Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 68f37b7a3f451aa1ca8c93669c024d01f6270ae8 / . / ssl / ssl_test.cc
blob: ae9d5ca49a1c6664cd7702e62f2fe15cbc60d84b [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]24#include <openssl/base64.h>
25#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]26#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]27#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]28#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]29#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]30#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]31#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]32#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]33#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]34#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]35
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]36#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]37#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]38#include "../crypto/test/test_util.h"
39
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]40#if defined(OPENSSL_WINDOWS)
41/* Windows defines struct timeval in winsock2.h. */
42OPENSSL_MSVC_PRAGMA(warning(push, 3))
43#include <winsock2.h>
44OPENSSL_MSVC_PRAGMA(warning(pop))
45#else
46#include <sys/time.h>
47#endif
48
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]49
50struct ExpectedCipher {
51 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]52 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]53};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55struct CipherTest {
56 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]57 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]58 // The list of expected ciphers, in order.
59 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]60};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]61
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]62struct CurveTest {
63 // The rule string to apply.
64 const char *rule;
65 // The list of expected curves, in order.
66 std::vector<uint16_t> expected;
67};
68
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]69static const CipherTest kCipherTests[] = {
70 // Selecting individual ciphers should work.
71 {
72 "ECDHE-ECDSA-CHACHA20-POLY1305:"
73 "ECDHE-RSA-CHACHA20-POLY1305:"
74 "ECDHE-ECDSA-AES128-GCM-SHA256:"
75 "ECDHE-RSA-AES128-GCM-SHA256",
76 {
77 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
78 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
79 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
80 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
94 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
95 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
96 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
97 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
99 },
100 },
101 // ! banishes ciphers from future selections.
102 {
103 "!aRSA:"
104 "ECDHE-ECDSA-CHACHA20-POLY1305:"
105 "ECDHE-RSA-CHACHA20-POLY1305:"
106 "ECDHE-ECDSA-AES128-GCM-SHA256:"
107 "ECDHE-RSA-AES128-GCM-SHA256",
108 {
109 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
110 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
111 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
112 },
113 },
114 // Multiple masks can be ANDed in a single rule.
115 {
116 "kRSA+AESGCM+AES128",
117 {
118 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
119 },
120 },
121 // - removes selected ciphers, but preserves their order for future
122 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
123 // ECDHE_RSA.
124 {
125 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
126 "AESGCM+AES128+aRSA",
127 {
128 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
129 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
130 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
131 },
132 },
133 // Unknown selectors are no-ops.
134 {
135 "ECDHE-ECDSA-CHACHA20-POLY1305:"
136 "ECDHE-RSA-CHACHA20-POLY1305:"
137 "ECDHE-ECDSA-AES128-GCM-SHA256:"
138 "ECDHE-RSA-AES128-GCM-SHA256:"
139 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
140 {
141 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
142 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
143 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
144 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
145 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
146 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
147 },
148 },
149 // Square brackets specify equi-preference groups.
150 {
151 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
152 "[ECDHE-RSA-CHACHA20-POLY1305]:"
153 "ECDHE-RSA-AES128-GCM-SHA256",
154 {
155 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
156 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1},
157 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
158 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1},
159 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
160 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
161 },
162 },
163 // @STRENGTH performs a stable strength-sort of the selected ciphers and
164 // only the selected ciphers.
165 {
166 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]167 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]168 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
169 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]170 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]171 // Select ECDHE ones and sort them by strength. Ties should resolve
172 // based on the order above.
173 "kECDHE:@STRENGTH:-ALL:"
174 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
175 // by strength. Then RSA, backwards by strength.
176 "aRSA",
177 {
178 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
179 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
180 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]181 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]182 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
183 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
184 },
185 },
186 // Exact ciphers may not be used in multi-part rules; they are treated
187 // as unknown aliases.
188 {
189 "ECDHE-ECDSA-AES128-GCM-SHA256:"
190 "ECDHE-RSA-AES128-GCM-SHA256:"
191 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
192 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
193 {
194 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
195 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
196 },
197 },
198 // SSLv3 matches everything that existed before TLS 1.2.
199 {
200 "AES128-SHA:AES128-SHA256:!SSLv3",
201 {
202 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
203 },
204 },
205 // TLSv1.2 matches everything added in TLS 1.2.
206 {
207 "AES128-SHA:AES128-SHA256:!TLSv1.2",
208 {
209 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
210 },
211 },
212 // The two directives have no intersection.
213 {
214 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
215 {
216 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
217 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
218 },
219 },
220 // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher
221 // name and not an alias. It may not be used in a multipart rule. (That the
222 // shared name works is covered by the standard tests.)
223 {
224 "ECDHE-ECDSA-CHACHA20-POLY1305:"
225 "ECDHE-RSA-CHACHA20-POLY1305:"
226 "!ECDHE-RSA-CHACHA20-POLY1305+RSA:"
227 "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305",
228 {
229 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
230 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
231 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
232 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
233 },
234 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]235};
236
237static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]238 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]239 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
240 "RSA]",
241 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]242 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]243 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]244 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]245 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]246 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]247 "",
248 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]249 // COMPLEMENTOFDEFAULT is empty.
250 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]251 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]252 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]253 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]254 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
255 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
256 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
257 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]258 // Opcode supplied, but missing selector.
259 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]260};
261
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]262static const char *kMustNotIncludeNull[] = {
263 "ALL",
264 "DEFAULT",
265 "ALL:!eNULL",
266 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]267 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]268 "FIPS",
269 "SHA",
270 "SHA1",
271 "RSA",
272 "SSLv3",
273 "TLSv1",
274 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]275};
276
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]277static const char *kMustNotIncludeCECPQ1[] = {
278 "ALL",
279 "DEFAULT",
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]280 "HIGH",
281 "FIPS",
282 "SHA",
283 "SHA1",
284 "SHA256",
285 "SHA384",
286 "RSA",
287 "SSLv3",
288 "TLSv1",
289 "TLSv1.2",
290 "aRSA",
291 "RSA",
292 "aECDSA",
293 "ECDSA",
294 "AES",
295 "AES128",
296 "AES256",
297 "AESGCM",
298 "CHACHA20",
299};
300
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]301static const CurveTest kCurveTests[] = {
302 {
303 "P-256",
304 { SSL_CURVE_SECP256R1 },
305 },
306 {
307 "P-256:P-384:P-521:X25519",
308 {
309 SSL_CURVE_SECP256R1,
310 SSL_CURVE_SECP384R1,
311 SSL_CURVE_SECP521R1,
312 SSL_CURVE_X25519,
313 },
314 },
315};
316
317static const char *kBadCurvesLists[] = {
318 "",
319 ":",
320 "::",
321 "P-256::X25519",
322 "RSA:P-256",
323 "P-256:RSA",
324 "X25519:P-256:",
325 ":X25519:P-256",
326};
327
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]328static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
329 bool in_group = false;
330 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
332 if (!in_group && list->in_group_flags[i]) {
333 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]334 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]335 }
336 fprintf(stderr, "\t");
337 if (in_group) {
338 fprintf(stderr, " ");
339 }
340 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
341 if (in_group && !list->in_group_flags[i]) {
342 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]343 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]344 }
345 }
346}
347
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]348static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]349 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]350 if (!ctx) {
351 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]352 }
353
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]354 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
355 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]356 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]357 }
358
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]359 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]360 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
361 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
362 PrintCipherPreferenceList(ctx->cipher_list);
363 return false;
364 }
365
366 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]367 const SSL_CIPHER *cipher =
368 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]369 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
370 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
371 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]372 PrintCipherPreferenceList(ctx->cipher_list);
373 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]374 }
375 }
376
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]377 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]378}
379
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]380static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]381 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]382 if (!ctx) {
383 return false;
384 }
385 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
386 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
387 return false;
388 }
389 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
390 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
391 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
392 return false;
393 }
394 }
395 return true;
396}
397
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]398static bool TestRuleDoesNotIncludeCECPQ1(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]399 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]400 if (!ctx) {
401 return false;
402 }
403 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
404 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
405 return false;
406 }
407 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
408 if (SSL_CIPHER_is_CECPQ1(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
409 fprintf(stderr, "Error: cipher rule '%s' includes CECPQ1\n",rule);
410 return false;
411 }
412 }
413 return true;
414}
415
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]416static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]417 for (const CipherTest &test : kCipherTests) {
418 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]419 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]420 }
421 }
422
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]423 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]424 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]425 if (!ctx) {
426 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]427 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]428 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
429 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]430 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]431 }
432 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]433 }
434
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]435 for (const char *rule : kMustNotIncludeNull) {
436 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]437 return false;
438 }
439 }
440
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]441 for (const char *rule : kMustNotIncludeCECPQ1) {
442 if (!TestRuleDoesNotIncludeCECPQ1(rule)) {
443 return false;
444 }
445 }
446
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]447 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]448}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]449
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]450static bool TestCurveRule(const CurveTest &t) {
451 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
452 if (!ctx) {
453 return false;
454 }
455
456 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
457 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
458 return false;
459 }
460
461 // Compare the two lists.
462 if (ctx->supported_group_list_len != t.expected.size()) {
463 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
464 return false;
465 }
466
467 for (size_t i = 0; i < t.expected.size(); i++) {
468 if (t.expected[i] != ctx->supported_group_list[i]) {
469 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
470 return false;
471 }
472 }
473
474 return true;
475}
476
477static bool TestCurveRules() {
478 for (const CurveTest &test : kCurveTests) {
479 if (!TestCurveRule(test)) {
480 return false;
481 }
482 }
483
484 for (const char *rule : kBadCurvesLists) {
485 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
486 if (!ctx) {
487 return false;
488 }
489 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
490 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
491 return false;
492 }
493 ERR_clear_error();
494 }
495
496 return true;
497}
498
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]499// kOpenSSLSession is a serialized SSL_SESSION generated from openssl
500// s_client -sess_out.
501static const char kOpenSSLSession[] =
502 "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
503 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
504 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
505 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
506 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
507 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
508 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
509 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
510 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
511 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
512 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
513 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
514 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
515 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
516 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
517 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
518 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
519 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
520 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
521 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
522 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
523 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
524 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
525 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
526 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
527 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
528 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
529 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
530 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
531 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
532 "i4gv7Y5oliyn";
533
534// kCustomSession is a custom serialized SSL_SESSION generated by
535// filling in missing fields from |kOpenSSLSession|. This includes
536// providing |peer_sha256|, so |peer| is not serialized.
537static const char kCustomSession[] =
538 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
539 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
540 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
541 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
542 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
543 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
544 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
545 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
546
547// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
548static const char kBoringSSLSession[] =
549 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
550 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
551 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
552 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
553 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
554 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
555 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
556 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
557 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
558 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
559 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
560 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
561 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
562 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
563 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
564 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
565 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
566 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
567 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
568 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
569 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
570 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
571 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
572 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
573 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
574 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
575 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
576 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
577 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
578 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
579 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
580 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
581 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
582 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
583 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
584 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
585 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
586 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
587 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
588 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
589 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
590 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
591 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
592 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
593 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
594 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
595 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
596 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
597 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
598 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
599 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
600 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
601 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
602 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
603 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
604 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
605 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
606 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
607 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
608 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
609 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
610 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
611 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
612 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
613 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
614 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
615 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
616 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
617 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
618 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
619 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
620 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
621 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
622 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
623 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
624 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
625 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
626 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
627 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
628 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
629 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
630 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
631 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
632 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
633 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
634 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
635 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
636 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
637 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
638 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
639 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
640 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
641 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
642 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
643 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
644
645// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
646// the final (optional) element of |kCustomSession| with tag number 30.
647static const char kBadSessionExtraField[] =
648 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
649 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
650 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
651 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
652 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
653 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
654 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
655 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
656
657// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
658// the version of |kCustomSession| with 2.
659static const char kBadSessionVersion[] =
660 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
661 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
662 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
663 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
664 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
665 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
666 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
667 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
668
669// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
670// appended.
671static const char kBadSessionTrailingData[] =
672 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
673 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
674 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
675 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
676 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
677 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
678 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
679 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
680
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]683 if (!EVP_DecodedLength(&len, strlen(in))) {
684 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]686 }
687
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]688 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]689 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 strlen(in))) {
691 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]693 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694 out->resize(len);
695 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]696}
697
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 const uint8_t *cptr;
700 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]701
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]702 // Decode the input.
703 std::vector<uint8_t> input;
704 if (!DecodeBase64(&input, input_b64)) {
705 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 }
707
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]708 // Verify the SSL_SESSION decodes.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]709 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]710 if (!session) {
711 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]712 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]713 }
714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Verify the SSL_SESSION encoding round-trips.
716 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]717 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 uint8_t *encoded_raw;
719 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]720 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]722 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]723 encoded.reset(encoded_raw);
724 if (encoded_len != input.size() ||
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]725 memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]726 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]727 hexdump(stderr, "Before: ", input.data(), input.size());
728 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]729 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]730 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]731
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]732 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]733 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]734 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]735 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]736 fprintf(stderr, "d2i_SSL_SESSION failed\n");
737 return false;
738 }
739
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]740 // Verify the SSL_SESSION encoding round-trips via the legacy API.
741 int len = i2d_SSL_SESSION(session.get(), NULL);
742 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]743 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]744 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]745 }
746
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
748 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]749 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]750 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]751 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]752
753 ptr = encoded.get();
754 len = i2d_SSL_SESSION(session.get(), &ptr);
755 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]756 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]757 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]758 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]759 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]760 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]761 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]762 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]763 if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]764 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]765 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]766 }
767
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769}
770
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]771static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
772 std::vector<uint8_t> input;
773 if (!DecodeBase64(&input, input_b64)) {
774 return false;
775 }
776
777 // Verify that the SSL_SESSION fails to decode.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]778 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]779 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]780 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]781 return false;
782 }
783 ERR_clear_error();
784 return true;
785}
786
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]787static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]788 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]789 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]790 if (!ctx) {
791 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]792 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]793 if (ctx->min_version != min_version || ctx->max_version != max_version) {
794 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
795 ctx->min_version, ctx->max_version, min_version, max_version);
796 return false;
797 }
798 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]799}
800
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]801static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]802 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
803 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]804 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]805 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]806 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]807 if (!rfc_name) {
808 return false;
809 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]810 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]811 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]812}
813
814typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]815 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]816 const char *rfc_name;
817} CIPHER_RFC_NAME_TEST;
818
819static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]820 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
821 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
822 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
823 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
824 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
825 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
826 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
827 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
828 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
829 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
830 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
831 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
832 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
833 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
834 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
835 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
836 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
837 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
838 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
839 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
840 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
841 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
842
843 // These names are non-standard:
844 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
845 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
846 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
847 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]848};
849
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]850static bool TestCipherGetRFCName(void) {
851 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]852 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]853 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]854 std::string rfc_name;
855 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
856 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
857 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]858 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]859 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]860 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]861 rfc_name.c_str(), test->rfc_name);
862 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]863 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]864 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]865 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]866}
867
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]868// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
869// version and ticket length or nullptr on failure.
870static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
871 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]872 std::vector<uint8_t> der;
873 if (!DecodeBase64(&der, kOpenSSLSession)) {
874 return nullptr;
875 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]876 bssl::UniquePtr<SSL_SESSION> session(
877 SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]878 if (!session) {
879 return nullptr;
880 }
881
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]882 session->ssl_version = version;
883
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]884 // Swap out the ticket for a garbage one.
885 OPENSSL_free(session->tlsext_tick);
886 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
887 if (session->tlsext_tick == nullptr) {
888 return nullptr;
889 }
890 memset(session->tlsext_tick, 'a', ticket_len);
891 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]892
893 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]894#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
895 session->time = 1234;
896#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]897 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]898#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]899 return session;
900}
901
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]902static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]903 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]904 if (!bio) {
905 return false;
906 }
907 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]908 BIO_up_ref(bio.get());
909 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]910 int ret = SSL_connect(ssl);
911 if (ret > 0) {
912 // SSL_connect should fail without a BIO to write to.
913 return false;
914 }
915 ERR_clear_error();
916
917 const uint8_t *client_hello;
918 size_t client_hello_len;
919 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
920 return false;
921 }
922 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
923 return true;
924}
925
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]926// GetClientHelloLen creates a client SSL connection with the specified version
927// and ticket length. It returns the length of the ClientHello, not including
928// the record header, on success and zero on error.
929static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
930 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]931 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]932 bssl::UniquePtr<SSL_SESSION> session =
933 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]934 if (!ctx || !session) {
935 return 0;
936 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]937
938 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]939 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]940 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]941 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
942 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]943 return 0;
944 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]945
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]946 std::vector<uint8_t> client_hello;
947 if (!GetClientHello(ssl.get(), &client_hello) ||
948 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]949 return 0;
950 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]951
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]952 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]953}
954
955struct PaddingTest {
956 size_t input_len, padded_len;
957};
958
959static const PaddingTest kPaddingTests[] = {
960 // ClientHellos of length below 0x100 do not require padding.
961 {0xfe, 0xfe},
962 {0xff, 0xff},
963 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
964 {0x100, 0x200},
965 {0x123, 0x200},
966 {0x1fb, 0x200},
967 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
968 // padding extension takes a minimum of four bytes plus one required content
969 // byte. (To work around yet more server bugs, we avoid empty final
970 // extensions.)
971 {0x1fc, 0x201},
972 {0x1fd, 0x202},
973 {0x1fe, 0x203},
974 {0x1ff, 0x204},
975 // Finally, larger ClientHellos need no padding.
976 {0x200, 0x200},
977 {0x201, 0x201},
978};
979
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]980static bool TestPaddingExtension(uint16_t max_version,
981 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]982 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]983 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]984 if (base_len == 0) {
985 return false;
986 }
987
988 for (const PaddingTest &test : kPaddingTests) {
989 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]990 fprintf(stderr,
991 "Baseline ClientHello too long (max_version = %04x, "
992 "session_version = %04x).\n",
993 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]994 return false;
995 }
996
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]997 size_t padded_len = GetClientHelloLen(max_version, session_version,
998 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]999 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1000 fprintf(stderr,
1001 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1002 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1003 static_cast<unsigned>(test.input_len),
1004 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1005 static_cast<unsigned>(test.padded_len), max_version,
1006 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1007 return false;
1008 }
1009 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1010
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1011 return true;
1012}
1013
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1014// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1015// before configuring as a server.
1016static bool TestClientCAList() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1018 if (!ctx) {
1019 return false;
1020 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1021 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1022 if (!ssl) {
1023 return false;
1024 }
1025
1026 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
1027 if (stack == nullptr) {
1028 return false;
1029 }
1030 // |SSL_set_client_CA_list| takes ownership.
1031 SSL_set_client_CA_list(ssl.get(), stack);
1032
1033 return SSL_get_client_CA_list(ssl.get()) == stack;
1034}
1035
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1036static void AppendSession(SSL_SESSION *session, void *arg) {
1037 std::vector<SSL_SESSION*> *out =
1038 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1039 out->push_back(session);
1040}
1041
1042// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
1043// order.
1044static bool ExpectCache(SSL_CTX *ctx,
1045 const std::vector<SSL_SESSION*> &expected) {
1046 // Check the linked list.
1047 SSL_SESSION *ptr = ctx->session_cache_head;
1048 for (SSL_SESSION *session : expected) {
1049 if (ptr != session) {
1050 return false;
1051 }
1052 // TODO(davidben): This is an absurd way to denote the end of the list.
1053 if (ptr->next ==
1054 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1055 ptr = nullptr;
1056 } else {
1057 ptr = ptr->next;
1058 }
1059 }
1060 if (ptr != nullptr) {
1061 return false;
1062 }
1063
1064 // Check the hash table.
1065 std::vector<SSL_SESSION*> actual, expected_copy;
1066 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1067 expected_copy = expected;
1068
1069 std::sort(actual.begin(), actual.end());
1070 std::sort(expected_copy.begin(), expected_copy.end());
1071
1072 return actual == expected_copy;
1073}
1074
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1075static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
1076 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new());
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1077 if (!ret) {
1078 return nullptr;
1079 }
1080
1081 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
1082 memset(ret->session_id, 0, ret->session_id_length);
1083 memcpy(ret->session_id, &number, sizeof(number));
1084 return ret;
1085}
1086
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1087// Test that the internal session cache behaves as expected.
1088static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1089 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1090 if (!ctx) {
1091 return false;
1092 }
1093
1094 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1095 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1096 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1097 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1098 if (!session) {
1099 return false;
1100 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1101 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1102 }
1103
1104 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1105
1106 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1107 for (const auto &session : sessions) {
1108 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1109 return false;
1110 }
1111 }
1112
1113 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1114 std::vector<SSL_SESSION*> expected = {
1115 sessions[9].get(),
1116 sessions[8].get(),
1117 sessions[7].get(),
1118 sessions[6].get(),
1119 sessions[5].get(),
1120 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1121 if (!ExpectCache(ctx.get(), expected)) {
1122 return false;
1123 }
1124
1125 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1126 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1127 !ExpectCache(ctx.get(), expected)) {
1128 return false;
1129 }
1130
1131 // Although collisions should be impossible (256-bit session IDs), the cache
1132 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1133 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1134 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1135 return false;
1136 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1137 expected = {
1138 collision.get(),
1139 sessions[9].get(),
1140 sessions[8].get(),
1141 sessions[6].get(),
1142 sessions[5].get(),
1143 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1144 if (!ExpectCache(ctx.get(), expected)) {
1145 return false;
1146 }
1147
1148 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1149 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1150 return false;
1151 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1152 expected = {
1153 collision.get(),
1154 sessions[9].get(),
1155 sessions[8].get(),
1156 sessions[5].get(),
1157 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1158 if (!ExpectCache(ctx.get(), expected)) {
1159 return false;
1160 }
1161
1162 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1163 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1164 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1165 !ExpectCache(ctx.get(), expected)) {
1166 return false;
1167 }
1168
1169 return true;
1170}
1171
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1172static uint16_t EpochFromSequence(uint64_t seq) {
1173 return static_cast<uint16_t>(seq >> 48);
1174}
1175
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1176static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1177 static const char kCertPEM[] =
1178 "-----BEGIN CERTIFICATE-----\n"
1179 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1180 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1181 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1182 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1183 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1184 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1185 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1186 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1187 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1188 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1189 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1190 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1191 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1192 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1193 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1194 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1195}
1196
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1198 static const char kKeyPEM[] =
1199 "-----BEGIN RSA PRIVATE KEY-----\n"
1200 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1201 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1202 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1203 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1204 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1205 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1206 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1207 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1208 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1209 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1210 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1211 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1212 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1213 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1214 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1215 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1216 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1217}
1218
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1219static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1220 static const char kCertPEM[] =
1221 "-----BEGIN CERTIFICATE-----\n"
1222 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1223 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1224 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1225 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1226 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1227 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1228 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1229 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1230 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1231 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1232 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1233 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1234 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1235}
1236
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1237static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1238 static const char kKeyPEM[] =
1239 "-----BEGIN PRIVATE KEY-----\n"
1240 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1241 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1242 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1243 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1244 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1245 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1246 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1247}
1248
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1249static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1250 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1251 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1252 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1253 if (!client || !server) {
1254 return false;
1255 }
1256 SSL_set_connect_state(client.get());
1257 SSL_set_accept_state(server.get());
1258
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1259 SSL_set_session(client.get(), session);
1260
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1261 BIO *bio1, *bio2;
1262 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1263 return false;
1264 }
1265 // SSL_set_bio takes ownership.
1266 SSL_set_bio(client.get(), bio1, bio1);
1267 SSL_set_bio(server.get(), bio2, bio2);
1268
1269 // Drive both their handshakes to completion.
1270 for (;;) {
1271 int client_ret = SSL_do_handshake(client.get());
1272 int client_err = SSL_get_error(client.get(), client_ret);
1273 if (client_err != SSL_ERROR_NONE &&
1274 client_err != SSL_ERROR_WANT_READ &&
1275 client_err != SSL_ERROR_WANT_WRITE) {
1276 fprintf(stderr, "Client error: %d\n", client_err);
1277 return false;
1278 }
1279
1280 int server_ret = SSL_do_handshake(server.get());
1281 int server_err = SSL_get_error(server.get(), server_ret);
1282 if (server_err != SSL_ERROR_NONE &&
1283 server_err != SSL_ERROR_WANT_READ &&
1284 server_err != SSL_ERROR_WANT_WRITE) {
1285 fprintf(stderr, "Server error: %d\n", server_err);
1286 return false;
1287 }
1288
1289 if (client_ret == 1 && server_ret == 1) {
1290 break;
1291 }
1292 }
1293
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1294 *out_client = std::move(client);
1295 *out_server = std::move(server);
1296 return true;
1297}
1298
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1299static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1300 uint16_t version) {
1301 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1302 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1303 if (!server_ctx || !client_ctx ||
1304 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1305 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1306 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1307 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1308 return false;
1309 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1310
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1311 bssl::UniquePtr<X509> cert = GetTestCertificate();
1312 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1313 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1314 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1315 return false;
1316 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1317
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1318 bssl::UniquePtr<SSL> client, server;
1319 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1320 server_ctx.get(), nullptr /* no session */)) {
1321 return false;
1322 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1323
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1324 // Drain any post-handshake messages to ensure there are no unread records
1325 // on either end.
1326 uint8_t byte = 0;
1327 if (SSL_read(client.get(), &byte, 1) > 0 ||
1328 SSL_read(server.get(), &byte, 1) > 0) {
1329 fprintf(stderr, "Received unexpected data.\n");
1330 return false;
1331 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1332
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1333 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1334 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1335 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1336 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1337
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1338 if (is_dtls) {
1339 // Both client and server must be at epoch 1.
1340 if (EpochFromSequence(client_read_seq) != 1 ||
1341 EpochFromSequence(client_write_seq) != 1 ||
1342 EpochFromSequence(server_read_seq) != 1 ||
1343 EpochFromSequence(server_write_seq) != 1) {
1344 fprintf(stderr, "Bad epochs.\n");
1345 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1346 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1347
1348 // The next record to be written should exceed the largest received.
1349 if (client_write_seq <= server_read_seq ||
1350 server_write_seq <= client_read_seq) {
1351 fprintf(stderr, "Inconsistent sequence numbers.\n");
1352 return false;
1353 }
1354 } else {
1355 // The next record to be written should equal the next to be received.
1356 if (client_write_seq != server_read_seq ||
1357 server_write_seq != client_read_seq) {
1358 fprintf(stderr, "Inconsistent sequence numbers.\n");
1359 return false;
1360 }
1361 }
1362
1363 // Send a record from client to server.
1364 if (SSL_write(client.get(), &byte, 1) != 1 ||
1365 SSL_read(server.get(), &byte, 1) != 1) {
1366 fprintf(stderr, "Could not send byte.\n");
1367 return false;
1368 }
1369
1370 // The client write and server read sequence numbers should have
1371 // incremented.
1372 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1373 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1374 fprintf(stderr, "Sequence numbers did not increment.\n");
1375 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1376 }
1377
1378 return true;
1379}
1380
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame^]1381static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1382 uint16_t version) {
1383 // SSL_shutdown is a no-op in DTLS.
1384 if (is_dtls) {
1385 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1386 }
1387
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame^]1388 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1389 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1390 bssl::UniquePtr<X509> cert = GetTestCertificate();
1391 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame^]1392 if (!client_ctx || !server_ctx || !cert || !key ||
1393 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1394 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1395 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1396 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1397 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1398 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1399 return false;
1400 }
1401
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1402 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1403 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1404 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1405 return false;
1406 }
1407
1408 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1409 // one side has shut down.
1410 if (SSL_shutdown(client.get()) != 0) {
1411 fprintf(stderr, "Could not shutdown.\n");
1412 return false;
1413 }
1414
1415 // Reading from the server should consume the EOF.
1416 uint8_t byte;
1417 if (SSL_read(server.get(), &byte, 1) != 0 ||
1418 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1419 fprintf(stderr, "Connection was not shut down cleanly.\n");
1420 return false;
1421 }
1422
1423 // However, the server may continue to write data and then shut down the
1424 // connection.
1425 byte = 42;
1426 if (SSL_write(server.get(), &byte, 1) != 1 ||
1427 SSL_read(client.get(), &byte, 1) != 1 ||
1428 byte != 42) {
1429 fprintf(stderr, "Could not send byte.\n");
1430 return false;
1431 }
1432
1433 // The server may then shutdown the connection.
1434 if (SSL_shutdown(server.get()) != 1 ||
1435 SSL_shutdown(client.get()) != 1) {
1436 fprintf(stderr, "Could not complete shutdown.\n");
1437 return false;
1438 }
1439
1440 return true;
1441}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame^]1442
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1443static bool TestSessionDuplication() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1444 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1445 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1446 if (!client_ctx || !server_ctx) {
1447 return false;
1448 }
1449
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1450 bssl::UniquePtr<X509> cert = GetTestCertificate();
1451 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1452 if (!cert || !key ||
1453 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1454 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1455 return false;
1456 }
1457
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1458 bssl::UniquePtr<SSL> client, server;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1459 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1460 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1461 return false;
1462 }
1463
1464 SSL_SESSION *session0 = SSL_get_session(client.get());
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1465 bssl::UniquePtr<SSL_SESSION> session1(SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1466 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1467 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1468 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1469
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1470 session1->not_resumable = 0;
1471
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1472 uint8_t *s0_bytes, *s1_bytes;
1473 size_t s0_len, s1_len;
1474
1475 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1476 return false;
1477 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1478 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1479
1480 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1481 return false;
1482 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1483 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1484
1485 return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
1486}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1487
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1488static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1489 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1490 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1491 SSL_get_wfd(ssl), rfd, wfd);
1492 return false;
1493 }
1494
1495 // The wrapper BIOs are always equal when fds are equal, even if set
1496 // individually.
1497 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1498 fprintf(stderr, "rbio and wbio did not match.\n");
1499 return false;
1500 }
1501
1502 return true;
1503}
1504
1505static bool TestSetFD() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1506 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1507 if (!ctx) {
1508 return false;
1509 }
1510
1511 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1512 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1513 if (!ssl ||
1514 !SSL_set_rfd(ssl.get(), 1) ||
1515 !SSL_set_wfd(ssl.get(), 2) ||
1516 !ExpectFDs(ssl.get(), 1, 2)) {
1517 return false;
1518 }
1519
1520 // Test setting the same FD.
1521 ssl.reset(SSL_new(ctx.get()));
1522 if (!ssl ||
1523 !SSL_set_fd(ssl.get(), 1) ||
1524 !ExpectFDs(ssl.get(), 1, 1)) {
1525 return false;
1526 }
1527
1528 // Test setting the same FD one side at a time.
1529 ssl.reset(SSL_new(ctx.get()));
1530 if (!ssl ||
1531 !SSL_set_rfd(ssl.get(), 1) ||
1532 !SSL_set_wfd(ssl.get(), 1) ||
1533 !ExpectFDs(ssl.get(), 1, 1)) {
1534 return false;
1535 }
1536
1537 // Test setting the same FD in the other order.
1538 ssl.reset(SSL_new(ctx.get()));
1539 if (!ssl ||
1540 !SSL_set_wfd(ssl.get(), 1) ||
1541 !SSL_set_rfd(ssl.get(), 1) ||
1542 !ExpectFDs(ssl.get(), 1, 1)) {
1543 return false;
1544 }
1545
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1546 // Test changing the read FD partway through.
1547 ssl.reset(SSL_new(ctx.get()));
1548 if (!ssl ||
1549 !SSL_set_fd(ssl.get(), 1) ||
1550 !SSL_set_rfd(ssl.get(), 2) ||
1551 !ExpectFDs(ssl.get(), 2, 1)) {
1552 return false;
1553 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1554
1555 // Test changing the write FD partway through.
1556 ssl.reset(SSL_new(ctx.get()));
1557 if (!ssl ||
1558 !SSL_set_fd(ssl.get(), 1) ||
1559 !SSL_set_wfd(ssl.get(), 2) ||
1560 !ExpectFDs(ssl.get(), 1, 2)) {
1561 return false;
1562 }
1563
1564 // Test a no-op change to the read FD partway through.
1565 ssl.reset(SSL_new(ctx.get()));
1566 if (!ssl ||
1567 !SSL_set_fd(ssl.get(), 1) ||
1568 !SSL_set_rfd(ssl.get(), 1) ||
1569 !ExpectFDs(ssl.get(), 1, 1)) {
1570 return false;
1571 }
1572
1573 // Test a no-op change to the write FD partway through.
1574 ssl.reset(SSL_new(ctx.get()));
1575 if (!ssl ||
1576 !SSL_set_fd(ssl.get(), 1) ||
1577 !SSL_set_wfd(ssl.get(), 1) ||
1578 !ExpectFDs(ssl.get(), 1, 1)) {
1579 return false;
1580 }
1581
1582 // ASan builds will implicitly test that the internal |BIO| reference-counting
1583 // is correct.
1584
1585 return true;
1586}
1587
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1588static bool TestSetBIO() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1589 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1590 if (!ctx) {
1591 return false;
1592 }
1593
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1594 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1595 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1596 bio3(BIO_new(BIO_s_mem()));
1597 if (!ssl || !bio1 || !bio2 || !bio3) {
1598 return false;
1599 }
1600
1601 // SSL_set_bio takes one reference when the parameters are the same.
1602 BIO_up_ref(bio1.get());
1603 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1604
1605 // Repeating the call does nothing.
1606 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1607
1608 // It takes one reference each when the parameters are different.
1609 BIO_up_ref(bio2.get());
1610 BIO_up_ref(bio3.get());
1611 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1612
1613 // Repeating the call does nothing.
1614 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1615
1616 // It takes one reference when changing only wbio.
1617 BIO_up_ref(bio1.get());
1618 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1619
1620 // It takes one reference when changing only rbio and the two are different.
1621 BIO_up_ref(bio3.get());
1622 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1623
1624 // If setting wbio to rbio, it takes no additional references.
1625 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1626
1627 // From there, wbio may be switched to something else.
1628 BIO_up_ref(bio1.get());
1629 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1630
1631 // If setting rbio to wbio, it takes no additional references.
1632 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1633
1634 // From there, rbio may be switched to something else, but, for historical
1635 // reasons, it takes a reference to both parameters.
1636 BIO_up_ref(bio1.get());
1637 BIO_up_ref(bio2.get());
1638 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1639
1640 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1641 // is correct.
1642 return true;
1643}
1644
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1645static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1646
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1647static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1648 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1649 bssl::UniquePtr<X509> cert = GetTestCertificate();
1650 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1651 if (!cert || !key) {
1652 return false;
1653 }
1654
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1655 // Configure both client and server to accept any certificate.
1656 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1657 if (!ctx ||
1658 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1659 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1660 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1661 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1662 return false;
1663 }
1664 SSL_CTX_set_verify(
1665 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1666 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1667
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1668 bssl::UniquePtr<SSL> client, server;
1669 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1670 nullptr /* no session */)) {
1671 return false;
1672 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1673
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1674 // Client and server should both see the leaf certificate.
1675 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1676 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1677 fprintf(stderr, "Server peer certificate did not match.\n");
1678 return false;
1679 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1680
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1681 peer.reset(SSL_get_peer_certificate(client.get()));
1682 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1683 fprintf(stderr, "Client peer certificate did not match.\n");
1684 return false;
1685 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1686
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1687 // However, for historical reasons, the chain includes the leaf on the
1688 // client, but does not on the server.
1689 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1690 fprintf(stderr, "Client peer chain was incorrect.\n");
1691 return false;
1692 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1693
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1694 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1695 fprintf(stderr, "Server peer chain was incorrect.\n");
1696 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1697 }
1698
1699 return true;
1700}
1701
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1702static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1703 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1704 bssl::UniquePtr<X509> cert = GetTestCertificate();
1705 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1706 if (!cert || !key) {
1707 return false;
1708 }
1709
1710 uint8_t *cert_der = NULL;
1711 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1712 if (cert_der_len < 0) {
1713 return false;
1714 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1715 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1716
1717 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1718 SHA256(cert_der, cert_der_len, cert_sha256);
1719
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1720 // Configure both client and server to accept any certificate, but the
1721 // server must retain only the SHA-256 of the peer.
1722 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1723 if (!ctx ||
1724 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1725 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1726 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1727 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1728 return false;
1729 }
1730 SSL_CTX_set_verify(
1731 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1732 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1733 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1734
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1735 bssl::UniquePtr<SSL> client, server;
1736 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1737 nullptr /* no session */)) {
1738 return false;
1739 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1740
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1741 // The peer certificate has been dropped.
1742 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1743 if (peer) {
1744 fprintf(stderr, "Peer certificate was retained.\n");
1745 return false;
1746 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1747
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1748 SSL_SESSION *session = SSL_get_session(server.get());
1749 if (!session->peer_sha256_valid) {
1750 fprintf(stderr, "peer_sha256_valid was not set.\n");
1751 return false;
1752 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1753
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1754 if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
1755 fprintf(stderr, "peer_sha256 did not match.\n");
1756 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1757 }
1758
1759 return true;
1760}
1761
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1762static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1763 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1764 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1765 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1766 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1767 // Our default cipher list varies by CPU capabilities, so manually place
1768 // the ChaCha20 ciphers in front.
1769 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1770 return false;
1771 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1772
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1773 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1774 if (!ssl) {
1775 return false;
1776 }
1777 std::vector<uint8_t> client_hello;
1778 if (!GetClientHello(ssl.get(), &client_hello)) {
1779 return false;
1780 }
1781
1782 // Zero the client_random.
1783 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1784 1 + 3 + // handshake message header
1785 2; // client_version
1786 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1787 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1788 return false;
1789 }
1790 memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
1791
1792 if (client_hello.size() != expected_len ||
1793 memcmp(client_hello.data(), expected, expected_len) != 0) {
1794 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1795 fprintf(stderr, "Got:\n\t");
1796 for (size_t i = 0; i < client_hello.size(); i++) {
1797 fprintf(stderr, "0x%02x, ", client_hello[i]);
1798 }
1799 fprintf(stderr, "\nWanted:\n\t");
1800 for (size_t i = 0; i < expected_len; i++) {
1801 fprintf(stderr, "0x%02x, ", expected[i]);
1802 }
1803 fprintf(stderr, "\n");
1804 return false;
1805 }
1806
1807 return true;
1808}
1809
1810// Tests that our ClientHellos do not change unexpectedly.
1811static bool TestClientHello() {
1812 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1813 0x16,
1814 0x03, 0x00,
1815 0x00, 0x3f,
1816 0x01,
1817 0x00, 0x00, 0x3b,
1818 0x03, 0x00,
1819 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1820 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1821 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1822 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1823 0x00,
1824 0x00, 0x14,
1825 0xc0, 0x09,
1826 0xc0, 0x13,
1827 0x00, 0x33,
1828 0xc0, 0x0a,
1829 0xc0, 0x14,
1830 0x00, 0x39,
1831 0x00, 0x2f,
1832 0x00, 0x35,
1833 0x00, 0x0a,
1834 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1835 };
1836 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1837 sizeof(kSSL3ClientHello))) {
1838 return false;
1839 }
1840
1841 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1842 0x16,
1843 0x03, 0x01,
1844 0x00, 0x5e,
1845 0x01,
1846 0x00, 0x00, 0x5a,
1847 0x03, 0x01,
1848 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1849 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1850 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1851 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1852 0x00,
1853 0x00, 0x12,
1854 0xc0, 0x09,
1855 0xc0, 0x13,
1856 0x00, 0x33,
1857 0xc0, 0x0a,
1858 0xc0, 0x14,
1859 0x00, 0x39,
1860 0x00, 0x2f,
1861 0x00, 0x35,
1862 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1863 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1864 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1865 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1866 };
1867 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1868 sizeof(kTLS1ClientHello))) {
1869 return false;
1870 }
1871
1872 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1873 0x16,
1874 0x03, 0x01,
1875 0x00, 0x5e,
1876 0x01,
1877 0x00, 0x00, 0x5a,
1878 0x03, 0x02,
1879 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1880 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1881 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1882 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1883 0x00,
1884 0x00, 0x12,
1885 0xc0, 0x09,
1886 0xc0, 0x13,
1887 0x00, 0x33,
1888 0xc0, 0x0a,
1889 0xc0, 0x14,
1890 0x00, 0x39,
1891 0x00, 0x2f,
1892 0x00, 0x35,
1893 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1894 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1895 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1896 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1897 };
1898 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1899 sizeof(kTLS11ClientHello))) {
1900 return false;
1901 }
1902
1903 static const uint8_t kTLS12ClientHello[] = {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1904 0x16, 0x03, 0x01, 0x00, 0x9e, 0x01, 0x00, 0x00, 0x9a, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1905 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1906 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1907 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0xcc, 0xa9,
1908 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
1909 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13,
1910 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1911 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1912 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1913 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00,
David Benjamin3a322f52016-10-26 12:45:35 -0400[diff] [blame]1914 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04,
1915 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1916 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
1917 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1918 };
1919 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1920 sizeof(kTLS12ClientHello))) {
1921 return false;
1922 }
1923
1924 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1925 // implementation has settled enough that it won't change.
1926
1927 return true;
1928}
1929
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1930static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1931
1932static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1933 // Save the most recent session.
1934 g_last_session.reset(session);
1935 return 1;
1936}
1937
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1938static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1939 SSL_CTX *server_ctx) {
1940 g_last_session = nullptr;
1941 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1942
1943 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1944 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1945 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1946 nullptr /* no session */)) {
1947 fprintf(stderr, "Failed to connect client and server.\n");
1948 return nullptr;
1949 }
1950
1951 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1952 SSL_read(client.get(), nullptr, 0);
1953
1954 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1955
1956 if (!g_last_session) {
1957 fprintf(stderr, "Client did not receive a session.\n");
1958 return nullptr;
1959 }
1960 return std::move(g_last_session);
1961}
1962
1963static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1964 SSL_SESSION *session,
1965 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1966 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1967 if (!ConnectClientAndServer(&client, &server, client_ctx,
1968 server_ctx, session)) {
1969 fprintf(stderr, "Failed to connect client and server.\n");
1970 return false;
1971 }
1972
1973 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1974 fprintf(stderr, "Client and server were inconsistent.\n");
1975 return false;
1976 }
1977
1978 bool was_reused = !!SSL_session_reused(client.get());
1979 if (was_reused != reused) {
1980 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1981 was_reused ? "" : " not");
1982 return false;
1983 }
1984
1985 return true;
1986}
1987
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]1988static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
1989 SSL_CTX *server_ctx,
1990 SSL_SESSION *session) {
1991 g_last_session = nullptr;
1992 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1993
1994 bssl::UniquePtr<SSL> client, server;
1995 if (!ConnectClientAndServer(&client, &server, client_ctx,
1996 server_ctx, session)) {
1997 fprintf(stderr, "Failed to connect client and server.\n");
1998 return nullptr;
1999 }
2000
2001 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2002 fprintf(stderr, "Client and server were inconsistent.\n");
2003 return nullptr;
2004 }
2005
2006 if (!SSL_session_reused(client.get())) {
2007 fprintf(stderr, "Session was not reused.\n");
2008 return nullptr;
2009 }
2010
2011 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2012 SSL_read(client.get(), nullptr, 0);
2013
2014 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2015
2016 if (!g_last_session) {
2017 fprintf(stderr, "Client did not receive a renewed session.\n");
2018 return nullptr;
2019 }
2020 return std::move(g_last_session);
2021}
2022
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2023static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2024 static const uint8_t kContext[] = {3};
2025
2026 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2027 return SSL_TLSEXT_ERR_ALERT_FATAL;
2028 }
2029
2030 return SSL_TLSEXT_ERR_OK;
2031}
2032
2033static int SwitchSessionIDContextEarly(
2034 const struct ssl_early_callback_ctx *ctx) {
2035 static const uint8_t kContext[] = {3};
2036
2037 if (!SSL_set_session_id_context(ctx->ssl, kContext, sizeof(kContext))) {
2038 return -1;
2039 }
2040
2041 return 1;
2042}
2043
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2044static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2045 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2046 bssl::UniquePtr<X509> cert = GetTestCertificate();
2047 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2048 if (!cert || !key) {
2049 return false;
2050 }
2051
2052 static const uint8_t kContext1[] = {1};
2053 static const uint8_t kContext2[] = {2};
2054
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2055 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2056 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2057 if (!server_ctx || !client_ctx ||
2058 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2059 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2060 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2061 sizeof(kContext1)) ||
2062 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2063 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2064 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2065 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2066 return false;
2067 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2068
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2069 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2070 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2071
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2072 bssl::UniquePtr<SSL_SESSION> session =
2073 CreateClientSession(client_ctx.get(), server_ctx.get());
2074 if (!session) {
2075 fprintf(stderr, "Error getting session.\n");
2076 return false;
2077 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2078
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2079 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2080 true /* expect session reused */)) {
2081 fprintf(stderr, "Error resuming session.\n");
2082 return false;
2083 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2084
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2085 // Change the session ID context.
2086 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2087 sizeof(kContext2))) {
2088 return false;
2089 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2090
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2091 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2092 false /* expect session not reused */)) {
2093 fprintf(stderr, "Error connecting with a different context.\n");
2094 return false;
2095 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2096
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2097 // Change the session ID context back and install an SNI callback to switch
2098 // it.
2099 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2100 sizeof(kContext1))) {
2101 return false;
2102 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2103
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2104 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2105 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2106
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2107 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2108 false /* expect session not reused */)) {
2109 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2110 return false;
2111 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2112
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2113 // Switch the session ID context with the early callback instead.
2114 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2115 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2116 SwitchSessionIDContextEarly);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2117
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2118 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2119 false /* expect session not reused */)) {
2120 fprintf(stderr,
2121 "Error connecting with a context switch on early callback.\n");
2122 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2123 }
2124
2125 return true;
2126}
2127
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2128static timeval g_current_time;
2129
2130static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2131 *out_clock = g_current_time;
2132}
2133
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2134static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2135 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2136 int encrypt) {
2137 static const uint8_t kZeros[16] = {0};
2138
2139 if (encrypt) {
2140 memcpy(key_name, kZeros, sizeof(kZeros));
2141 RAND_bytes(iv, 16);
2142 } else if (memcmp(key_name, kZeros, 16) != 0) {
2143 return 0;
2144 }
2145
2146 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2147 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2148 return -1;
2149 }
2150
2151 // Returning two from the callback in decrypt mode renews the
2152 // session in TLS 1.2 and below.
2153 return encrypt ? 1 : 2;
2154}
2155
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2156static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2157 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2158 return false;
2159 }
2160
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2161 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2162 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2163 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2164
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2165#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2166 // Fuzzer-mode tickets are unencrypted.
2167 memcpy(plaintext.get(), ciphertext, len);
2168#else
2169 static const uint8_t kZeros[16] = {0};
2170 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2171 bssl::ScopedEVP_CIPHER_CTX ctx;
2172 int len1, len2;
2173 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2174 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2175 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2176 return false;
2177 }
2178
2179 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2180#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2181
2182 bssl::UniquePtr<SSL_SESSION> server_session(
2183 SSL_SESSION_from_bytes(plaintext.get(), len));
2184 if (!server_session) {
2185 return false;
2186 }
2187
2188 *out = server_session->time;
2189 return true;
2190}
2191
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2192static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2193 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2194 bssl::UniquePtr<X509> cert = GetTestCertificate();
2195 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2196 if (!cert || !key) {
2197 return false;
2198 }
2199
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2200 for (bool server_test : std::vector<bool>{false, true}) {
2201 static const int kStartTime = 1000;
2202 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2203
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2204 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2205 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2206 if (!server_ctx || !client_ctx ||
2207 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2208 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2209 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2210 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2211 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2212 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2213 return false;
2214 }
2215
2216 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2217 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2218
2219 // Both client and server must enforce session timeouts.
2220 if (server_test) {
2221 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2222 } else {
2223 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
2224 }
2225
2226 // Configure a ticket callback which renews tickets.
2227 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2228
2229 bssl::UniquePtr<SSL_SESSION> session =
2230 CreateClientSession(client_ctx.get(), server_ctx.get());
2231 if (!session) {
2232 fprintf(stderr, "Error getting session.\n");
2233 return false;
2234 }
2235
2236 // Advance the clock just behind the timeout.
2237 g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT - 1;
2238
2239 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2240 true /* expect session reused */)) {
2241 fprintf(stderr, "Error resuming session.\n");
2242 return false;
2243 }
2244
2245 // Advance the clock one more second.
2246 g_current_time.tv_sec++;
2247
2248 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2249 false /* expect session not reused */)) {
2250 fprintf(stderr, "Error resuming session.\n");
2251 return false;
2252 }
2253
2254 // Rewind the clock to before the session was minted.
2255 g_current_time.tv_sec = kStartTime - 1;
2256
2257 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2258 false /* expect session not reused */)) {
2259 fprintf(stderr, "Error resuming session.\n");
2260 return false;
2261 }
2262
2263 // SSL 3.0 cannot renew sessions.
2264 if (version == SSL3_VERSION) {
2265 continue;
2266 }
2267
2268 // Renew the session 10 seconds before expiration.
2269 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 10;
2270 bssl::UniquePtr<SSL_SESSION> new_session =
2271 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2272 if (!new_session) {
2273 fprintf(stderr, "Error renewing session.\n");
2274 return false;
2275 }
2276
2277 // This new session is not the same object as before.
2278 if (session.get() == new_session.get()) {
2279 fprintf(stderr, "New and old sessions alias.\n");
2280 return false;
2281 }
2282
2283 // Check the sessions have timestamps measured from issuance.
2284 long session_time = 0;
2285 if (server_test) {
2286 if (!GetServerTicketTime(&session_time, new_session.get())) {
2287 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2288 return false;
2289 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2290 } else {
2291 session_time = new_session->time;
2292 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2293
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2294 if (session_time != g_current_time.tv_sec) {
2295 fprintf(stderr, "New session is not measured from issuance.\n");
2296 return false;
2297 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2298
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2299 // The new session is usable just before the old expiration.
2300 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 1;
2301 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2302 new_session.get(),
2303 true /* expect session reused */)) {
2304 fprintf(stderr, "Error resuming renewed session.\n");
2305 return false;
2306 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2307
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2308 // Renewal does not extend the lifetime, so it is not usable beyond the
2309 // old expiration.
2310 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT + 1;
2311 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2312 new_session.get(),
2313 false /* expect session not reused */)) {
2314 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2315 return false;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2316 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2317 }
2318
2319 return true;
2320}
2321
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2322static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2323 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2324 SSL_set_SSL_CTX(ssl, ctx);
2325 return SSL_TLSEXT_ERR_OK;
2326}
2327
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2328static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2329 uint16_t version) {
2330 // SSL 3.0 lacks extensions.
2331 if (version == SSL3_VERSION) {
2332 return true;
2333 }
2334
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2335 bssl::UniquePtr<X509> cert = GetTestCertificate();
2336 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2337 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2338 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2339 if (!cert || !key || !cert2 || !key2) {
2340 return false;
2341 }
2342
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2343 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2344 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2345
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2346 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2347 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2348 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2349 if (!server_ctx || !server_ctx2 || !client_ctx ||
2350 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2351 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2352 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2353 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2354 // Historically signing preferences would be lost in some cases with the
2355 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2356 // this doesn't happen when |version| is TLS 1.2, configure the private
2357 // key to only sign SHA-256.
2358 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2359 1) ||
2360 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2361 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2362 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2363 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2364 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2365 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2366 return false;
2367 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2368
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2369 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2370 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2371
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2372 bssl::UniquePtr<SSL> client, server;
2373 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2374 server_ctx.get(), nullptr)) {
2375 fprintf(stderr, "Handshake failed.\n");
2376 return false;
2377 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2378
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2379 // The client should have received |cert2|.
2380 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2381 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2382 fprintf(stderr, "Incorrect certificate received.\n");
2383 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2384 }
2385
2386 return true;
2387}
2388
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2389static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) {
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2390 if (!SSL_set_max_proto_version(ctx->ssl, TLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2391 return -1;
2392 }
2393
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2394 return 1;
2395}
2396
2397// TestEarlyCallbackVersionSwitch tests that the early callback can swap the
2398// maximum version.
2399static bool TestEarlyCallbackVersionSwitch() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2400 bssl::UniquePtr<X509> cert = GetTestCertificate();
2401 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2402 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2403 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2404 if (!cert || !key || !server_ctx || !client_ctx ||
2405 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2406 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2407 !SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION) ||
2408 !SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)) {
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2409 return false;
2410 }
2411
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2412 SSL_CTX_set_select_certificate_cb(server_ctx.get(), SetMaxVersion);
2413
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2414 bssl::UniquePtr<SSL> client, server;
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2415 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2416 server_ctx.get(), nullptr)) {
2417 return false;
2418 }
2419
2420 if (SSL_version(client.get()) != TLS1_2_VERSION) {
2421 fprintf(stderr, "Early callback failed to switch the maximum version.\n");
2422 return false;
2423 }
2424
2425 return true;
2426}
2427
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2428static bool TestSetVersion() {
2429 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2430 if (!ctx) {
2431 return false;
2432 }
2433
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2434 if (!SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2435 !SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION) ||
2436 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2437 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2438 fprintf(stderr, "Could not set valid TLS version.\n");
2439 return false;
2440 }
2441
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2442 if (SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2443 SSL_CTX_set_max_proto_version(ctx.get(), 0x0200) ||
2444 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2445 SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2446 SSL_CTX_set_min_proto_version(ctx.get(), 0x0200) ||
2447 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2448 fprintf(stderr, "Unexpectedly set invalid TLS version.\n");
2449 return false;
2450 }
2451
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2452 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2453 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2454 fprintf(stderr, "Could not set default TLS version.\n");
2455 return false;
2456 }
2457
2458 if (ctx->min_version != SSL3_VERSION ||
2459 ctx->max_version != TLS1_2_VERSION) {
2460 fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n",
2461 ctx->min_version, ctx->max_version);
2462 return false;
2463 }
2464
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2465 ctx.reset(SSL_CTX_new(DTLS_method()));
2466 if (!ctx) {
2467 return false;
2468 }
2469
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2470 if (!SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2471 !SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION) ||
2472 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2473 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2474 fprintf(stderr, "Could not set valid DTLS version.\n");
2475 return false;
2476 }
2477
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2478 if (SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2479 SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2480 SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2481 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2482 SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2483 SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2484 SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2485 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2486 fprintf(stderr, "Unexpectedly set invalid DTLS version.\n");
2487 return false;
2488 }
2489
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2490 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2491 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2492 fprintf(stderr, "Could not set default DTLS version.\n");
2493 return false;
2494 }
2495
2496 if (ctx->min_version != TLS1_1_VERSION ||
2497 ctx->max_version != TLS1_2_VERSION) {
2498 fprintf(stderr, "Default DTLS versions were incorrect (%04x and %04x).\n",
2499 ctx->min_version, ctx->max_version);
2500 return false;
2501 }
2502
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2503 return true;
2504}
2505
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2506static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2507 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2508 bssl::UniquePtr<X509> cert = GetTestCertificate();
2509 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2510 if (!cert || !key) {
2511 return false;
2512 }
2513
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2514 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2515 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2516 bssl::UniquePtr<SSL> client, server;
2517 if (!server_ctx || !client_ctx ||
2518 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2519 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2520 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2521 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2522 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2523 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2524 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2525 server_ctx.get(), nullptr /* no session */)) {
2526 fprintf(stderr, "Failed to connect.\n");
2527 return false;
2528 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2529
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2530 if (SSL_version(client.get()) != version ||
2531 SSL_version(server.get()) != version) {
2532 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2533 SSL_version(client.get()), SSL_version(server.get()), version);
2534 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2535 }
2536
2537 return true;
2538}
2539
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2540// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2541// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2542static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2543 uint16_t version) {
2544 // SSL 3.0 lacks extensions.
2545 if (version == SSL3_VERSION) {
2546 return true;
2547 }
2548
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2549 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2550
2551 bssl::UniquePtr<X509> cert = GetTestCertificate();
2552 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2553 if (!cert || !key) {
2554 return false;
2555 }
2556
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2557 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2558 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2559 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2560 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2561 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2562 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2563 0) {
2564 return false;
2565 }
2566
2567 // The ALPN callback does not fail the handshake on error, so have the
2568 // callback write a boolean.
2569 std::pair<uint16_t, bool> callback_state(version, false);
2570 SSL_CTX_set_alpn_select_cb(
2571 ctx.get(),
2572 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2573 unsigned in_len, void *arg) -> int {
2574 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2575 if (SSL_get_pending_cipher(ssl) != nullptr &&
2576 SSL_version(ssl) == state->first) {
2577 state->second = true;
2578 }
2579 return SSL_TLSEXT_ERR_NOACK;
2580 },
2581 &callback_state);
2582
2583 bssl::UniquePtr<SSL> client, server;
2584 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2585 nullptr /* no session */)) {
2586 return false;
2587 }
2588
2589 if (!callback_state.second) {
2590 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2591 return false;
2592 }
2593
2594 return true;
2595}
2596
2597static bool ForEachVersion(bool (*test_func)(bool is_dtls,
2598 const SSL_METHOD *method,
2599 uint16_t version)) {
2600 static uint16_t kTLSVersions[] = {
2601 SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION,
2602 TLS1_2_VERSION, TLS1_3_VERSION,
2603 };
2604
2605 static uint16_t kDTLSVersions[] = {
2606 DTLS1_VERSION, DTLS1_2_VERSION,
2607 };
2608
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2609 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2610 if (!test_func(false, TLS_method(), version)) {
2611 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2612 return false;
2613 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2614 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2615
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2616 for (uint16_t version : kDTLSVersions) {
2617 if (!test_func(true, DTLS_method(), version)) {
2618 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2619 return false;
2620 }
2621 }
2622
2623 return true;
2624}
2625
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]2626int main() {
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]2627 CRYPTO_library_init();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2628
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2629 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]2630 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2631 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
2632 !TestSSL_SESSIONEncoding(kCustomSession) ||
2633 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
2634 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
2635 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
2636 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]2637 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2638 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
2639 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
2640 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
2641 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
2642 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
2643 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
2644 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
2645 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
2646 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]2647 // Test the padding extension at TLS 1.2.
2648 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
2649 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
2650 // will be no PSK binder after the padding extension.
2651 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
2652 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
2653 // will be a PSK binder after the padding extension.
2654 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2655 !TestClientCAList() ||
2656 !TestInternalSessionCache() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2657 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame^]2658 !ForEachVersion(TestOneSidedShutdown) ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]2659 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]2660 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]2661 !TestSetBIO() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2662 !ForEachVersion(TestGetPeerCertificate) ||
2663 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2664 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2665 !ForEachVersion(TestSessionIDContext) ||
2666 !ForEachVersion(TestSessionTimeout) ||
2667 !ForEachVersion(TestSNICallback) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2668 !TestEarlyCallbackVersionSwitch() ||
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2669 !TestSetVersion() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2670 !ForEachVersion(TestVersion) ||
2671 !ForEachVersion(TestALPNCipherAvailable)) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]2672 ERR_print_errors_fp(stderr);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2673 return 1;
2674 }
2675
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]2676 printf("PASS\n");
2677 return 0;
2678}