!ctx ||
1651 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1652 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1653 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1654 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1655 return false;
1656 }
1657 SSL_CTX_set_verify(
1658 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1659 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1660
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1661 bssl::UniquePtr<SSL> client, server;
1662 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1663 nullptr /* no session */)) {
1664 return false;
1665 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1666
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1667 // Client and server should both see the leaf certificate.
1668 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1669 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1670 fprintf(stderr, "Server peer certificate did not match.\n");
1671 return false;
1672 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1673
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1674 peer.reset(SSL_get_peer_certificate(client.get()));
1675 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1676 fprintf(stderr, "Client peer certificate did not match.\n");
1677 return false;
1678 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1679
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1680 // However, for historical reasons, the chain includes the leaf on the
1681 // client, but does not on the server.
1682 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1683 fprintf(stderr, "Client peer chain was incorrect.\n");
1684 return false;
1685 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1686
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1687 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1688 fprintf(stderr, "Server peer chain was incorrect.\n");
1689 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1690 }
1691
1692 return true;
1693}
1694
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1695static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1696 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1697 bssl::UniquePtr<X509> cert = GetTestCertificate();
1698 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1699 if (!cert || !key) {
1700 return false;
1701 }
1702
1703 uint8_t *cert_der = NULL;
1704 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1705 if (cert_der_len < 0) {
1706 return false;
1707 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1708 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1709
1710 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1711 SHA256(cert_der, cert_der_len, cert_sha256);
1712
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1713 // Configure both client and server to accept any certificate, but the
1714 // server must retain only the SHA-256 of the peer.
1715 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1716 if (!ctx ||
1717 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1718 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1719 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1720 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1721 return false;
1722 }
1723 SSL_CTX_set_verify(
1724 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1725 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1726 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1727
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1728 bssl::UniquePtr<SSL> client, server;
1729 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1730 nullptr /* no session */)) {
1731 return false;
1732 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1733
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1734 // The peer certificate has been dropped.
1735 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1736 if (peer) {
1737 fprintf(stderr, "Peer certificate was retained.\n");
1738 return false;
1739 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1740
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1741 SSL_SESSION *session = SSL_get_session(server.get());
1742 if (!session->peer_sha256_valid) {
1743 fprintf(stderr, "peer_sha256_valid was not set.\n");
1744 return false;
1745 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1746
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]1747 if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
1748 fprintf(stderr, "peer_sha256 did not match.\n");
1749 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1750 }
1751
1752 return true;
1753}
1754
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1755static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1756 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1757 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1758 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1759 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1760 // Our default cipher list varies by CPU capabilities, so manually place
1761 // the ChaCha20 ciphers in front.
1762 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1763 return false;
1764 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1765
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1766 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1767 if (!ssl) {
1768 return false;
1769 }
1770 std::vector<uint8_t> client_hello;
1771 if (!GetClientHello(ssl.get(), &client_hello)) {
1772 return false;
1773 }
1774
1775 // Zero the client_random.
1776 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1777 1 + 3 + // handshake message header
1778 2; // client_version
1779 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1780 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1781 return false;
1782 }
1783 memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
1784
1785 if (client_hello.size() != expected_len ||
1786 memcmp(client_hello.data(), expected, expected_len) != 0) {
1787 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1788 fprintf(stderr, "Got:\n\t");
1789 for (size_t i = 0; i < client_hello.size(); i++) {
1790 fprintf(stderr, "0x%02x, ", client_hello[i]);
1791 }
1792 fprintf(stderr, "\nWanted:\n\t");
1793 for (size_t i = 0; i < expected_len; i++) {
1794 fprintf(stderr, "0x%02x, ", expected[i]);
1795 }
1796 fprintf(stderr, "\n");
1797 return false;
1798 }
1799
1800 return true;
1801}
1802
1803// Tests that our ClientHellos do not change unexpectedly.
1804static bool TestClientHello() {
1805 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1806 0x16,
1807 0x03, 0x00,
1808 0x00, 0x3f,
1809 0x01,
1810 0x00, 0x00, 0x3b,
1811 0x03, 0x00,
1812 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1813 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1814 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1815 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1816 0x00,
1817 0x00, 0x14,
1818 0xc0, 0x09,
1819 0xc0, 0x13,
1820 0x00, 0x33,
1821 0xc0, 0x0a,
1822 0xc0, 0x14,
1823 0x00, 0x39,
1824 0x00, 0x2f,
1825 0x00, 0x35,
1826 0x00, 0x0a,
1827 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1828 };
1829 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1830 sizeof(kSSL3ClientHello))) {
1831 return false;
1832 }
1833
1834 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1835 0x16,
1836 0x03, 0x01,
1837 0x00, 0x5e,
1838 0x01,
1839 0x00, 0x00, 0x5a,
1840 0x03, 0x01,
1841 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1842 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1843 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1844 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1845 0x00,
1846 0x00, 0x12,
1847 0xc0, 0x09,
1848 0xc0, 0x13,
1849 0x00, 0x33,
1850 0xc0, 0x0a,
1851 0xc0, 0x14,
1852 0x00, 0x39,
1853 0x00, 0x2f,
1854 0x00, 0x35,
1855 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1856 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1857 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1858 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1859 };
1860 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1861 sizeof(kTLS1ClientHello))) {
1862 return false;
1863 }
1864
1865 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1866 0x16,
1867 0x03, 0x01,
1868 0x00, 0x5e,
1869 0x01,
1870 0x00, 0x00, 0x5a,
1871 0x03, 0x02,
1872 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1873 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1874 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1875 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1876 0x00,
1877 0x00, 0x12,
1878 0xc0, 0x09,
1879 0xc0, 0x13,
1880 0x00, 0x33,
1881 0xc0, 0x0a,
1882 0xc0, 0x14,
1883 0x00, 0x39,
1884 0x00, 0x2f,
1885 0x00, 0x35,
1886 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1887 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1888 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1889 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1890 };
1891 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1892 sizeof(kTLS11ClientHello))) {
1893 return false;
1894 }
1895
1896 static const uint8_t kTLS12ClientHello[] = {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1897 0x16, 0x03, 0x01, 0x00, 0x9e, 0x01, 0x00, 0x00, 0x9a, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1898 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1899 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1900 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0xcc, 0xa9,
1901 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
1902 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13,
1903 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1904 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1905 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1906 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00,
David Benjamin3a322f52016-10-26 12:45:35 -0400[diff] [blame]1907 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04,
1908 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1909 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
1910 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1911 };
1912 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1913 sizeof(kTLS12ClientHello))) {
1914 return false;
1915 }
1916
1917 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1918 // implementation has settled enough that it won't change.
1919
1920 return true;
1921}
1922
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1923static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1924
1925static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1926 // Save the most recent session.
1927 g_last_session.reset(session);
1928 return 1;
1929}
1930
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1931static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1932 SSL_CTX *server_ctx) {
1933 g_last_session = nullptr;
1934 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1935
1936 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1937 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1938 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1939 nullptr /* no session */)) {
1940 fprintf(stderr, "Failed to connect client and server.\n");
1941 return nullptr;
1942 }
1943
1944 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1945 SSL_read(client.get(), nullptr, 0);
1946
1947 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1948
1949 if (!g_last_session) {
1950 fprintf(stderr, "Client did not receive a session.\n");
1951 return nullptr;
1952 }
1953 return std::move(g_last_session);
1954}
1955
1956static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1957 SSL_SESSION *session,
1958 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1959 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1960 if (!ConnectClientAndServer(&client, &server, client_ctx,
1961 server_ctx, session)) {
1962 fprintf(stderr, "Failed to connect client and server.\n");
1963 return false;
1964 }
1965
1966 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1967 fprintf(stderr, "Client and server were inconsistent.\n");
1968 return false;
1969 }
1970
1971 bool was_reused = !!SSL_session_reused(client.get());
1972 if (was_reused != reused) {
1973 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1974 was_reused ? "" : " not");
1975 return false;
1976 }
1977
1978 return true;
1979}
1980
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]1981static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
1982 SSL_CTX *server_ctx,
1983 SSL_SESSION *session) {
1984 g_last_session = nullptr;
1985 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1986
1987 bssl::UniquePtr<SSL> client, server;
1988 if (!ConnectClientAndServer(&client, &server, client_ctx,
1989 server_ctx, session)) {
1990 fprintf(stderr, "Failed to connect client and server.\n");
1991 return nullptr;
1992 }
1993
1994 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1995 fprintf(stderr, "Client and server were inconsistent.\n");
1996 return nullptr;
1997 }
1998
1999 if (!SSL_session_reused(client.get())) {
2000 fprintf(stderr, "Session was not reused.\n");
2001 return nullptr;
2002 }
2003
2004 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2005 SSL_read(client.get(), nullptr, 0);
2006
2007 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2008
2009 if (!g_last_session) {
2010 fprintf(stderr, "Client did not receive a renewed session.\n");
2011 return nullptr;
2012 }
2013 return std::move(g_last_session);
2014}
2015
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2016static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2017 static const uint8_t kContext[] = {3};
2018
2019 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2020 return SSL_TLSEXT_ERR_ALERT_FATAL;
2021 }
2022
2023 return SSL_TLSEXT_ERR_OK;
2024}
2025
2026static int SwitchSessionIDContextEarly(
2027 const struct ssl_early_callback_ctx *ctx) {
2028 static const uint8_t kContext[] = {3};
2029
2030 if (!SSL_set_session_id_context(ctx->ssl, kContext, sizeof(kContext))) {
2031 return -1;
2032 }
2033
2034 return 1;
2035}
2036
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2037static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2038 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2039 bssl::UniquePtr<X509> cert = GetTestCertificate();
2040 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2041 if (!cert || !key) {
2042 return false;
2043 }
2044
2045 static const uint8_t kContext1[] = {1};
2046 static const uint8_t kContext2[] = {2};
2047
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2048 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2049 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2050 if (!server_ctx || !client_ctx ||
2051 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2052 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2053 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2054 sizeof(kContext1)) ||
2055 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2056 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2057 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2058 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2059 return false;
2060 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2061
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2062 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2063 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2064
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2065 bssl::UniquePtr<SSL_SESSION> session =
2066 CreateClientSession(client_ctx.get(), server_ctx.get());
2067 if (!session) {
2068 fprintf(stderr, "Error getting session.\n");
2069 return false;
2070 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2071
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2072 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2073 true /* expect session reused */)) {
2074 fprintf(stderr, "Error resuming session.\n");
2075 return false;
2076 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2077
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2078 // Change the session ID context.
2079 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2080 sizeof(kContext2))) {
2081 return false;
2082 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2083
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2084 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2085 false /* expect session not reused */)) {
2086 fprintf(stderr, "Error connecting with a different context.\n");
2087 return false;
2088 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2089
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2090 // Change the session ID context back and install an SNI callback to switch
2091 // it.
2092 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2093 sizeof(kContext1))) {
2094 return false;
2095 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2096
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2097 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2098 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2099
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2100 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2101 false /* expect session not reused */)) {
2102 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2103 return false;
2104 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2105
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2106 // Switch the session ID context with the early callback instead.
2107 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2108 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2109 SwitchSessionIDContextEarly);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2110
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2111 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2112 false /* expect session not reused */)) {
2113 fprintf(stderr,
2114 "Error connecting with a context switch on early callback.\n");
2115 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2116 }
2117
2118 return true;
2119}
2120
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2121static timeval g_current_time;
2122
2123static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2124 *out_clock = g_current_time;
2125}
2126
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2127static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2128 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2129 int encrypt) {
2130 static const uint8_t kZeros[16] = {0};
2131
2132 if (encrypt) {
2133 memcpy(key_name, kZeros, sizeof(kZeros));
2134 RAND_bytes(iv, 16);
2135 } else if (memcmp(key_name, kZeros, 16) != 0) {
2136 return 0;
2137 }
2138
2139 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2140 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2141 return -1;
2142 }
2143
2144 // Returning two from the callback in decrypt mode renews the
2145 // session in TLS 1.2 and below.
2146 return encrypt ? 1 : 2;
2147}
2148
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2149static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2150 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2151 return false;
2152 }
2153
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2154 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2155 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2156 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2157
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2158#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2159 // Fuzzer-mode tickets are unencrypted.
2160 memcpy(plaintext.get(), ciphertext, len);
2161#else
2162 static const uint8_t kZeros[16] = {0};
2163 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2164 bssl::ScopedEVP_CIPHER_CTX ctx;
2165 int len1, len2;
2166 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2167 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2168 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2169 return false;
2170 }
2171
2172 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2173#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2174
2175 bssl::UniquePtr<SSL_SESSION> server_session(
2176 SSL_SESSION_from_bytes(plaintext.get(), len));
2177 if (!server_session) {
2178 return false;
2179 }
2180
2181 *out = server_session->time;
2182 return true;
2183}
2184
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2185static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2186 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2187 bssl::UniquePtr<X509> cert = GetTestCertificate();
2188 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2189 if (!cert || !key) {
2190 return false;
2191 }
2192
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2193 for (bool server_test : std::vector<bool>{false, true}) {
2194 static const int kStartTime = 1000;
2195 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2196
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2197 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2198 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2199 if (!server_ctx || !client_ctx ||
2200 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2201 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2202 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2203 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2204 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2205 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2206 return false;
2207 }
2208
2209 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2210 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2211
2212 // Both client and server must enforce session timeouts.
2213 if (server_test) {
2214 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2215 } else {
2216 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
2217 }
2218
2219 // Configure a ticket callback which renews tickets.
2220 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2221
2222 bssl::UniquePtr<SSL_SESSION> session =
2223 CreateClientSession(client_ctx.get(), server_ctx.get());
2224 if (!session) {
2225 fprintf(stderr, "Error getting session.\n");
2226 return false;
2227 }
2228
2229 // Advance the clock just behind the timeout.
2230 g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT - 1;
2231
2232 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2233 true /* expect session reused */)) {
2234 fprintf(stderr, "Error resuming session.\n");
2235 return false;
2236 }
2237
2238 // Advance the clock one more second.
2239 g_current_time.tv_sec++;
2240
2241 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2242 false /* expect session not reused */)) {
2243 fprintf(stderr, "Error resuming session.\n");
2244 return false;
2245 }
2246
2247 // Rewind the clock to before the session was minted.
2248 g_current_time.tv_sec = kStartTime - 1;
2249
2250 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2251 false /* expect session not reused */)) {
2252 fprintf(stderr, "Error resuming session.\n");
2253 return false;
2254 }
2255
2256 // SSL 3.0 cannot renew sessions.
2257 if (version == SSL3_VERSION) {
2258 continue;
2259 }
2260
2261 // Renew the session 10 seconds before expiration.
2262 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 10;
2263 bssl::UniquePtr<SSL_SESSION> new_session =
2264 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2265 if (!new_session) {
2266 fprintf(stderr, "Error renewing session.\n");
2267 return false;
2268 }
2269
2270 // This new session is not the same object as before.
2271 if (session.get() == new_session.get()) {
2272 fprintf(stderr, "New and old sessions alias.\n");
2273 return false;
2274 }
2275
2276 // Check the sessions have timestamps measured from issuance.
2277 long session_time = 0;
2278 if (server_test) {
2279 if (!GetServerTicketTime(&session_time, new_session.get())) {
2280 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2281 return false;
2282 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2283 } else {
2284 session_time = new_session->time;
2285 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2286
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2287 if (session_time != g_current_time.tv_sec) {
2288 fprintf(stderr, "New session is not measured from issuance.\n");
2289 return false;
2290 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2291
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2292 // The new session is usable just before the old expiration.
2293 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 1;
2294 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2295 new_session.get(),
2296 true /* expect session reused */)) {
2297 fprintf(stderr, "Error resuming renewed session.\n");
2298 return false;
2299 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2300
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2301 // Renewal does not extend the lifetime, so it is not usable beyond the
2302 // old expiration.
2303 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT + 1;
2304 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2305 new_session.get(),
2306 false /* expect session not reused */)) {
2307 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2308 return false;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2309 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2310 }
2311
2312 return true;
2313}
2314
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2315static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2316 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2317 SSL_set_SSL_CTX(ssl, ctx);
2318 return SSL_TLSEXT_ERR_OK;
2319}
2320
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2321static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2322 uint16_t version) {
2323 // SSL 3.0 lacks extensions.
2324 if (version == SSL3_VERSION) {
2325 return true;
2326 }
2327
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2328 bssl::UniquePtr<X509> cert = GetTestCertificate();
2329 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2330 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2331 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2332 if (!cert || !key || !cert2 || !key2) {
2333 return false;
2334 }
2335
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2336 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2337 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2338
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2339 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2340 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2341 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2342 if (!server_ctx || !server_ctx2 || !client_ctx ||
2343 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2344 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2345 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2346 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2347 // Historically signing preferences would be lost in some cases with the
2348 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2349 // this doesn't happen when |version| is TLS 1.2, configure the private
2350 // key to only sign SHA-256.
2351 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2352 1) ||
2353 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2354 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2355 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2356 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2357 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2358 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2359 return false;
2360 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2361
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2362 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2363 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2364
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2365 bssl::UniquePtr<SSL> client, server;
2366 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2367 server_ctx.get(), nullptr)) {
2368 fprintf(stderr, "Handshake failed.\n");
2369 return false;
2370 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2371
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2372 // The client should have received |cert2|.
2373 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2374 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2375 fprintf(stderr, "Incorrect certificate received.\n");
2376 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2377 }
2378
2379 return true;
2380}
2381
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2382static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) {
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2383 if (!SSL_set_max_proto_version(ctx->ssl, TLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2384 return -1;
2385 }
2386
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2387 return 1;
2388}
2389
2390// TestEarlyCallbackVersionSwitch tests that the early callback can swap the
2391// maximum version.
2392static bool TestEarlyCallbackVersionSwitch() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2393 bssl::UniquePtr<X509> cert = GetTestCertificate();
2394 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2395 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2396 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2397 if (!cert || !key || !server_ctx || !client_ctx ||
2398 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2399 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2400 !SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION) ||
2401 !SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)) {
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2402 return false;
2403 }
2404
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2405 SSL_CTX_set_select_certificate_cb(server_ctx.get(), SetMaxVersion);
2406
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2407 bssl::UniquePtr<SSL> client, server;
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2408 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2409 server_ctx.get(), nullptr)) {
2410 return false;
2411 }
2412
2413 if (SSL_version(client.get()) != TLS1_2_VERSION) {
2414 fprintf(stderr, "Early callback failed to switch the maximum version.\n");
2415 return false;
2416 }
2417
2418 return true;
2419}
2420
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2421static bool TestSetVersion() {
2422 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2423 if (!ctx) {
2424 return false;
2425 }
2426
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2427 if (!SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2428 !SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION) ||
2429 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2430 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2431 fprintf(stderr, "Could not set valid TLS version.\n");
2432 return false;
2433 }
2434
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2435 if (SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2436 SSL_CTX_set_max_proto_version(ctx.get(), 0x0200) ||
2437 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2438 SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2439 SSL_CTX_set_min_proto_version(ctx.get(), 0x0200) ||
2440 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2441 fprintf(stderr, "Unexpectedly set invalid TLS version.\n");
2442 return false;
2443 }
2444
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2445 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2446 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2447 fprintf(stderr, "Could not set default TLS version.\n");
2448 return false;
2449 }
2450
2451 if (ctx->min_version != SSL3_VERSION ||
2452 ctx->max_version != TLS1_2_VERSION) {
2453 fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n",
2454 ctx->min_version, ctx->max_version);
2455 return false;
2456 }
2457
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2458 ctx.reset(SSL_CTX_new(DTLS_method()));
2459 if (!ctx) {
2460 return false;
2461 }
2462
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2463 if (!SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2464 !SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION) ||
2465 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2466 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2467 fprintf(stderr, "Could not set valid DTLS version.\n");
2468 return false;
2469 }
2470
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2471 if (SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2472 SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2473 SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2474 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2475 SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2476 SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2477 SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2478 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2479 fprintf(stderr, "Unexpectedly set invalid DTLS version.\n");
2480 return false;
2481 }
2482
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2483 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2484 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2485 fprintf(stderr, "Could not set default DTLS version.\n");
2486 return false;
2487 }
2488
2489 if (ctx->min_version != TLS1_1_VERSION ||
2490 ctx->max_version != TLS1_2_VERSION) {
2491 fprintf(stderr, "Default DTLS versions were incorrect (%04x and %04x).\n",
2492 ctx->min_version, ctx->max_version);
2493 return false;
2494 }
2495
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2496 return true;
2497}
2498
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2499static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2500 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2501 bssl::UniquePtr<X509> cert = GetTestCertificate();
2502 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2503 if (!cert || !key) {
2504 return false;
2505 }
2506
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2507 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2508 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2509 bssl::UniquePtr<SSL> client, server;
2510 if (!server_ctx || !client_ctx ||
2511 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2512 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2513 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2514 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2515 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2516 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2517 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2518 server_ctx.get(), nullptr /* no session */)) {
2519 fprintf(stderr, "Failed to connect.\n");
2520 return false;
2521 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2522
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2523 if (SSL_version(client.get()) != version ||
2524 SSL_version(server.get()) != version) {
2525 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2526 SSL_version(client.get()), SSL_version(server.get()), version);
2527 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2528 }
2529
2530 return true;
2531}
2532
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2533// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2534// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2535static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2536 uint16_t version) {
2537 // SSL 3.0 lacks extensions.
2538 if (version == SSL3_VERSION) {
2539 return true;
2540 }
2541
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2542 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2543
2544 bssl::UniquePtr<X509> cert = GetTestCertificate();
2545 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2546 if (!cert || !key) {
2547 return false;
2548 }
2549
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2550 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2551 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2552 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2553 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2554 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2555 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2556 0) {
2557 return false;
2558 }
2559
2560 // The ALPN callback does not fail the handshake on error, so have the
2561 // callback write a boolean.
2562 std::pair<uint16_t, bool> callback_state(version, false);
2563 SSL_CTX_set_alpn_select_cb(
2564 ctx.get(),
2565 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2566 unsigned in_len, void *arg) -> int {
2567 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2568 if (SSL_get_pending_cipher(ssl) != nullptr &&
2569 SSL_version(ssl) == state->first) {
2570 state->second = true;
2571 }
2572 return SSL_TLSEXT_ERR_NOACK;
2573 },
2574 &callback_state);
2575
2576 bssl::UniquePtr<SSL> client, server;
2577 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2578 nullptr /* no session */)) {
2579 return false;
2580 }
2581
2582 if (!callback_state.second) {
2583 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2584 return false;
2585 }
2586
2587 return true;
2588}
2589
2590static bool ForEachVersion(bool (*test_func)(bool is_dtls,
2591 const SSL_METHOD *method,
2592 uint16_t version)) {
2593 static uint16_t kTLSVersions[] = {
2594 SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION,
2595 TLS1_2_VERSION, TLS1_3_VERSION,
2596 };
2597
2598 static uint16_t kDTLSVersions[] = {
2599 DTLS1_VERSION, DTLS1_2_VERSION,
2600 };
2601
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2602 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2603 if (!test_func(false, TLS_method(), version)) {
2604 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2605 return false;
2606 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2607 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2608
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2609 for (uint16_t version : kDTLSVersions) {
2610 if (!test_func(true, DTLS_method(), version)) {
2611 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2612 return false;
2613 }
2614 }
2615
2616 return true;
2617}
2618
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]2619int main() {
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]2620 CRYPTO_library_init();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2621
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2622 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]2623 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2624 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
2625 !TestSSL_SESSIONEncoding(kCustomSession) ||
2626 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
2627 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
2628 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
2629 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]2630 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2631 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
2632 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
2633 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
2634 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
2635 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
2636 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
2637 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
2638 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
2639 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]2640 // Test the padding extension at TLS 1.2.
2641 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
2642 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
2643 // will be no PSK binder after the padding extension.
2644 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
2645 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
2646 // will be a PSK binder after the padding extension.
2647 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2648 !TestClientCAList() ||
2649 !TestInternalSessionCache() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2650 !ForEachVersion(TestSequenceNumber) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2651 !TestOneSidedShutdown() ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]2652 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]2653 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]2654 !TestSetBIO() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2655 !ForEachVersion(TestGetPeerCertificate) ||
2656 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2657 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2658 !ForEachVersion(TestSessionIDContext) ||
2659 !ForEachVersion(TestSessionTimeout) ||
2660 !ForEachVersion(TestSNICallback) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2661 !TestEarlyCallbackVersionSwitch() ||
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2662 !TestSetVersion() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame^]2663 !ForEachVersion(TestVersion) ||
2664 !ForEachVersion(TestALPNCipherAvailable)) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]2665 ERR_print_errors_fp(stderr);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2666 return 1;
2667 }
2668
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]2669 printf("PASS\n");
2670 return 0;
2671}