Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 6cc352e216938d78b65fb8ccbeebfc1f7f7486c4 / . / ssl / ssl_test.cc
blob: 82888780ee3d72441104f45add33022402699e37 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]43// Windows defines struct timeval in winsock2.h.
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]52namespace bssl {
53
54namespace {
55
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]56#define TRACED_CALL(code) \
57 do { \
58 SCOPED_TRACE("<- called from here"); \
59 code; \
60 if (::testing::Test::HasFatalFailure()) { \
61 return; \
62 } \
63 } while (false)
64
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]65struct VersionParam {
66 uint16_t version;
67 enum { is_tls, is_dtls } ssl_method;
68 const char name[8];
69};
70
71static const size_t kTicketKeyLen = 48;
72
73static const VersionParam kAllVersions[] = {
74 {SSL3_VERSION, VersionParam::is_tls, "SSL3"},
75 {TLS1_VERSION, VersionParam::is_tls, "TLS1"},
76 {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"},
77 {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"},
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]78 {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"},
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]79 {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"},
80 {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"},
81};
82
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]83struct ExpectedCipher {
84 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]85 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]86};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]87
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]88struct CipherTest {
89 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]90 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]91 // The list of expected ciphers, in order.
92 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]93 // True if this cipher list should fail in strict mode.
94 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]95};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]96
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]97struct CurveTest {
98 // The rule string to apply.
99 const char *rule;
100 // The list of expected curves, in order.
101 std::vector<uint16_t> expected;
102};
103
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]104static const CipherTest kCipherTests[] = {
105 // Selecting individual ciphers should work.
106 {
107 "ECDHE-ECDSA-CHACHA20-POLY1305:"
108 "ECDHE-RSA-CHACHA20-POLY1305:"
109 "ECDHE-ECDSA-AES128-GCM-SHA256:"
110 "ECDHE-RSA-AES128-GCM-SHA256",
111 {
112 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]113 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]114 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
115 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
116 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]117 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]118 },
119 // + reorders selected ciphers to the end, keeping their relative order.
120 {
121 "ECDHE-ECDSA-CHACHA20-POLY1305:"
122 "ECDHE-RSA-CHACHA20-POLY1305:"
123 "ECDHE-ECDSA-AES128-GCM-SHA256:"
124 "ECDHE-RSA-AES128-GCM-SHA256:"
125 "+aRSA",
126 {
127 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]128 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
129 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]130 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
131 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]132 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]133 },
134 // ! banishes ciphers from future selections.
135 {
136 "!aRSA:"
137 "ECDHE-ECDSA-CHACHA20-POLY1305:"
138 "ECDHE-RSA-CHACHA20-POLY1305:"
139 "ECDHE-ECDSA-AES128-GCM-SHA256:"
140 "ECDHE-RSA-AES128-GCM-SHA256",
141 {
142 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]143 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
144 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]145 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 },
147 // Multiple masks can be ANDed in a single rule.
148 {
149 "kRSA+AESGCM+AES128",
150 {
151 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
152 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]153 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]154 },
155 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]156 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]157 // ECDHE_RSA.
158 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]159 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]160 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 "AESGCM+AES128+aRSA",
162 {
163 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]164 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
165 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]166 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]167 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]168 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]169 {
170 "ECDHE-ECDSA-CHACHA20-POLY1305:"
171 "ECDHE-RSA-CHACHA20-POLY1305:"
172 "ECDHE-ECDSA-AES128-GCM-SHA256:"
173 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]174 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]175 {
176 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]177 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]178 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
179 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
180 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]181 true,
182 },
183 // Unknown selectors are no-ops, except in strict mode.
184 {
185 "ECDHE-ECDSA-CHACHA20-POLY1305:"
186 "ECDHE-RSA-CHACHA20-POLY1305:"
187 "ECDHE-ECDSA-AES128-GCM-SHA256:"
188 "ECDHE-RSA-AES128-GCM-SHA256:"
189 "-BOGUS2:+BOGUS3:!BOGUS4",
190 {
191 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
192 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
193 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
194 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
195 },
196 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]197 },
198 // Square brackets specify equi-preference groups.
199 {
200 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
201 "[ECDHE-RSA-CHACHA20-POLY1305]:"
202 "ECDHE-RSA-AES128-GCM-SHA256",
203 {
204 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]205 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]206 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]207 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
208 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]209 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]210 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]211 // Standard names may be used instead of OpenSSL names.
212 {
213 "[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]214 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]215 "[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
216 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
217 {
218 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
219 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
220 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
221 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
222 },
223 false,
224 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]225 // @STRENGTH performs a stable strength-sort of the selected ciphers and
226 // only the selected ciphers.
227 {
228 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]229 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]230 "!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]231 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]232 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]233 // Select ECDHE ones and sort them by strength. Ties should resolve
234 // based on the order above.
235 "kECDHE:@STRENGTH:-ALL:"
236 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
237 // by strength. Then RSA, backwards by strength.
238 "aRSA",
239 {
240 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
241 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]242 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]243 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
244 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
245 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]246 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]247 },
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]248 // Additional masks after @STRENGTH get silently discarded.
249 //
250 // TODO(davidben): Make this an error. If not silently discarded, they get
251 // interpreted as + opcodes which are very different.
252 {
253 "ECDHE-RSA-AES128-GCM-SHA256:"
254 "ECDHE-RSA-AES256-GCM-SHA384:"
255 "@STRENGTH+AES256",
256 {
257 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
258 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
259 },
260 false,
261 },
262 {
263 "ECDHE-RSA-AES128-GCM-SHA256:"
264 "ECDHE-RSA-AES256-GCM-SHA384:"
265 "@STRENGTH+AES256:"
266 "ECDHE-RSA-CHACHA20-POLY1305",
267 {
268 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
269 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
270 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
271 },
272 false,
273 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]274 // Exact ciphers may not be used in multi-part rules; they are treated
275 // as unknown aliases.
276 {
277 "ECDHE-ECDSA-AES128-GCM-SHA256:"
278 "ECDHE-RSA-AES128-GCM-SHA256:"
279 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
280 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
281 {
282 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
283 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
284 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]285 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]286 },
287 // SSLv3 matches everything that existed before TLS 1.2.
288 {
289 "AES128-SHA:AES128-SHA256:!SSLv3",
290 {
291 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
292 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]293 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]294 },
295 // TLSv1.2 matches everything added in TLS 1.2.
296 {
297 "AES128-SHA:AES128-SHA256:!TLSv1.2",
298 {
299 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
300 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]301 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]302 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]303 // The two directives have no intersection. But each component is valid, so
304 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]305 {
306 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
307 {
308 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
309 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
310 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]311 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]312 },
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]313 // Spaces, semi-colons and commas are separators.
314 {
315 "AES128-SHA: AES128-SHA256 AES256-SHA ,AES256-SHA256 ; AES128-GCM-SHA256",
316 {
317 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
318 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
319 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
320 {TLS1_CK_RSA_WITH_AES_256_SHA256, 0},
321 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
322 },
323 // …but not in strict mode.
324 true,
325 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]326};
327
328static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]329 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]330 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
331 "RSA]",
332 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]333 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]334 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]335 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]336 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]337 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]338 "",
339 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]340 // COMPLEMENTOFDEFAULT is empty.
341 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]342 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]343 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]344 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]345 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
346 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
347 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
348 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]349 // Opcode supplied, but missing selector.
350 "+",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]351 // Spaces are forbidden in equal-preference groups.
352 "[AES128-SHA | AES128-SHA256]",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]353};
354
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]355static const char *kMustNotIncludeNull[] = {
356 "ALL",
357 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]358 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]359 "FIPS",
360 "SHA",
361 "SHA1",
362 "RSA",
363 "SSLv3",
364 "TLSv1",
365 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]366};
367
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]368static const CurveTest kCurveTests[] = {
369 {
370 "P-256",
371 { SSL_CURVE_SECP256R1 },
372 },
373 {
374 "P-256:P-384:P-521:X25519",
375 {
376 SSL_CURVE_SECP256R1,
377 SSL_CURVE_SECP384R1,
378 SSL_CURVE_SECP521R1,
379 SSL_CURVE_X25519,
380 },
381 },
David Benjamin6dda1662017-11-02 20:44:26 -0400[diff] [blame]382 {
383 "prime256v1:secp384r1:secp521r1:x25519",
384 {
385 SSL_CURVE_SECP256R1,
386 SSL_CURVE_SECP384R1,
387 SSL_CURVE_SECP521R1,
388 SSL_CURVE_X25519,
389 },
390 },
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]391};
392
393static const char *kBadCurvesLists[] = {
394 "",
395 ":",
396 "::",
397 "P-256::X25519",
398 "RSA:P-256",
399 "P-256:RSA",
400 "X25519:P-256:",
401 ":X25519:P-256",
402};
403
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]404static std::string CipherListToString(SSL_CTX *ctx) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]405 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]406 std::string ret;
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]407 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
408 for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
409 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
410 if (!in_group && SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]411 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]412 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]413 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]414 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]415 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]416 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]417 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]418 ret += SSL_CIPHER_get_name(cipher);
419 ret += "\n";
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]420 if (in_group && !SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]421 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]422 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]423 }
424 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]425 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]426}
427
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]428static bool CipherListsEqual(SSL_CTX *ctx,
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]429 const std::vector<ExpectedCipher> &expected) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]430 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
431 if (sk_SSL_CIPHER_num(ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]432 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]433 }
434
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]435 for (size_t i = 0; i < expected.size(); i++) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]436 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]437 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]438 expected[i].in_group_flag != !!SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]439 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]440 }
441 }
442
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]443 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]444}
445
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]446TEST(SSLTest, CipherRules) {
447 for (const CipherTest &t : kCipherTests) {
448 SCOPED_TRACE(t.rule);
449 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
450 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]451
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]452 // Test lax mode.
453 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]454 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]455 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]456 << CipherListToString(ctx.get());
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]457
458 // Test strict mode.
459 if (t.strict_fail) {
460 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
461 } else {
462 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]463 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]464 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]465 << CipherListToString(ctx.get());
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]466 }
467 }
468
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]469 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]470 SCOPED_TRACE(rule);
471 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
472 ASSERT_TRUE(ctx);
473
474 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]475 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]476 }
477
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]478 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]479 SCOPED_TRACE(rule);
480 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
481 ASSERT_TRUE(ctx);
482
483 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]484 for (const SSL_CIPHER *cipher : SSL_CTX_get_ciphers(ctx.get())) {
David Benjamine3bb51c2017-08-22 23:16:02 -0700[diff] [blame]485 EXPECT_NE(NID_undef, SSL_CIPHER_get_cipher_nid(cipher));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]486 }
487 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]488}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]489
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]490TEST(SSLTest, CurveRules) {
491 for (const CurveTest &t : kCurveTests) {
492 SCOPED_TRACE(t.rule);
493 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
494 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]495
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]496 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
497 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
498 for (size_t i = 0; i < t.expected.size(); i++) {
499 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]500 }
501 }
502
503 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]504 SCOPED_TRACE(rule);
505 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
506 ASSERT_TRUE(ctx);
507
508 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]509 ERR_clear_error();
510 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]511}
512
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]513// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]514static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]515 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]516 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
517 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
518 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
519 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
520 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
521 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
522 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
523 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
524 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
525 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
526 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
527 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
528 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
529 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
530 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
531 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
532 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
533 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
534 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
535 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
536 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
537 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
538 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
539 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
540 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
541 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
542 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
543 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
544 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]545 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]546
547// kCustomSession is a custom serialized SSL_SESSION generated by
548// filling in missing fields from |kOpenSSLSession|. This includes
549// providing |peer_sha256|, so |peer| is not serialized.
550static const char kCustomSession[] =
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]551 "MIIBZAIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]552 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]553 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUqAcEBXdvcmxkqQUCAwGJwKqBpwSB"
554 "pBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38"
555 "VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd"
556 "3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hg"
557 "b+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYGBgYGBgYGBgYGBgYGBgYGBgYG"
558 "BgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]559
560// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
561static const char kBoringSSLSession[] =
562 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
563 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
564 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
565 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
566 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
567 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
568 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
569 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
570 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
571 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
572 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
573 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
574 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
575 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
576 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
577 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
578 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
579 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
580 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
581 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
582 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
583 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
584 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
585 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
586 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
587 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
588 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
589 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
590 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
591 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
592 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
593 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
594 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
595 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
596 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
597 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
598 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
599 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
600 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
601 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
602 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
603 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
604 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
605 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
606 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
607 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
608 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
609 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
610 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
611 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
612 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
613 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
614 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
615 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
616 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
617 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
618 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
619 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
620 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
621 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
622 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
623 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
624 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
625 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
626 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
627 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
628 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
629 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
630 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
631 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
632 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
633 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
634 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
635 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
636 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
637 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
638 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
639 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
640 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
641 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
642 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
643 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
644 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
645 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
646 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
647 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
648 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
649 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
650 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
651 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
652 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
653 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
654 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
655 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
656 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
657
658// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
659// the final (optional) element of |kCustomSession| with tag number 30.
660static const char kBadSessionExtraField[] =
661 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
662 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
663 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
664 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
665 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
666 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
667 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
668 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
669
670// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
671// the version of |kCustomSession| with 2.
672static const char kBadSessionVersion[] =
673 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
674 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
675 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
676 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
677 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
678 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
679 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
680 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
681
682// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
683// appended.
684static const char kBadSessionTrailingData[] =
685 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
686 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
687 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
688 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
689 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
690 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
691 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
692 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
693
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]695 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]696 if (!EVP_DecodedLength(&len, strlen(in))) {
697 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 }
700
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]701 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]702 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]703 strlen(in))) {
704 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]705 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]707 out->resize(len);
708 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]709}
710
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]711static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]712 const uint8_t *cptr;
713 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Decode the input.
716 std::vector<uint8_t> input;
717 if (!DecodeBase64(&input, input_b64)) {
718 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]719 }
720
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]722 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
723 if (!ssl_ctx) {
724 return false;
725 }
726 bssl::UniquePtr<SSL_SESSION> session(
727 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]728 if (!session) {
729 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]730 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]731 }
732
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]733 // Verify the SSL_SESSION encoding round-trips.
734 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]735 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]736 uint8_t *encoded_raw;
737 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]738 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]740 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]741 encoded.reset(encoded_raw);
742 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]743 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]744 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]745 hexdump(stderr, "Before: ", input.data(), input.size());
746 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]748 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]749
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]750 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]751 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]752 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]753 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]754 fprintf(stderr, "d2i_SSL_SESSION failed\n");
755 return false;
756 }
757
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]758 // Verify the SSL_SESSION encoding round-trips via the legacy API.
759 int len = i2d_SSL_SESSION(session.get(), NULL);
760 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]761 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]762 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]763 }
764
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]765 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
766 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]767 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]770
771 ptr = encoded.get();
772 len = i2d_SSL_SESSION(session.get(), &ptr);
773 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]774 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]775 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]776 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]777 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]778 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]779 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]780 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]781 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]782 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]783 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]784 }
785
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]786 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]787}
788
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]789static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
790 std::vector<uint8_t> input;
791 if (!DecodeBase64(&input, input_b64)) {
792 return false;
793 }
794
795 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]796 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
797 if (!ssl_ctx) {
798 return false;
799 }
800 bssl::UniquePtr<SSL_SESSION> session(
801 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]802 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]803 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]804 return false;
805 }
806 ERR_clear_error();
807 return true;
808}
809
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]810static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
811 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]812 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]813 ASSERT_TRUE(ctx);
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]814 EXPECT_EQ(min_version, ctx->conf_min_version);
815 EXPECT_EQ(max_version, ctx->conf_max_version);
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]816}
817
818TEST(SSLTest, DefaultVersion) {
819 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
820 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
821 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
822 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
823 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
824 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
825 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
826 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]827}
828
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]829TEST(SSLTest, CipherProperties) {
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]830 static const struct {
831 int id;
832 const char *standard_name;
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]833 int cipher_nid;
834 int digest_nid;
835 int kx_nid;
836 int auth_nid;
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]837 int prf_nid;
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]838 } kTests[] = {
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]839 {
840 SSL3_CK_RSA_DES_192_CBC3_SHA,
841 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
842 NID_des_ede3_cbc,
843 NID_sha1,
844 NID_kx_rsa,
845 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]846 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]847 },
848 {
849 TLS1_CK_RSA_WITH_AES_128_SHA,
850 "TLS_RSA_WITH_AES_128_CBC_SHA",
851 NID_aes_128_cbc,
852 NID_sha1,
853 NID_kx_rsa,
854 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]855 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]856 },
857 {
858 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
859 "TLS_PSK_WITH_AES_256_CBC_SHA",
860 NID_aes_256_cbc,
861 NID_sha1,
862 NID_kx_psk,
863 NID_auth_psk,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]864 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]865 },
866 {
867 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
868 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
869 NID_aes_128_cbc,
870 NID_sha256,
871 NID_kx_ecdhe,
872 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]873 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]874 },
875 {
876 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
877 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
878 NID_aes_256_cbc,
879 NID_sha384,
880 NID_kx_ecdhe,
881 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]882 NID_sha384,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]883 },
884 {
885 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
886 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
887 NID_aes_128_gcm,
888 NID_undef,
889 NID_kx_ecdhe,
890 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]891 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]892 },
893 {
894 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
895 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
896 NID_aes_128_gcm,
897 NID_undef,
898 NID_kx_ecdhe,
899 NID_auth_ecdsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]900 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]901 },
902 {
903 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
904 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
905 NID_aes_256_gcm,
906 NID_undef,
907 NID_kx_ecdhe,
908 NID_auth_ecdsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]909 NID_sha384,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]910 },
911 {
912 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
913 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
914 NID_aes_128_cbc,
915 NID_sha1,
916 NID_kx_ecdhe,
917 NID_auth_psk,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]918 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]919 },
920 {
921 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
922 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
923 NID_chacha20_poly1305,
924 NID_undef,
925 NID_kx_ecdhe,
926 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]927 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]928 },
929 {
930 TLS1_CK_AES_256_GCM_SHA384,
931 "TLS_AES_256_GCM_SHA384",
932 NID_aes_256_gcm,
933 NID_undef,
934 NID_kx_any,
935 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]936 NID_sha384,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]937 },
938 {
939 TLS1_CK_AES_128_GCM_SHA256,
940 "TLS_AES_128_GCM_SHA256",
941 NID_aes_128_gcm,
942 NID_undef,
943 NID_kx_any,
944 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]945 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]946 },
947 {
948 TLS1_CK_CHACHA20_POLY1305_SHA256,
949 "TLS_CHACHA20_POLY1305_SHA256",
950 NID_chacha20_poly1305,
951 NID_undef,
952 NID_kx_any,
953 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]954 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]955 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]956 };
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]957
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]958 for (const auto &t : kTests) {
959 SCOPED_TRACE(t.standard_name);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]960
961 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
962 ASSERT_TRUE(cipher);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]963 EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));
964
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]965 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
966 ASSERT_TRUE(rfc_name);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]967 EXPECT_STREQ(t.standard_name, rfc_name.get());
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]968
969 EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher));
970 EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher));
971 EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher));
972 EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher));
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]973 EXPECT_EQ(t.prf_nid, SSL_CIPHER_get_prf_nid(cipher));
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]974 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]975}
976
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]977// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
978// version and ticket length or nullptr on failure.
979static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
980 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]981 std::vector<uint8_t> der;
982 if (!DecodeBase64(&der, kOpenSSLSession)) {
983 return nullptr;
984 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]985
986 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
987 if (!ssl_ctx) {
988 return nullptr;
989 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]990 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]991 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]992 if (!session) {
993 return nullptr;
994 }
995
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]996 session->ssl_version = version;
997
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]998 // Swap out the ticket for a garbage one.
999 OPENSSL_free(session->tlsext_tick);
1000 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
1001 if (session->tlsext_tick == nullptr) {
1002 return nullptr;
1003 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1004 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1005 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]1006
1007 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]1008#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
1009 session->time = 1234;
1010#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]1011 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]1012#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1013 return session;
1014}
1015
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1016static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1018 if (!bio) {
1019 return false;
1020 }
1021 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]1022 BIO_up_ref(bio.get());
1023 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1024 int ret = SSL_connect(ssl);
1025 if (ret > 0) {
1026 // SSL_connect should fail without a BIO to write to.
1027 return false;
1028 }
1029 ERR_clear_error();
1030
1031 const uint8_t *client_hello;
1032 size_t client_hello_len;
1033 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
1034 return false;
1035 }
1036 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
1037 return true;
1038}
1039
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1040// GetClientHelloLen creates a client SSL connection with the specified version
1041// and ticket length. It returns the length of the ClientHello, not including
1042// the record header, on success and zero on error.
1043static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
1044 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1045 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1046 bssl::UniquePtr<SSL_SESSION> session =
1047 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1048 if (!ctx || !session) {
1049 return 0;
1050 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1051
1052 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1053 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1054 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]1055 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1056 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1057 return 0;
1058 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1059
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1060 std::vector<uint8_t> client_hello;
1061 if (!GetClientHello(ssl.get(), &client_hello) ||
1062 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1063 return 0;
1064 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1065
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1066 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1067}
1068
1069struct PaddingTest {
1070 size_t input_len, padded_len;
1071};
1072
1073static const PaddingTest kPaddingTests[] = {
1074 // ClientHellos of length below 0x100 do not require padding.
1075 {0xfe, 0xfe},
1076 {0xff, 0xff},
1077 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
1078 {0x100, 0x200},
1079 {0x123, 0x200},
1080 {0x1fb, 0x200},
1081 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
1082 // padding extension takes a minimum of four bytes plus one required content
1083 // byte. (To work around yet more server bugs, we avoid empty final
1084 // extensions.)
1085 {0x1fc, 0x201},
1086 {0x1fd, 0x202},
1087 {0x1fe, 0x203},
1088 {0x1ff, 0x204},
1089 // Finally, larger ClientHellos need no padding.
1090 {0x200, 0x200},
1091 {0x201, 0x201},
1092};
1093
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1094static bool TestPaddingExtension(uint16_t max_version,
1095 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1096 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1097 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1098 if (base_len == 0) {
1099 return false;
1100 }
1101
1102 for (const PaddingTest &test : kPaddingTests) {
1103 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1104 fprintf(stderr,
1105 "Baseline ClientHello too long (max_version = %04x, "
1106 "session_version = %04x).\n",
1107 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1108 return false;
1109 }
1110
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1111 size_t padded_len = GetClientHelloLen(max_version, session_version,
1112 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1113 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1114 fprintf(stderr,
1115 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1116 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1117 static_cast<unsigned>(test.input_len),
1118 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1119 static_cast<unsigned>(test.padded_len), max_version,
1120 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1121 return false;
1122 }
1123 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1124
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1125 return true;
1126}
1127
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1128static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1129 static const char kCertPEM[] =
1130 "-----BEGIN CERTIFICATE-----\n"
1131 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1132 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1133 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1134 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1135 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1136 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1137 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1138 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1139 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1140 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1141 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1142 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1143 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1144 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1145 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1146 return bssl::UniquePtr<X509>(
1147 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1148}
1149
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1150static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1151 static const char kKeyPEM[] =
1152 "-----BEGIN RSA PRIVATE KEY-----\n"
1153 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1154 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1155 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1156 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1157 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1158 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1159 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1160 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1161 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1162 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1163 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1164 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1165 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1166 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1167 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1168 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1169 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1170}
1171
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1172static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1173 static const char kCertPEM[] =
1174 "-----BEGIN CERTIFICATE-----\n"
1175 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1176 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1177 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1178 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1179 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1180 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1181 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1182 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1183 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1184 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1185 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1186 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1187 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1188}
1189
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1190static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1191 static const char kKeyPEM[] =
1192 "-----BEGIN PRIVATE KEY-----\n"
1193 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1194 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1195 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1196 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1198 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1199 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1200}
1201
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1202static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1203 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1204 char *name, *header;
1205 uint8_t *data;
1206 long data_len;
1207 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1208 &data_len)) {
1209 return nullptr;
1210 }
1211 OPENSSL_free(name);
1212 OPENSSL_free(header);
1213
1214 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1215 CRYPTO_BUFFER_new(data, data_len, nullptr));
1216 OPENSSL_free(data);
1217 return ret;
1218}
1219
1220static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1221 static const char kCertPEM[] =
1222 "-----BEGIN CERTIFICATE-----\n"
1223 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1224 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1225 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1226 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1227 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1228 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1229 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1230 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1231 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1232 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1233 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1234 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1235 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1236 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1237 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1238 "1ngWZ7Ih\n"
1239 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1240 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1241}
1242
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1243static bssl::UniquePtr<X509> X509FromBuffer(
1244 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1245 if (!buffer) {
1246 return nullptr;
1247 }
1248 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1249 return bssl::UniquePtr<X509>(
1250 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1251}
1252
1253static bssl::UniquePtr<X509> GetChainTestCertificate() {
1254 return X509FromBuffer(GetChainTestCertificateBuffer());
1255}
1256
1257static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1258 static const char kCertPEM[] =
1259 "-----BEGIN CERTIFICATE-----\n"
1260 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1261 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1262 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1263 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1264 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1265 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1266 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1267 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1268 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1269 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1270 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1271 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1272 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1273 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1274 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1275 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1276 return BufferFromPEM(kCertPEM);
1277}
1278
1279static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1280 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1281}
1282
1283static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1284 static const char kKeyPEM[] =
1285 "-----BEGIN PRIVATE KEY-----\n"
1286 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1287 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1288 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1289 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1290 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1291 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1292 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1293 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1294 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1295 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1296 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1297 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1298 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1299 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1300 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1301 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1302 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1303 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1304 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1305 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1306 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1307 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1308 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1309 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1310 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1311 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1312 "-----END PRIVATE KEY-----\n";
1313 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1314 return bssl::UniquePtr<EVP_PKEY>(
1315 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1316}
1317
David Benjaminc79ae7a2017-08-29 16:09:44 -0400[diff] [blame]1318// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1319// before configuring as a server.
1320TEST(SSLTest, ClientCAList) {
1321 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1322 ASSERT_TRUE(ctx);
1323 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1324 ASSERT_TRUE(ssl);
1325
1326 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1327 ASSERT_TRUE(name);
1328
1329 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
1330 ASSERT_TRUE(name_dup);
1331
1332 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
1333 ASSERT_TRUE(stack);
1334
1335 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
1336 name_dup.release();
1337
1338 // |SSL_set_client_CA_list| takes ownership.
1339 SSL_set_client_CA_list(ssl.get(), stack.release());
1340
1341 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1342 ASSERT_TRUE(result);
1343 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1344 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
1345}
1346
1347TEST(SSLTest, AddClientCA) {
1348 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1349 ASSERT_TRUE(ctx);
1350 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1351 ASSERT_TRUE(ssl);
1352
1353 bssl::UniquePtr<X509> cert1 = GetTestCertificate();
1354 bssl::UniquePtr<X509> cert2 = GetChainTestCertificate();
1355 ASSERT_TRUE(cert1 && cert2);
1356 X509_NAME *name1 = X509_get_subject_name(cert1.get());
1357 X509_NAME *name2 = X509_get_subject_name(cert2.get());
1358
1359 EXPECT_EQ(0u, sk_X509_NAME_num(SSL_get_client_CA_list(ssl.get())));
1360
1361 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert1.get()));
1362 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert2.get()));
1363
1364 STACK_OF(X509_NAME) *list = SSL_get_client_CA_list(ssl.get());
1365 ASSERT_EQ(2u, sk_X509_NAME_num(list));
1366 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 0), name1));
1367 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 1), name2));
1368
1369 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert1.get()));
1370
1371 list = SSL_get_client_CA_list(ssl.get());
1372 ASSERT_EQ(3u, sk_X509_NAME_num(list));
1373 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 0), name1));
1374 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 1), name2));
1375 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 2), name1));
1376}
1377
1378static void AppendSession(SSL_SESSION *session, void *arg) {
1379 std::vector<SSL_SESSION*> *out =
1380 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1381 out->push_back(session);
1382}
1383
1384// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
1385// order.
1386static bool CacheEquals(SSL_CTX *ctx,
1387 const std::vector<SSL_SESSION*> &expected) {
1388 // Check the linked list.
1389 SSL_SESSION *ptr = ctx->session_cache_head;
1390 for (SSL_SESSION *session : expected) {
1391 if (ptr != session) {
1392 return false;
1393 }
1394 // TODO(davidben): This is an absurd way to denote the end of the list.
1395 if (ptr->next ==
1396 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1397 ptr = nullptr;
1398 } else {
1399 ptr = ptr->next;
1400 }
1401 }
1402 if (ptr != nullptr) {
1403 return false;
1404 }
1405
1406 // Check the hash table.
1407 std::vector<SSL_SESSION*> actual, expected_copy;
David Benjamin9eaa3bd2017-09-27 17:03:54 -0400[diff] [blame]1408 lh_SSL_SESSION_doall_arg(ctx->sessions, AppendSession, &actual);
David Benjaminc79ae7a2017-08-29 16:09:44 -0400[diff] [blame]1409 expected_copy = expected;
1410
1411 std::sort(actual.begin(), actual.end());
1412 std::sort(expected_copy.begin(), expected_copy.end());
1413
1414 return actual == expected_copy;
1415}
1416
1417static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
1418 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1419 if (!ssl_ctx) {
1420 return nullptr;
1421 }
1422 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
1423 if (!ret) {
1424 return nullptr;
1425 }
1426
1427 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
1428 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1429 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
1430 return ret;
1431}
1432
1433// Test that the internal session cache behaves as expected.
1434TEST(SSLTest, InternalSessionCache) {
1435 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1436 ASSERT_TRUE(ctx);
1437
1438 // Prepare 10 test sessions.
1439 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
1440 for (int i = 0; i < 10; i++) {
1441 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
1442 ASSERT_TRUE(session);
1443 sessions.push_back(std::move(session));
1444 }
1445
1446 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1447
1448 // Insert all the test sessions.
1449 for (const auto &session : sessions) {
1450 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
1451 }
1452
1453 // Only the last five should be in the list.
1454 ASSERT_TRUE(CacheEquals(
1455 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1456 sessions[6].get(), sessions[5].get()}));
1457
1458 // Inserting an element already in the cache should fail and leave the cache
1459 // unchanged.
1460 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1461 ASSERT_TRUE(CacheEquals(
1462 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1463 sessions[6].get(), sessions[5].get()}));
1464
1465 // Although collisions should be impossible (256-bit session IDs), the cache
1466 // must handle them gracefully.
1467 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
1468 ASSERT_TRUE(collision);
1469 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1470 ASSERT_TRUE(CacheEquals(
1471 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1472 sessions[6].get(), sessions[5].get()}));
1473
1474 // Removing sessions behaves correctly.
1475 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1476 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1477 sessions[8].get(), sessions[5].get()}));
1478
1479 // Removing sessions requires an exact match.
1480 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1481 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
1482
1483 // The cache remains unchanged.
1484 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1485 sessions[8].get(), sessions[5].get()}));
1486}
1487
1488static uint16_t EpochFromSequence(uint64_t seq) {
1489 return static_cast<uint16_t>(seq >> 48);
1490}
1491
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]1492static const uint8_t kTestName[] = {
1493 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
1494 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1495 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
1496 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
1497 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
1498 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64,
1499};
1500
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1501static bool CompleteHandshakes(SSL *client, SSL *server) {
1502 // Drive both their handshakes to completion.
1503 for (;;) {
1504 int client_ret = SSL_do_handshake(client);
1505 int client_err = SSL_get_error(client, client_ret);
1506 if (client_err != SSL_ERROR_NONE &&
1507 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1508 client_err != SSL_ERROR_WANT_WRITE &&
1509 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1510 fprintf(stderr, "Client error: %d\n", client_err);
1511 return false;
1512 }
1513
1514 int server_ret = SSL_do_handshake(server);
1515 int server_err = SSL_get_error(server, server_ret);
1516 if (server_err != SSL_ERROR_NONE &&
1517 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1518 server_err != SSL_ERROR_WANT_WRITE &&
1519 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1520 fprintf(stderr, "Server error: %d\n", server_err);
1521 return false;
1522 }
1523
1524 if (client_ret == 1 && server_ret == 1) {
1525 break;
1526 }
1527 }
1528
1529 return true;
1530}
1531
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1532struct ClientConfig {
1533 SSL_SESSION *session = nullptr;
1534 std::string servername;
1535};
1536
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1537static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1538 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1539 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1540 const ClientConfig &config = ClientConfig()) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1541 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1542 if (!client || !server) {
1543 return false;
1544 }
1545 SSL_set_connect_state(client.get());
1546 SSL_set_accept_state(server.get());
1547
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1548 if (config.session) {
1549 SSL_set_session(client.get(), config.session);
1550 }
1551 if (!config.servername.empty() &&
1552 !SSL_set_tlsext_host_name(client.get(), config.servername.c_str())) {
1553 return false;
1554 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1555
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1556 BIO *bio1, *bio2;
1557 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1558 return false;
1559 }
1560 // SSL_set_bio takes ownership.
1561 SSL_set_bio(client.get(), bio1, bio1);
1562 SSL_set_bio(server.get(), bio2, bio2);
1563
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1564 if (!CompleteHandshakes(client.get(), server.get())) {
1565 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1566 }
1567
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1568 *out_client = std::move(client);
1569 *out_server = std::move(server);
1570 return true;
1571}
1572
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]1573// SSLVersionTest executes its test cases under all available protocol versions.
1574// Test cases call |Connect| to create a connection using context objects with
1575// the protocol version fixed to the current version under test.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1576class SSLVersionTest : public ::testing::TestWithParam<VersionParam> {
1577 protected:
1578 SSLVersionTest() : cert_(GetTestCertificate()), key_(GetTestKey()) {}
1579
1580 void SetUp() { ResetContexts(); }
1581
1582 bssl::UniquePtr<SSL_CTX> CreateContext() const {
1583 const SSL_METHOD *method = is_dtls() ? DTLS_method() : TLS_method();
1584 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1585 if (!ctx || !SSL_CTX_set_min_proto_version(ctx.get(), version()) ||
1586 !SSL_CTX_set_max_proto_version(ctx.get(), version())) {
1587 return nullptr;
1588 }
1589 return ctx;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1590 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1591
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1592 void ResetContexts() {
1593 ASSERT_TRUE(cert_);
1594 ASSERT_TRUE(key_);
1595 client_ctx_ = CreateContext();
1596 ASSERT_TRUE(client_ctx_);
1597 server_ctx_ = CreateContext();
1598 ASSERT_TRUE(server_ctx_);
1599 // Set up a server cert. Client certs can be set up explicitly.
1600 ASSERT_TRUE(UseCertAndKey(server_ctx_.get()));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1601 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1602
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1603 bool UseCertAndKey(SSL_CTX *ctx) const {
1604 return SSL_CTX_use_certificate(ctx, cert_.get()) &&
1605 SSL_CTX_use_PrivateKey(ctx, key_.get());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1606 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1607
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1608 bool Connect(const ClientConfig &config = ClientConfig()) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1609 return ConnectClientAndServer(&client_, &server_, client_ctx_.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1610 server_ctx_.get(), config);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1611 }
1612
1613 uint16_t version() const { return GetParam().version; }
1614
1615 bool is_dtls() const {
1616 return GetParam().ssl_method == VersionParam::is_dtls;
1617 }
1618
1619 bssl::UniquePtr<SSL> client_, server_;
1620 bssl::UniquePtr<SSL_CTX> server_ctx_, client_ctx_;
1621 bssl::UniquePtr<X509> cert_;
1622 bssl::UniquePtr<EVP_PKEY> key_;
1623};
1624
1625INSTANTIATE_TEST_CASE_P(WithVersion, SSLVersionTest,
1626 testing::ValuesIn(kAllVersions),
1627 [](const testing::TestParamInfo<VersionParam> &i) {
1628 return i.param.name;
1629 });
1630
1631TEST_P(SSLVersionTest, SequenceNumber) {
1632 ASSERT_TRUE(Connect());
1633
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1634 // Drain any post-handshake messages to ensure there are no unread records
1635 // on either end.
1636 uint8_t byte = 0;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1637 ASSERT_LE(SSL_read(client_.get(), &byte, 1), 0);
1638 ASSERT_LE(SSL_read(server_.get(), &byte, 1), 0);
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1639
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1640 uint64_t client_read_seq = SSL_get_read_sequence(client_.get());
1641 uint64_t client_write_seq = SSL_get_write_sequence(client_.get());
1642 uint64_t server_read_seq = SSL_get_read_sequence(server_.get());
1643 uint64_t server_write_seq = SSL_get_write_sequence(server_.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1644
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1645 if (is_dtls()) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1646 // Both client and server must be at epoch 1.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1647 EXPECT_EQ(EpochFromSequence(client_read_seq), 1);
1648 EXPECT_EQ(EpochFromSequence(client_write_seq), 1);
1649 EXPECT_EQ(EpochFromSequence(server_read_seq), 1);
1650 EXPECT_EQ(EpochFromSequence(server_write_seq), 1);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1651
1652 // The next record to be written should exceed the largest received.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1653 EXPECT_GT(client_write_seq, server_read_seq);
1654 EXPECT_GT(server_write_seq, client_read_seq);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1655 } else {
1656 // The next record to be written should equal the next to be received.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1657 EXPECT_EQ(client_write_seq, server_read_seq);
1658 EXPECT_EQ(server_write_seq, client_read_seq);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1659 }
1660
1661 // Send a record from client to server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1662 EXPECT_EQ(SSL_write(client_.get(), &byte, 1), 1);
1663 EXPECT_EQ(SSL_read(server_.get(), &byte, 1), 1);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1664
1665 // The client write and server read sequence numbers should have
1666 // incremented.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1667 EXPECT_EQ(client_write_seq + 1, SSL_get_write_sequence(client_.get()));
1668 EXPECT_EQ(server_read_seq + 1, SSL_get_read_sequence(server_.get()));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1669}
1670
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1671TEST_P(SSLVersionTest, OneSidedShutdown) {
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1672 // SSL_shutdown is a no-op in DTLS.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1673 if (is_dtls()) {
1674 return;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1675 }
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1676 ASSERT_TRUE(Connect());
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1677
1678 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1679 // one side has shut down.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1680 ASSERT_EQ(SSL_shutdown(client_.get()), 0);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1681
1682 // Reading from the server should consume the EOF.
1683 uint8_t byte;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1684 ASSERT_EQ(SSL_read(server_.get(), &byte, 1), 0);
1685 ASSERT_EQ(SSL_get_error(server_.get(), 0), SSL_ERROR_ZERO_RETURN);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1686
1687 // However, the server may continue to write data and then shut down the
1688 // connection.
1689 byte = 42;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1690 ASSERT_EQ(SSL_write(server_.get(), &byte, 1), 1);
1691 ASSERT_EQ(SSL_read(client_.get(), &byte, 1), 1);
1692 ASSERT_EQ(byte, 42);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1693
1694 // The server may then shutdown the connection.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1695 EXPECT_EQ(SSL_shutdown(server_.get()), 1);
1696 EXPECT_EQ(SSL_shutdown(client_.get()), 1);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1697}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1698
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1699TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1700 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1701 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1702 ASSERT_TRUE(client_ctx);
1703 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1704
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1705 bssl::UniquePtr<X509> cert = GetTestCertificate();
1706 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1707 ASSERT_TRUE(cert);
1708 ASSERT_TRUE(key);
1709 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1710 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1711
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1712 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1713 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1714 server_ctx.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1715
1716 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjamin31b0c9b2017-07-20 14:49:15 -0400[diff] [blame]1717 bssl::UniquePtr<SSL_SESSION> session1 =
1718 bssl::SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1719 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1720
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1721 session1->not_resumable = 0;
1722
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1723 uint8_t *s0_bytes, *s1_bytes;
1724 size_t s0_len, s1_len;
1725
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1726 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1727 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1728
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1729 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1730 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1731
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1732 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1733}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1734
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1735static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]1736 EXPECT_EQ(rfd, SSL_get_fd(ssl));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1737 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1738 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1739
1740 // The wrapper BIOs are always equal when fds are equal, even if set
1741 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1742 if (rfd == wfd) {
1743 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1744 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1745}
1746
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1747TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1748 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1749 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1750
1751 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1752 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1753 ASSERT_TRUE(ssl);
1754 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1755 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1756 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1757
1758 // Test setting the same FD.
1759 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1760 ASSERT_TRUE(ssl);
1761 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1762 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1763
1764 // Test setting the same FD one side at a time.
1765 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1766 ASSERT_TRUE(ssl);
1767 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1768 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1769 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1770
1771 // Test setting the same FD in the other order.
1772 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1773 ASSERT_TRUE(ssl);
1774 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1775 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1776 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1777
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1778 // Test changing the read FD partway through.
1779 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1780 ASSERT_TRUE(ssl);
1781 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1782 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1783 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1784
1785 // Test changing the write FD partway through.
1786 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1787 ASSERT_TRUE(ssl);
1788 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1789 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1790 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1791
1792 // Test a no-op change to the read FD partway through.
1793 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1794 ASSERT_TRUE(ssl);
1795 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1796 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1797 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1798
1799 // Test a no-op change to the write FD partway through.
1800 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1801 ASSERT_TRUE(ssl);
1802 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1803 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1804 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1805
1806 // ASan builds will implicitly test that the internal |BIO| reference-counting
1807 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1808}
1809
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1810TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1811 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1812 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1813
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1814 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1815 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1816 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1817 ASSERT_TRUE(ssl);
1818 ASSERT_TRUE(bio1);
1819 ASSERT_TRUE(bio2);
1820 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1821
1822 // SSL_set_bio takes one reference when the parameters are the same.
1823 BIO_up_ref(bio1.get());
1824 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1825
1826 // Repeating the call does nothing.
1827 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1828
1829 // It takes one reference each when the parameters are different.
1830 BIO_up_ref(bio2.get());
1831 BIO_up_ref(bio3.get());
1832 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1833
1834 // Repeating the call does nothing.
1835 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1836
1837 // It takes one reference when changing only wbio.
1838 BIO_up_ref(bio1.get());
1839 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1840
1841 // It takes one reference when changing only rbio and the two are different.
1842 BIO_up_ref(bio3.get());
1843 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1844
1845 // If setting wbio to rbio, it takes no additional references.
1846 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1847
1848 // From there, wbio may be switched to something else.
1849 BIO_up_ref(bio1.get());
1850 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1851
1852 // If setting rbio to wbio, it takes no additional references.
1853 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1854
1855 // From there, rbio may be switched to something else, but, for historical
1856 // reasons, it takes a reference to both parameters.
1857 BIO_up_ref(bio1.get());
1858 BIO_up_ref(bio2.get());
1859 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1860
1861 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1862 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1863}
1864
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1865static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1866
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1867TEST_P(SSLVersionTest, GetPeerCertificate) {
1868 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1869
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1870 // Configure both client and server to accept any certificate.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1871 SSL_CTX_set_verify(client_ctx_.get(),
1872 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1873 nullptr);
1874 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
1875 SSL_CTX_set_verify(server_ctx_.get(),
1876 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1877 nullptr);
1878 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1879
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1880 ASSERT_TRUE(Connect());
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1881
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1882 // Client and server should both see the leaf certificate.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1883 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1884 ASSERT_TRUE(peer);
1885 ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1886
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1887 peer.reset(SSL_get_peer_certificate(client_.get()));
1888 ASSERT_TRUE(peer);
1889 ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1890
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1891 // However, for historical reasons, the X509 chain includes the leaf on the
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1892 // client, but does not on the server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1893 EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(client_.get())), 1u);
1894 EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client_.get())),
1895 1u);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1896
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1897 EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(server_.get())), 0u);
1898 EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server_.get())),
1899 1u);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1900}
1901
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1902TEST_P(SSLVersionTest, NoPeerCertificate) {
1903 SSL_CTX_set_verify(server_ctx_.get(), SSL_VERIFY_PEER, nullptr);
1904 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
1905 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1906
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1907 ASSERT_TRUE(Connect());
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1908
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1909 // Server should not see a peer certificate.
1910 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1911 ASSERT_FALSE(peer);
1912 ASSERT_FALSE(SSL_get0_peer_certificates(server_.get()));
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1913}
1914
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1915TEST_P(SSLVersionTest, RetainOnlySHA256OfCerts) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1916 uint8_t *cert_der = NULL;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1917 int cert_der_len = i2d_X509(cert_.get(), &cert_der);
1918 ASSERT_GE(cert_der_len, 0);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1919 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1920
1921 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1922 SHA256(cert_der, cert_der_len, cert_sha256);
1923
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1924 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
1925
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1926 // Configure both client and server to accept any certificate, but the
1927 // server must retain only the SHA-256 of the peer.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1928 SSL_CTX_set_verify(client_ctx_.get(),
1929 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1930 nullptr);
1931 SSL_CTX_set_verify(server_ctx_.get(),
1932 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1933 nullptr);
1934 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
1935 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
1936 SSL_CTX_set_retain_only_sha256_of_client_certs(server_ctx_.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1937
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1938 ASSERT_TRUE(Connect());
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1939
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1940 // The peer certificate has been dropped.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1941 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1942 EXPECT_FALSE(peer);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1943
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1944 SSL_SESSION *session = SSL_get_session(server_.get());
1945 EXPECT_TRUE(session->peer_sha256_valid);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1946
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1947 EXPECT_EQ(Bytes(cert_sha256), Bytes(session->peer_sha256));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1948}
1949
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1950// Tests that our ClientHellos do not change unexpectedly. These are purely
1951// change detection tests. If they fail as part of an intentional ClientHello
1952// change, update the test vector.
1953TEST(SSLTest, ClientHello) {
1954 struct {
1955 uint16_t max_version;
1956 std::vector<uint8_t> expected;
1957 } kTests[] = {
1958 {SSL3_VERSION,
1959 {0x16, 0x03, 0x00, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x37, 0x03, 0x00,
1960 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1961 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1962 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1963 0x00, 0x10, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00,
1964 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00}},
1965 {TLS1_VERSION,
1966 {0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00, 0x56, 0x03, 0x01, 0x00,
1967 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1968 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1969 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09,
1970 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1971 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1972 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1973 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}},
1974 {TLS1_1_VERSION,
1975 {0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00, 0x56, 0x03, 0x02, 0x00,
1976 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1977 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1978 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09,
1979 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1980 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1981 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1982 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}},
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1983 {TLS1_2_VERSION,
1984 {0x16, 0x03, 0x01, 0x00, 0x8e, 0x01, 0x00, 0x00, 0x8a, 0x03, 0x03, 0x00,
1985 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1986 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1987 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2a, 0xcc, 0xa9,
1988 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xc0, 0x09,
1989 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1990 0xc0, 0x28, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
1991 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
1992 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1993 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
1994 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
1995 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
1996 0x17, 0x00, 0x18}},
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1997 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1998 // implementation has settled enough that it won't change.
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1999 };
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]2000
2001 for (const auto &t : kTests) {
2002 SCOPED_TRACE(t.max_version);
2003
2004 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2005 ASSERT_TRUE(ctx);
2006 // Our default cipher list varies by CPU capabilities, so manually place the
2007 // ChaCha20 ciphers in front.
2008 const char *cipher_list = "CHACHA20:ALL";
2009 // SSLv3 is off by default.
2010 ASSERT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
2011 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), t.max_version));
2012 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list));
2013
2014 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
2015 ASSERT_TRUE(ssl);
2016 std::vector<uint8_t> client_hello;
2017 ASSERT_TRUE(GetClientHello(ssl.get(), &client_hello));
2018
2019 // Zero the client_random.
2020 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
2021 1 + 3 + // handshake message header
2022 2; // client_version
2023 ASSERT_GE(client_hello.size(), kRandomOffset + SSL3_RANDOM_SIZE);
2024 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
2025
2026 if (client_hello != t.expected) {
2027 ADD_FAILURE() << "ClientHellos did not match.";
2028 // Print the value manually so it is easier to update the test vector.
2029 for (size_t i = 0; i < client_hello.size(); i += 12) {
2030 printf(" %c", i == 0 ? '{' : ' ');
2031 for (size_t j = i; j < client_hello.size() && j < i + 12; j++) {
2032 if (j > i) {
2033 printf(" ");
2034 }
2035 printf("0x%02x", client_hello[j]);
2036 if (j < client_hello.size() - 1) {
2037 printf(",");
2038 }
2039 }
2040 if (i + 12 >= client_hello.size()) {
2041 printf("}}");
2042 }
2043 printf("\n");
2044 }
2045 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2046 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2047}
2048
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2049static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2050
2051static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2052 // Save the most recent session.
2053 g_last_session.reset(session);
2054 return 1;
2055}
2056
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2057static bssl::UniquePtr<SSL_SESSION> CreateClientSession(
2058 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2059 const ClientConfig &config = ClientConfig()) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2060 g_last_session = nullptr;
2061 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2062
2063 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2064 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2065 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2066 config)) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2067 fprintf(stderr, "Failed to connect client and server.\n");
2068 return nullptr;
2069 }
2070
2071 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2072 SSL_read(client.get(), nullptr, 0);
2073
2074 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2075
2076 if (!g_last_session) {
2077 fprintf(stderr, "Client did not receive a session.\n");
2078 return nullptr;
2079 }
2080 return std::move(g_last_session);
2081}
2082
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2083static void ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2084 SSL_SESSION *session, bool want_reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2085 bssl::UniquePtr<SSL> client, server;
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2086 ClientConfig config;
2087 config.session = session;
2088 EXPECT_TRUE(
2089 ConnectClientAndServer(&client, &server, client_ctx, server_ctx, config));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2090
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2091 EXPECT_EQ(SSL_session_reused(client.get()), SSL_session_reused(server.get()));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2092
2093 bool was_reused = !!SSL_session_reused(client.get());
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2094 EXPECT_EQ(was_reused, want_reused);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2095}
2096
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2097static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2098 SSL_CTX *server_ctx,
2099 SSL_SESSION *session) {
2100 g_last_session = nullptr;
2101 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2102
2103 bssl::UniquePtr<SSL> client, server;
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2104 ClientConfig config;
2105 config.session = session;
2106 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2107 config)) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2108 fprintf(stderr, "Failed to connect client and server.\n");
2109 return nullptr;
2110 }
2111
2112 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2113 fprintf(stderr, "Client and server were inconsistent.\n");
2114 return nullptr;
2115 }
2116
2117 if (!SSL_session_reused(client.get())) {
2118 fprintf(stderr, "Session was not reused.\n");
2119 return nullptr;
2120 }
2121
2122 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2123 SSL_read(client.get(), nullptr, 0);
2124
2125 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2126
2127 if (!g_last_session) {
2128 fprintf(stderr, "Client did not receive a renewed session.\n");
2129 return nullptr;
2130 }
2131 return std::move(g_last_session);
2132}
2133
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2134static void ExpectTicketKeyChanged(SSL_CTX *ctx, uint8_t *inout_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2135 bool changed) {
2136 uint8_t new_key[kTicketKeyLen];
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2137 // May return 0, 1 or 48.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2138 ASSERT_EQ(SSL_CTX_get_tlsext_ticket_keys(ctx, new_key, kTicketKeyLen), 1);
2139 if (changed) {
2140 ASSERT_NE(Bytes(inout_key, kTicketKeyLen), Bytes(new_key));
2141 } else {
2142 ASSERT_EQ(Bytes(inout_key, kTicketKeyLen), Bytes(new_key));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2143 }
2144 OPENSSL_memcpy(inout_key, new_key, kTicketKeyLen);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2145}
2146
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2147static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2148 static const uint8_t kContext[] = {3};
2149
2150 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2151 return SSL_TLSEXT_ERR_ALERT_FATAL;
2152 }
2153
2154 return SSL_TLSEXT_ERR_OK;
2155}
2156
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2157TEST_P(SSLVersionTest, SessionIDContext) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2158 static const uint8_t kContext1[] = {1};
2159 static const uint8_t kContext2[] = {2};
2160
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2161 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1,
2162 sizeof(kContext1)));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2163
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2164 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2165 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2166
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2167 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2168 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2169 ASSERT_TRUE(session);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2170
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2171 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2172 session.get(),
2173 true /* expect session reused */));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2174
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2175 // Change the session ID context.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2176 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext2,
2177 sizeof(kContext2)));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2178
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2179 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2180 session.get(),
2181 false /* expect session not reused */));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2182
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2183 // Change the session ID context back and install an SNI callback to switch
2184 // it.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2185 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1,
2186 sizeof(kContext1)));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2187
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2188 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(),
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2189 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2190
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2191 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2192 session.get(),
2193 false /* expect session not reused */));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2194
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2195 // Switch the session ID context with the early callback instead.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2196 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2197 SSL_CTX_set_select_certificate_cb(
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2198 server_ctx_.get(),
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2199 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2200 static const uint8_t kContext[] = {3};
2201
2202 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2203 sizeof(kContext))) {
2204 return ssl_select_cert_error;
2205 }
2206
2207 return ssl_select_cert_success;
2208 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2209
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2210 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2211 session.get(),
2212 false /* expect session not reused */));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2213}
2214
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2215static timeval g_current_time;
2216
2217static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2218 *out_clock = g_current_time;
2219}
2220
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2221static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2222 out_clock->tv_sec = 1000;
2223 out_clock->tv_usec = 0;
2224}
2225
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2226static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2227 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2228 int encrypt) {
2229 static const uint8_t kZeros[16] = {0};
2230
2231 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2232 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2233 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2234 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2235 return 0;
2236 }
2237
2238 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2239 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2240 return -1;
2241 }
2242
2243 // Returning two from the callback in decrypt mode renews the
2244 // session in TLS 1.2 and below.
2245 return encrypt ? 1 : 2;
2246}
2247
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2248static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2249 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2250 return false;
2251 }
2252
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2253 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2254 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2255 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2256
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2257#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2258 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2259 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2260#else
2261 static const uint8_t kZeros[16] = {0};
2262 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2263 bssl::ScopedEVP_CIPHER_CTX ctx;
2264 int len1, len2;
2265 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2266 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2267 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2268 return false;
2269 }
2270
2271 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2272#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2273
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2274 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2275 if (!ssl_ctx) {
2276 return false;
2277 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2278 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2279 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2280 if (!server_session) {
2281 return false;
2282 }
2283
2284 *out = server_session->time;
2285 return true;
2286}
2287
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2288TEST_P(SSLVersionTest, SessionTimeout) {
2289 for (bool server_test : {false, true}) {
2290 SCOPED_TRACE(server_test);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2291
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2292 ResetContexts();
2293 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2294 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
2295
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2296 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2297 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2298
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2299 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2300 // resumptions still perform ECDHE.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2301 const time_t timeout = version() == TLS1_3_VERSION
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2302 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2303 : SSL_DEFAULT_SESSION_TIMEOUT;
2304
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2305 // Both client and server must enforce session timeouts. We configure the
2306 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2307 if (server_test) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2308 SSL_CTX_set_current_time_cb(client_ctx_.get(), FrozenTimeCallback);
2309 SSL_CTX_set_current_time_cb(server_ctx_.get(), CurrentTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2310 } else {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2311 SSL_CTX_set_current_time_cb(client_ctx_.get(), CurrentTimeCallback);
2312 SSL_CTX_set_current_time_cb(server_ctx_.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2313 }
2314
2315 // Configure a ticket callback which renews tickets.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2316 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx_.get(), RenewTicketCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2317
2318 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2319 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2320 ASSERT_TRUE(session);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2321
2322 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2323 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2324
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2325 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2326 session.get(),
2327 true /* expect session reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2328
2329 // Advance the clock one more second.
2330 g_current_time.tv_sec++;
2331
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2332 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2333 session.get(),
2334 false /* expect session not reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2335
2336 // Rewind the clock to before the session was minted.
2337 g_current_time.tv_sec = kStartTime - 1;
2338
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2339 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2340 session.get(),
2341 false /* expect session not reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2342
2343 // SSL 3.0 cannot renew sessions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2344 if (version() == SSL3_VERSION) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2345 continue;
2346 }
2347
2348 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2349 time_t new_start_time = kStartTime + timeout - 10;
2350 g_current_time.tv_sec = new_start_time;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2351 bssl::UniquePtr<SSL_SESSION> new_session = ExpectSessionRenewed(
2352 client_ctx_.get(), server_ctx_.get(), session.get());
2353 ASSERT_TRUE(new_session);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2354
2355 // This new session is not the same object as before.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2356 EXPECT_NE(session.get(), new_session.get());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2357
2358 // Check the sessions have timestamps measured from issuance.
2359 long session_time = 0;
2360 if (server_test) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2361 ASSERT_TRUE(GetServerTicketTime(&session_time, new_session.get()));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2362 } else {
2363 session_time = new_session->time;
2364 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2365
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2366 ASSERT_EQ(session_time, g_current_time.tv_sec);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2367
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2368 if (version() == TLS1_3_VERSION) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2369 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2370 // lifetime TLS 1.3.
2371 g_current_time.tv_sec = new_start_time + timeout - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2372 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2373 new_session.get(),
2374 true /* expect session reused */));
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2375
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2376 // The new session expires after the new timeout.
2377 g_current_time.tv_sec = new_start_time + timeout + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2378 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2379 new_session.get(),
2380 false /* expect session ot reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2381
2382 // Renew the session until it begins just past the auth timeout.
2383 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2384 while (new_start_time < auth_end_time - 1000) {
2385 // Get as close as possible to target start time.
2386 new_start_time =
2387 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2388 g_current_time.tv_sec = new_start_time;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2389 new_session = ExpectSessionRenewed(client_ctx_.get(), server_ctx_.get(),
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2390 new_session.get());
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2391 ASSERT_TRUE(new_session);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2392 }
2393
2394 // Now the session's lifetime is bound by the auth timeout.
2395 g_current_time.tv_sec = auth_end_time - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2396 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2397 new_session.get(),
2398 true /* expect session reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2399
2400 g_current_time.tv_sec = auth_end_time + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2401 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2402 new_session.get(),
2403 false /* expect session ot reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2404 } else {
2405 // The new session is usable just before the old expiration.
2406 g_current_time.tv_sec = kStartTime + timeout - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2407 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2408 new_session.get(),
2409 true /* expect session reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2410
2411 // Renewal does not extend the lifetime, so it is not usable beyond the
2412 // old expiration.
2413 g_current_time.tv_sec = kStartTime + timeout + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2414 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2415 new_session.get(),
2416 false /* expect session not reused */));
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2417 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2418 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2419}
2420
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2421TEST_P(SSLVersionTest, DefaultTicketKeyInitialization) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2422 static const uint8_t kZeroKey[kTicketKeyLen] = {};
2423 uint8_t ticket_key[kTicketKeyLen];
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2424 ASSERT_EQ(1, SSL_CTX_get_tlsext_ticket_keys(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2425 kTicketKeyLen));
2426 ASSERT_NE(0, OPENSSL_memcmp(ticket_key, kZeroKey, kTicketKeyLen));
2427}
2428
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2429TEST_P(SSLVersionTest, DefaultTicketKeyRotation) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2430 if (GetParam().version == SSL3_VERSION) {
2431 return;
2432 }
2433
2434 static const time_t kStartTime = 1001;
2435 g_current_time.tv_sec = kStartTime;
2436 uint8_t ticket_key[kTicketKeyLen];
2437
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2438 // We use session reuse as a proxy for ticket decryption success, hence
2439 // disable session timeouts.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2440 SSL_CTX_set_timeout(server_ctx_.get(), std::numeric_limits<uint32_t>::max());
2441 SSL_CTX_set_session_psk_dhe_timeout(server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2442 std::numeric_limits<uint32_t>::max());
2443
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2444 SSL_CTX_set_current_time_cb(client_ctx_.get(), FrozenTimeCallback);
2445 SSL_CTX_set_current_time_cb(server_ctx_.get(), CurrentTimeCallback);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2446
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2447 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2448 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_OFF);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2449
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2450 // Initialize ticket_key with the current key.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2451 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2452 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2453
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2454 // Verify ticket resumption actually works.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2455 bssl::UniquePtr<SSL> client, server;
2456 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2457 CreateClientSession(client_ctx_.get(), server_ctx_.get());
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2458 ASSERT_TRUE(session);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2459 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2460 session.get(), true /* reused */));
2461
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2462 // Advance time to just before key rotation.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2463 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2464 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2465 session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2466 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2467 false /* NOT changed */));
2468
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2469 // Force key rotation.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2470 g_current_time.tv_sec += 1;
2471 bssl::UniquePtr<SSL_SESSION> new_session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2472 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2473 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2474 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2475
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2476 // Resumption with both old and new ticket should work.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2477 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2478 session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2479 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2480 new_session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2481 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2482 false /* NOT changed */));
2483
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2484 // Force key rotation again. Resumption with the old ticket now fails.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2485 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2486 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2487 session.get(), false /* NOT reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2488 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2489 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2490
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2491 // But resumption with the newer session still works.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2492 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2493 new_session.get(), true /* reused */));
2494}
2495
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2496static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2497 SSL_CTX *ctx = reinterpret_cast<SSL_CTX *>(arg);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2498 SSL_set_SSL_CTX(ssl, ctx);
2499 return SSL_TLSEXT_ERR_OK;
2500}
2501
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2502TEST_P(SSLVersionTest, SNICallback) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2503 // SSL 3.0 lacks extensions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2504 if (version() == SSL3_VERSION) {
2505 return;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2506 }
2507
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2508 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2509 ASSERT_TRUE(cert2);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2510 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2511 ASSERT_TRUE(key2);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2512
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2513 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2514 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2515
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2516 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2517 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2518
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2519 bssl::UniquePtr<SSL_CTX> server_ctx2 = CreateContext();
2520 ASSERT_TRUE(server_ctx2);
2521 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()));
2522 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()));
2523 ASSERT_TRUE(SSL_CTX_set_signed_cert_timestamp_list(
2524 server_ctx2.get(), kSCTList, sizeof(kSCTList)));
2525 ASSERT_TRUE(SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2526 sizeof(kOCSPResponse)));
2527 // Historically signing preferences would be lost in some cases with the
2528 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2529 // this doesn't happen when |version| is TLS 1.2, configure the private
2530 // key to only sign SHA-256.
2531 ASSERT_TRUE(SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
2532 &kECDSAWithSHA256, 1));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2533
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2534 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), SwitchContext);
2535 SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2536
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2537 SSL_CTX_enable_signed_cert_timestamps(client_ctx_.get());
2538 SSL_CTX_enable_ocsp_stapling(client_ctx_.get());
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2539
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2540 ASSERT_TRUE(Connect());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2541
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2542 // The client should have received |cert2|.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2543 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client_.get()));
2544 ASSERT_TRUE(peer);
2545 EXPECT_EQ(X509_cmp(peer.get(), cert2.get()), 0);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2546
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2547 // The client should have received |server_ctx2|'s SCT list.
2548 const uint8_t *data;
2549 size_t len;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2550 SSL_get0_signed_cert_timestamp_list(client_.get(), &data, &len);
2551 EXPECT_EQ(Bytes(kSCTList), Bytes(data, len));
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2552
2553 // The client should have received |server_ctx2|'s OCSP response.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2554 SSL_get0_ocsp_response(client_.get(), &data, &len);
2555 EXPECT_EQ(Bytes(kOCSPResponse), Bytes(data, len));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2556}
2557
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2558// Test that the early callback can swap the maximum version.
2559TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2560 bssl::UniquePtr<X509> cert = GetTestCertificate();
2561 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2562 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2563 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2564 ASSERT_TRUE(cert);
2565 ASSERT_TRUE(key);
2566 ASSERT_TRUE(server_ctx);
2567 ASSERT_TRUE(client_ctx);
2568 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2569 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2570 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2571 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2572
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2573 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2574 server_ctx.get(),
2575 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2576 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2577 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2578 }
2579
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2580 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2581 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2582
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2583 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2584 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2585 server_ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2586 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2587}
2588
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2589TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2590 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2591 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2592
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2593 // Set valid TLS versions.
2594 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2595 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2596 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2597 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2598
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2599 // Invalid TLS versions are rejected.
2600 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2601 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2602 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2603 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2604 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2605 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2606
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2607 // Zero is the default version.
2608 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2609 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2610 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2611 EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2612
2613 // SSL 3.0 and TLS 1.3 are available, but not by default.
2614 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2615 EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2616 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2617 EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2618
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2619 // TLS1_3_DRAFT_VERSION is not an API-level version.
2620 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT_VERSION));
2621 ERR_clear_error();
2622
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2623 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2624 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2625
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2626 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2627 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2628 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2629 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2630
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2631 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2632 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2633 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2634 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2635 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2636 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2637 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2638 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2639
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2640 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2641 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2642 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2643 EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2644}
2645
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2646static const char *GetVersionName(uint16_t version) {
2647 switch (version) {
2648 case SSL3_VERSION:
2649 return "SSLv3";
2650 case TLS1_VERSION:
2651 return "TLSv1";
2652 case TLS1_1_VERSION:
2653 return "TLSv1.1";
2654 case TLS1_2_VERSION:
2655 return "TLSv1.2";
2656 case TLS1_3_VERSION:
2657 return "TLSv1.3";
2658 case DTLS1_VERSION:
2659 return "DTLSv1";
2660 case DTLS1_2_VERSION:
2661 return "DTLSv1.2";
2662 default:
2663 return "???";
2664 }
2665}
2666
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2667TEST_P(SSLVersionTest, Version) {
2668 ASSERT_TRUE(Connect());
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2669
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2670 EXPECT_EQ(SSL_version(client_.get()), version());
2671 EXPECT_EQ(SSL_version(server_.get()), version());
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2672
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2673 // Test the version name is reported as expected.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2674 const char *version_name = GetVersionName(version());
2675 EXPECT_EQ(strcmp(version_name, SSL_get_version(client_.get())), 0);
2676 EXPECT_EQ(strcmp(version_name, SSL_get_version(server_.get())), 0);
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2677
2678 // Test SSL_SESSION reports the same name.
2679 const char *client_name =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2680 SSL_SESSION_get_version(SSL_get_session(client_.get()));
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2681 const char *server_name =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2682 SSL_SESSION_get_version(SSL_get_session(server_.get()));
2683 EXPECT_EQ(strcmp(version_name, client_name), 0);
2684 EXPECT_EQ(strcmp(version_name, server_name), 0);
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2685}
2686
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2687// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2688// selection callback.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2689TEST_P(SSLVersionTest, ALPNCipherAvailable) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2690 // SSL 3.0 lacks extensions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2691 if (version() == SSL3_VERSION) {
2692 return;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2693 }
2694
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2695 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2696
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2697 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2698 ASSERT_EQ(SSL_CTX_set_alpn_protos(client_ctx_.get(), kALPNProtos,
2699 sizeof(kALPNProtos)),
2700 0);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2701
2702 // The ALPN callback does not fail the handshake on error, so have the
2703 // callback write a boolean.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2704 std::pair<uint16_t, bool> callback_state(version(), false);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2705 SSL_CTX_set_alpn_select_cb(
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2706 server_ctx_.get(),
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2707 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2708 unsigned in_len, void *arg) -> int {
2709 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2710 if (SSL_get_pending_cipher(ssl) != nullptr &&
2711 SSL_version(ssl) == state->first) {
2712 state->second = true;
2713 }
2714 return SSL_TLSEXT_ERR_NOACK;
2715 },
2716 &callback_state);
2717
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2718 ASSERT_TRUE(Connect());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2719
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2720 ASSERT_TRUE(callback_state.second);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2721}
2722
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2723TEST_P(SSLVersionTest, SSLClearSessionResumption) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2724 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2725 // API pattern.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2726 if (version() == TLS1_3_VERSION) {
2727 return;
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2728 }
2729
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2730 ASSERT_TRUE(Connect());
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2731
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2732 EXPECT_FALSE(SSL_session_reused(client_.get()));
2733 EXPECT_FALSE(SSL_session_reused(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2734
2735 // Reset everything.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2736 ASSERT_TRUE(SSL_clear(client_.get()));
2737 ASSERT_TRUE(SSL_clear(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2738
2739 // Attempt to connect a second time.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2740 ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2741
2742 // |SSL_clear| should implicitly offer the previous session to the server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2743 EXPECT_TRUE(SSL_session_reused(client_.get()));
2744 EXPECT_TRUE(SSL_session_reused(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2745}
2746
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2747static bool ChainsEqual(STACK_OF(X509) * chain,
2748 const std::vector<X509 *> &expected) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2749 if (sk_X509_num(chain) != expected.size()) {
2750 return false;
2751 }
2752
2753 for (size_t i = 0; i < expected.size(); i++) {
2754 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2755 return false;
2756 }
2757 }
2758
2759 return true;
2760}
2761
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2762TEST_P(SSLVersionTest, AutoChain) {
2763 cert_ = GetChainTestCertificate();
2764 ASSERT_TRUE(cert_);
2765 key_ = GetChainTestKey();
2766 ASSERT_TRUE(key_);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2767 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2768 ASSERT_TRUE(intermediate);
2769
2770 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2771 ASSERT_TRUE(UseCertAndKey(server_ctx_.get()));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2772
2773 // Configure both client and server to accept any certificate. Add
2774 // |intermediate| to the cert store.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2775 ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(client_ctx_.get()),
2776 intermediate.get()));
2777 ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(server_ctx_.get()),
2778 intermediate.get()));
2779 SSL_CTX_set_verify(client_ctx_.get(),
2780 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2781 nullptr);
2782 SSL_CTX_set_verify(server_ctx_.get(),
2783 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2784 nullptr);
2785 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
2786 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2787
2788 // By default, the client and server should each only send the leaf.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2789 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2790
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2791 EXPECT_TRUE(
2792 ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()), {cert_.get()}));
2793 EXPECT_TRUE(
2794 ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()), {cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2795
2796 // If auto-chaining is enabled, then the intermediate is sent.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2797 SSL_CTX_clear_mode(client_ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
2798 SSL_CTX_clear_mode(server_ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
2799 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2800
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2801 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()),
2802 {cert_.get(), intermediate.get()}));
2803 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()),
2804 {cert_.get(), intermediate.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2805
2806 // Auto-chaining does not override explicitly-configured intermediates.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2807 ASSERT_TRUE(SSL_CTX_add1_chain_cert(client_ctx_.get(), cert_.get()));
2808 ASSERT_TRUE(SSL_CTX_add1_chain_cert(server_ctx_.get(), cert_.get()));
2809 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2810
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2811 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()),
2812 {cert_.get(), cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2813
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2814 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()),
2815 {cert_.get(), cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2816}
2817
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2818static bool ExpectBadWriteRetry() {
2819 int err = ERR_get_error();
2820 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2821 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2822 char buf[ERR_ERROR_STRING_BUF_LEN];
2823 ERR_error_string_n(err, buf, sizeof(buf));
2824 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2825 return false;
2826 }
2827
2828 if (ERR_peek_error() != 0) {
2829 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2830 return false;
2831 }
2832
2833 return true;
2834}
2835
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2836TEST_P(SSLVersionTest, SSLWriteRetry) {
2837 if (is_dtls()) {
2838 return;
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2839 }
2840
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2841 for (bool enable_partial_write : {false, true}) {
2842 SCOPED_TRACE(enable_partial_write);
2843
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2844 // Connect a client and server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2845 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2846
2847 ASSERT_TRUE(Connect());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2848
2849 if (enable_partial_write) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2850 SSL_set_mode(client_.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2851 }
2852
2853 // Write without reading until the buffer is full and we have an unfinished
2854 // write. Keep a count so we may reread it again later. "hello!" will be
2855 // written in two chunks, "hello" and "!".
2856 char data[] = "hello!";
2857 static const int kChunkLen = 5; // The length of "hello".
2858 unsigned count = 0;
2859 for (;;) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2860 int ret = SSL_write(client_.get(), data, kChunkLen);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2861 if (ret <= 0) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2862 ASSERT_EQ(SSL_get_error(client_.get(), ret), SSL_ERROR_WANT_WRITE);
2863 break;
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2864 }
2865
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2866 ASSERT_EQ(ret, 5);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2867
2868 count++;
2869 }
2870
2871 // Retrying with the same parameters is legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2872 ASSERT_EQ(
2873 SSL_get_error(client_.get(), SSL_write(client_.get(), data, kChunkLen)),
2874 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2875
2876 // Retrying with the same buffer but shorter length is not legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2877 ASSERT_EQ(SSL_get_error(client_.get(),
2878 SSL_write(client_.get(), data, kChunkLen - 1)),
2879 SSL_ERROR_SSL);
2880 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2881
2882 // Retrying with a different buffer pointer is not legal.
2883 char data2[] = "hello";
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2884 ASSERT_EQ(SSL_get_error(client_.get(),
2885 SSL_write(client_.get(), data2, kChunkLen)),
2886 SSL_ERROR_SSL);
2887 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2888
2889 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2890 SSL_set_mode(client_.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2891 ASSERT_EQ(SSL_get_error(client_.get(),
2892 SSL_write(client_.get(), data2, kChunkLen)),
2893 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2894
2895 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2896 ASSERT_EQ(SSL_get_error(client_.get(),
2897 SSL_write(client_.get(), data2, kChunkLen - 1)),
2898 SSL_ERROR_SSL);
2899 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2900
2901 // Retrying with a larger buffer is legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2902 ASSERT_EQ(SSL_get_error(client_.get(),
2903 SSL_write(client_.get(), data, kChunkLen + 1)),
2904 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2905
2906 // Drain the buffer.
2907 char buf[20];
2908 for (unsigned i = 0; i < count; i++) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2909 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), kChunkLen);
2910 ASSERT_EQ(OPENSSL_memcmp(buf, "hello", kChunkLen), 0);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2911 }
2912
2913 // Now that there is space, a retry with a larger buffer should flush the
2914 // pending record, skip over that many bytes of input (on assumption they
2915 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
2916 // is set, this will complete in two steps.
2917 char data3[] = "_____!";
2918 if (enable_partial_write) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2919 ASSERT_EQ(SSL_write(client_.get(), data3, kChunkLen + 1), kChunkLen);
2920 ASSERT_EQ(SSL_write(client_.get(), data3 + kChunkLen, 1), 1);
2921 } else {
2922 ASSERT_EQ(SSL_write(client_.get(), data3, kChunkLen + 1), kChunkLen + 1);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2923 }
2924
2925 // Check the last write was correct. The data will be spread over two
2926 // records, so SSL_read returns twice.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2927 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), kChunkLen);
2928 ASSERT_EQ(OPENSSL_memcmp(buf, "hello", kChunkLen), 0);
2929 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), 1);
2930 ASSERT_EQ(buf[0], '!');
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2931 }
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2932}
2933
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2934TEST_P(SSLVersionTest, RecordCallback) {
2935 for (bool test_server : {true, false}) {
2936 SCOPED_TRACE(test_server);
2937 ResetContexts();
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]2938
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2939 bool read_seen = false;
2940 bool write_seen = false;
2941 auto cb = [&](int is_write, int cb_version, int cb_type, const void *buf,
2942 size_t len, SSL *ssl) {
2943 if (cb_type != SSL3_RT_HEADER) {
2944 return;
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2945 }
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2946
2947 // The callback does not report a version for records.
2948 EXPECT_EQ(0, cb_version);
2949
2950 if (is_write) {
2951 write_seen = true;
2952 } else {
2953 read_seen = true;
2954 }
2955
2956 // Sanity-check that the record header is plausible.
2957 CBS cbs;
2958 CBS_init(&cbs, reinterpret_cast<const uint8_t *>(buf), len);
2959 uint8_t type;
2960 uint16_t record_version, length;
2961 ASSERT_TRUE(CBS_get_u8(&cbs, &type));
2962 ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
2963 EXPECT_TRUE(record_version == version() ||
2964 record_version == (is_dtls() ? DTLS1_VERSION : TLS1_VERSION))
2965 << "Invalid record version: " << record_version;
2966 if (is_dtls()) {
2967 uint16_t epoch;
2968 ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
2969 EXPECT_TRUE(epoch == 0 || epoch == 1) << "Invalid epoch: " << epoch;
2970 ASSERT_TRUE(CBS_skip(&cbs, 6));
2971 }
2972 ASSERT_TRUE(CBS_get_u16(&cbs, &length));
2973 EXPECT_EQ(0u, CBS_len(&cbs));
2974 };
2975 using CallbackType = decltype(cb);
2976 SSL_CTX *ctx = test_server ? server_ctx_.get() : client_ctx_.get();
2977 SSL_CTX_set_msg_callback(
2978 ctx, [](int is_write, int cb_version, int cb_type, const void *buf,
2979 size_t len, SSL *ssl, void *arg) {
2980 CallbackType *cb_ptr = reinterpret_cast<CallbackType *>(arg);
2981 (*cb_ptr)(is_write, cb_version, cb_type, buf, len, ssl);
2982 });
2983 SSL_CTX_set_msg_callback_arg(ctx, &cb);
2984
2985 ASSERT_TRUE(Connect());
2986
2987 EXPECT_TRUE(read_seen);
2988 EXPECT_TRUE(write_seen);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2989 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2990}
2991
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2992TEST_P(SSLVersionTest, GetServerName) {
2993 // No extensions in SSL 3.0.
2994 if (version() == SSL3_VERSION) {
2995 return;
2996 }
2997
2998 ClientConfig config;
2999 config.servername = "host1";
3000
3001 SSL_CTX_set_tlsext_servername_callback(
3002 server_ctx_.get(), [](SSL *ssl, int *out_alert, void *arg) -> int {
3003 // During the handshake, |SSL_get_servername| must match |config|.
3004 ClientConfig *config_p = reinterpret_cast<ClientConfig *>(arg);
3005 EXPECT_STREQ(config_p->servername.c_str(),
3006 SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name));
3007 return SSL_TLSEXT_ERR_OK;
3008 });
3009 SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), &config);
3010
3011 ASSERT_TRUE(Connect(config));
3012 // After the handshake, it must also be available.
3013 EXPECT_STREQ(config.servername.c_str(),
3014 SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name));
3015
3016 // Establish a session under host1.
3017 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
3018 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
3019 bssl::UniquePtr<SSL_SESSION> session =
3020 CreateClientSession(client_ctx_.get(), server_ctx_.get(), config);
3021
3022 // If the client resumes a session with a different name, |SSL_get_servername|
3023 // must return the new name.
3024 ASSERT_TRUE(session);
3025 config.session = session.get();
3026 config.servername = "host2";
3027 ASSERT_TRUE(Connect(config));
3028 EXPECT_STREQ(config.servername.c_str(),
3029 SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name));
3030}
3031
David Benjamin3d8f0802017-09-06 16:12:52 -0400[diff] [blame]3032// Test that session cache mode bits are honored in the client session callback.
3033TEST_P(SSLVersionTest, ClientSessionCacheMode) {
3034 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_OFF);
3035 EXPECT_FALSE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3036
3037 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_CLIENT);
3038 EXPECT_TRUE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3039
3040 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_SERVER);
3041 EXPECT_FALSE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3042}
3043
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3044TEST(SSLTest, AddChainCertHack) {
3045 // Ensure that we don't accidently break the hack that we have in place to
3046 // keep curl and serf happy when they use an |X509| even after transfering
3047 // ownership.
3048
3049 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3050 ASSERT_TRUE(ctx);
3051 X509 *cert = GetTestCertificate().release();
3052 ASSERT_TRUE(cert);
3053 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3054
3055 // This should not trigger a use-after-free.
3056 X509_cmp(cert, cert);
3057}
3058
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3059TEST(SSLTest, GetCertificate) {
3060 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3061 ASSERT_TRUE(ctx);
3062 bssl::UniquePtr<X509> cert = GetTestCertificate();
3063 ASSERT_TRUE(cert);
3064 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3065 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3066 ASSERT_TRUE(ssl);
3067
3068 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3069 ASSERT_TRUE(cert2);
3070 X509 *cert3 = SSL_get_certificate(ssl.get());
3071 ASSERT_TRUE(cert3);
3072
3073 // The old and new certificates must be identical.
3074 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3075 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3076
3077 uint8_t *der = nullptr;
3078 long der_len = i2d_X509(cert.get(), &der);
3079 ASSERT_LT(0, der_len);
3080 bssl::UniquePtr<uint8_t> free_der(der);
3081
3082 uint8_t *der2 = nullptr;
3083 long der2_len = i2d_X509(cert2, &der2);
3084 ASSERT_LT(0, der2_len);
3085 bssl::UniquePtr<uint8_t> free_der2(der2);
3086
3087 uint8_t *der3 = nullptr;
3088 long der3_len = i2d_X509(cert3, &der3);
3089 ASSERT_LT(0, der3_len);
3090 bssl::UniquePtr<uint8_t> free_der3(der3);
3091
3092 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3093 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3094 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3095}
3096
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3097TEST(SSLTest, SetChainAndKeyMismatch) {
3098 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3099 ASSERT_TRUE(ctx);
3100
3101 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3102 ASSERT_TRUE(key);
3103 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3104 ASSERT_TRUE(leaf);
3105 std::vector<CRYPTO_BUFFER*> chain = {
3106 leaf.get(),
3107 };
3108
3109 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3110 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3111 key.get(), nullptr));
3112 ERR_clear_error();
3113}
3114
3115TEST(SSLTest, SetChainAndKey) {
3116 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3117 ASSERT_TRUE(client_ctx);
3118 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3119 ASSERT_TRUE(server_ctx);
3120
3121 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3122 ASSERT_TRUE(key);
3123 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3124 ASSERT_TRUE(leaf);
3125 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3126 GetChainTestIntermediateBuffer();
3127 ASSERT_TRUE(intermediate);
3128 std::vector<CRYPTO_BUFFER*> chain = {
3129 leaf.get(), intermediate.get(),
3130 };
3131 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3132 chain.size(), key.get(), nullptr));
3133
David Benjamin3a1dd462017-07-11 16:13:10 -0400[diff] [blame]3134 SSL_CTX_set_custom_verify(
3135 client_ctx.get(), SSL_VERIFY_PEER,
3136 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3137 return ssl_verify_ok;
3138 });
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3139
3140 bssl::UniquePtr<SSL> client, server;
3141 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3142 server_ctx.get()));
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3143}
3144
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3145TEST(SSLTest, ClientCABuffers) {
3146 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3147 ASSERT_TRUE(client_ctx);
3148 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3149 ASSERT_TRUE(server_ctx);
3150
3151 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3152 ASSERT_TRUE(key);
3153 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3154 ASSERT_TRUE(leaf);
3155 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3156 GetChainTestIntermediateBuffer();
3157 ASSERT_TRUE(intermediate);
3158 std::vector<CRYPTO_BUFFER *> chain = {
3159 leaf.get(),
3160 intermediate.get(),
3161 };
3162 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3163 chain.size(), key.get(), nullptr));
3164
3165 bssl::UniquePtr<CRYPTO_BUFFER> ca_name(
3166 CRYPTO_BUFFER_new(kTestName, sizeof(kTestName), nullptr));
3167 ASSERT_TRUE(ca_name);
3168 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names(
3169 sk_CRYPTO_BUFFER_new_null());
3170 ASSERT_TRUE(ca_names);
3171 ASSERT_TRUE(sk_CRYPTO_BUFFER_push(ca_names.get(), ca_name.get()));
3172 ca_name.release();
3173 SSL_CTX_set0_client_CAs(server_ctx.get(), ca_names.release());
3174
3175 // Configure client and server to accept all certificates.
3176 SSL_CTX_set_custom_verify(
3177 client_ctx.get(), SSL_VERIFY_PEER,
3178 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3179 return ssl_verify_ok;
3180 });
3181 SSL_CTX_set_custom_verify(
3182 server_ctx.get(), SSL_VERIFY_PEER,
3183 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3184 return ssl_verify_ok;
3185 });
3186
3187 bool cert_cb_called = false;
3188 SSL_CTX_set_cert_cb(
3189 client_ctx.get(),
3190 [](SSL *ssl, void *arg) -> int {
3191 STACK_OF(CRYPTO_BUFFER) *peer_names =
3192 SSL_get0_server_requested_CAs(ssl);
3193 EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
3194 CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
3195 EXPECT_EQ(Bytes(kTestName), Bytes(CRYPTO_BUFFER_data(peer_name),
3196 CRYPTO_BUFFER_len(peer_name)));
3197 *reinterpret_cast<bool *>(arg) = true;
3198 return 1;
3199 },
3200 &cert_cb_called);
3201
3202 bssl::UniquePtr<SSL> client, server;
3203 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3204 server_ctx.get()));
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3205 EXPECT_TRUE(cert_cb_called);
3206}
3207
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3208// Configuring the empty cipher list, though an error, should still modify the
3209// configuration.
3210TEST(SSLTest, EmptyCipherList) {
3211 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3212 ASSERT_TRUE(ctx);
3213
3214 // Initially, the cipher list is not empty.
3215 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3216
3217 // Configuring the empty cipher list fails.
3218 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3219 ERR_clear_error();
3220
3221 // But the cipher list is still updated to empty.
3222 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3223}
3224
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3225// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3226// test |SSL_TICKET_AEAD_METHOD| can fail.
3227enum ssl_test_ticket_aead_failure_mode {
3228 ssl_test_ticket_aead_ok = 0,
3229 ssl_test_ticket_aead_seal_fail,
3230 ssl_test_ticket_aead_open_soft_fail,
3231 ssl_test_ticket_aead_open_hard_fail,
3232};
3233
3234struct ssl_test_ticket_aead_state {
3235 unsigned retry_count;
3236 ssl_test_ticket_aead_failure_mode failure_mode;
3237};
3238
3239static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3240 const CRYPTO_EX_DATA *from,
3241 void **from_d, int index,
3242 long argl, void *argp) {
3243 abort();
3244}
3245
3246static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3247 CRYPTO_EX_DATA *ad, int index,
3248 long argl, void *argp) {
3249 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3250 if (state == nullptr) {
3251 return;
3252 }
3253
3254 OPENSSL_free(state);
3255}
3256
3257static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3258static int g_ssl_test_ticket_aead_ex_index;
3259
3260static int ssl_test_ticket_aead_get_ex_index() {
3261 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3262 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3263 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3264 ssl_test_ticket_aead_ex_index_free);
3265 });
3266 return g_ssl_test_ticket_aead_ex_index;
3267}
3268
3269static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3270 return 1;
3271}
3272
3273static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3274 size_t max_out_len, const uint8_t *in,
3275 size_t in_len) {
3276 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3277 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3278
3279 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3280 max_out_len < in_len + 1) {
3281 return 0;
3282 }
3283
3284 OPENSSL_memmove(out, in, in_len);
3285 out[in_len] = 0xff;
3286 *out_len = in_len + 1;
3287
3288 return 1;
3289}
3290
3291static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3292 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3293 const uint8_t *in, size_t in_len) {
3294 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3295 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3296
3297 if (state->retry_count > 0) {
3298 state->retry_count--;
3299 return ssl_ticket_aead_retry;
3300 }
3301
3302 switch (state->failure_mode) {
3303 case ssl_test_ticket_aead_ok:
3304 break;
3305 case ssl_test_ticket_aead_seal_fail:
3306 // If |seal| failed then there shouldn't be any ticket to try and
3307 // decrypt.
3308 abort();
3309 break;
3310 case ssl_test_ticket_aead_open_soft_fail:
3311 return ssl_ticket_aead_ignore_ticket;
3312 case ssl_test_ticket_aead_open_hard_fail:
3313 return ssl_ticket_aead_error;
3314 }
3315
3316 if (in_len == 0 || in[in_len - 1] != 0xff) {
3317 return ssl_ticket_aead_ignore_ticket;
3318 }
3319
3320 if (max_out_len < in_len - 1) {
3321 return ssl_ticket_aead_error;
3322 }
3323
3324 OPENSSL_memmove(out, in, in_len - 1);
3325 *out_len = in_len - 1;
3326 return ssl_ticket_aead_success;
3327}
3328
3329static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3330 ssl_test_ticket_aead_max_overhead,
3331 ssl_test_ticket_aead_seal,
3332 ssl_test_ticket_aead_open,
3333};
3334
3335static void ConnectClientAndServerWithTicketMethod(
3336 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3337 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3338 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3339 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3340 ASSERT_TRUE(client);
3341 ASSERT_TRUE(server);
3342 SSL_set_connect_state(client.get());
3343 SSL_set_accept_state(server.get());
3344
3345 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3346 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3347 ASSERT_TRUE(state);
3348 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3349 state->retry_count = retry_count;
3350 state->failure_mode = failure_mode;
3351
3352 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3353 state));
3354
3355 SSL_set_session(client.get(), session);
3356
3357 BIO *bio1, *bio2;
3358 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3359
3360 // SSL_set_bio takes ownership.
3361 SSL_set_bio(client.get(), bio1, bio1);
3362 SSL_set_bio(server.get(), bio2, bio2);
3363
3364 if (CompleteHandshakes(client.get(), server.get())) {
3365 *out_client = std::move(client);
3366 *out_server = std::move(server);
3367 } else {
3368 out_client->reset();
3369 out_server->reset();
3370 }
3371}
3372
3373class TicketAEADMethodTest
3374 : public ::testing::TestWithParam<testing::tuple<
3375 uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>> {};
3376
3377TEST_P(TicketAEADMethodTest, Resume) {
3378 bssl::UniquePtr<X509> cert = GetTestCertificate();
3379 ASSERT_TRUE(cert);
3380 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3381 ASSERT_TRUE(key);
3382
3383 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3384 ASSERT_TRUE(server_ctx);
3385 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3386 ASSERT_TRUE(client_ctx);
3387
3388 const uint16_t version = testing::get<0>(GetParam());
3389 const unsigned retry_count = testing::get<1>(GetParam());
3390 const ssl_test_ticket_aead_failure_mode failure_mode =
3391 testing::get<2>(GetParam());
3392
3393 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3394 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3395 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3396 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3397 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3398 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3399
3400 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3401 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3402 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3403 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3404 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3405
3406 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3407
3408 bssl::UniquePtr<SSL> client, server;
3409 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3410 server_ctx.get(), retry_count,
3411 failure_mode, nullptr);
3412 switch (failure_mode) {
3413 case ssl_test_ticket_aead_ok:
3414 case ssl_test_ticket_aead_open_hard_fail:
3415 case ssl_test_ticket_aead_open_soft_fail:
3416 ASSERT_TRUE(client);
3417 break;
3418 case ssl_test_ticket_aead_seal_fail:
3419 EXPECT_FALSE(client);
3420 return;
3421 }
3422 EXPECT_FALSE(SSL_session_reused(client.get()));
3423 EXPECT_FALSE(SSL_session_reused(server.get()));
3424
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3425 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3426 SSL_read(client.get(), nullptr, 0);
3427
3428 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3429 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3430 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3431 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3432 switch (failure_mode) {
3433 case ssl_test_ticket_aead_ok:
3434 ASSERT_TRUE(client);
3435 EXPECT_TRUE(SSL_session_reused(client.get()));
3436 EXPECT_TRUE(SSL_session_reused(server.get()));
3437 break;
3438 case ssl_test_ticket_aead_seal_fail:
3439 abort();
3440 break;
3441 case ssl_test_ticket_aead_open_hard_fail:
3442 EXPECT_FALSE(client);
3443 break;
3444 case ssl_test_ticket_aead_open_soft_fail:
3445 ASSERT_TRUE(client);
3446 EXPECT_FALSE(SSL_session_reused(client.get()));
3447 EXPECT_FALSE(SSL_session_reused(server.get()));
3448 }
3449}
3450
3451INSTANTIATE_TEST_CASE_P(
3452 TicketAEADMethodTests, TicketAEADMethodTest,
3453 testing::Combine(
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3454 testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3455 testing::Values(0, 1, 2),
3456 testing::Values(ssl_test_ticket_aead_ok,
3457 ssl_test_ticket_aead_seal_fail,
3458 ssl_test_ticket_aead_open_soft_fail,
3459 ssl_test_ticket_aead_open_hard_fail)));
3460
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3461TEST(SSLTest, SSL3Method) {
3462 bssl::UniquePtr<X509> cert = GetTestCertificate();
3463 ASSERT_TRUE(cert);
3464
3465 // For compatibility, SSLv3_method should work up to SSL_CTX_new and SSL_new.
3466 bssl::UniquePtr<SSL_CTX> ssl3_ctx(SSL_CTX_new(SSLv3_method()));
3467 ASSERT_TRUE(ssl3_ctx);
3468 ASSERT_TRUE(SSL_CTX_use_certificate(ssl3_ctx.get(), cert.get()));
3469 bssl::UniquePtr<SSL> ssl(SSL_new(ssl3_ctx.get()));
3470 EXPECT_TRUE(ssl);
3471
3472 // Create a normal TLS context to test against.
3473 bssl::UniquePtr<SSL_CTX> tls_ctx(SSL_CTX_new(TLS_method()));
3474 ASSERT_TRUE(tls_ctx);
3475 ASSERT_TRUE(SSL_CTX_use_certificate(tls_ctx.get(), cert.get()));
3476
3477 // However, handshaking an SSLv3_method server should fail to resolve the
3478 // version range. Explicit calls to SSL_CTX_set_min_proto_version are the only
3479 // way to enable SSL 3.0.
3480 bssl::UniquePtr<SSL> client, server;
3481 EXPECT_FALSE(ConnectClientAndServer(&client, &server, tls_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3482 ssl3_ctx.get()));
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3483 uint32_t err = ERR_get_error();
3484 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3485 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3486
3487 // Likewise for SSLv3_method clients.
3488 EXPECT_FALSE(ConnectClientAndServer(&client, &server, ssl3_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3489 tls_ctx.get()));
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3490 err = ERR_get_error();
3491 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3492 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3493}
3494
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]3495TEST(SSLTest, SelectNextProto) {
3496 uint8_t *result;
3497 uint8_t result_len;
3498
3499 // If there is an overlap, it should be returned.
3500 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3501 SSL_select_next_proto(&result, &result_len,
3502 (const uint8_t *)"\1a\2bb\3ccc", 9,
3503 (const uint8_t *)"\1x\1y\1a\1z", 8));
3504 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3505
3506 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3507 SSL_select_next_proto(&result, &result_len,
3508 (const uint8_t *)"\1a\2bb\3ccc", 9,
3509 (const uint8_t *)"\1x\1y\2bb\1z", 9));
3510 EXPECT_EQ(Bytes("bb"), Bytes(result, result_len));
3511
3512 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3513 SSL_select_next_proto(&result, &result_len,
3514 (const uint8_t *)"\1a\2bb\3ccc", 9,
3515 (const uint8_t *)"\1x\1y\3ccc\1z", 10));
3516 EXPECT_EQ(Bytes("ccc"), Bytes(result, result_len));
3517
3518 // Peer preference order takes precedence over local.
3519 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3520 SSL_select_next_proto(&result, &result_len,
3521 (const uint8_t *)"\1a\2bb\3ccc", 9,
3522 (const uint8_t *)"\3ccc\2bb\1a", 9));
3523 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3524
3525 // If there is no overlap, return the first local protocol.
3526 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3527 SSL_select_next_proto(&result, &result_len,
3528 (const uint8_t *)"\1a\2bb\3ccc", 9,
3529 (const uint8_t *)"\1x\2yy\3zzz", 9));
3530 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3531
3532 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3533 SSL_select_next_proto(&result, &result_len, nullptr, 0,
3534 (const uint8_t *)"\1x\2yy\3zzz", 9));
3535 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3536}
3537
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3538TEST(SSLTest, SealRecord) {
3539 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3540 server_ctx(SSL_CTX_new(TLS_method()));
3541 ASSERT_TRUE(client_ctx);
3542 ASSERT_TRUE(server_ctx);
3543
3544 bssl::UniquePtr<X509> cert = GetTestCertificate();
3545 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3546 ASSERT_TRUE(cert);
3547 ASSERT_TRUE(key);
3548 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3549 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3550
3551 bssl::UniquePtr<SSL> client, server;
3552 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3553 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3554
3555 const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3556 std::vector<uint8_t> prefix(
3557 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3558 body(record.size()),
3559 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3560 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3561 bssl::MakeSpan(body), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3562 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3563
3564 std::vector<uint8_t> sealed;
3565 sealed.insert(sealed.end(), prefix.begin(), prefix.end());
3566 sealed.insert(sealed.end(), body.begin(), body.end());
3567 sealed.insert(sealed.end(), suffix.begin(), suffix.end());
3568 std::vector<uint8_t> sealed_copy = sealed;
3569
3570 bssl::Span<uint8_t> plaintext;
3571 size_t record_len;
3572 uint8_t alert = 255;
3573 EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
3574 bssl::MakeSpan(sealed)),
3575 bssl::OpenRecordResult::kOK);
3576 EXPECT_EQ(record_len, sealed.size());
3577 EXPECT_EQ(plaintext, record);
3578 EXPECT_EQ(255, alert);
3579}
3580
3581TEST(SSLTest, SealRecordInPlace) {
3582 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3583 server_ctx(SSL_CTX_new(TLS_method()));
3584 ASSERT_TRUE(client_ctx);
3585 ASSERT_TRUE(server_ctx);
3586
3587 bssl::UniquePtr<X509> cert = GetTestCertificate();
3588 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3589 ASSERT_TRUE(cert);
3590 ASSERT_TRUE(key);
3591 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3592 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3593
3594 bssl::UniquePtr<SSL> client, server;
3595 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3596 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3597
3598 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3599 std::vector<uint8_t> record = plaintext;
3600 std::vector<uint8_t> prefix(
3601 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3602 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3603 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3604 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3605 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3606 record.insert(record.begin(), prefix.begin(), prefix.end());
3607 record.insert(record.end(), suffix.begin(), suffix.end());
3608
3609 bssl::Span<uint8_t> result;
3610 size_t record_len;
3611 uint8_t alert;
3612 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3613 bssl::MakeSpan(record)),
3614 bssl::OpenRecordResult::kOK);
3615 EXPECT_EQ(record_len, record.size());
3616 EXPECT_EQ(plaintext, result);
3617}
3618
3619TEST(SSLTest, SealRecordTrailingData) {
3620 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3621 server_ctx(SSL_CTX_new(TLS_method()));
3622 ASSERT_TRUE(client_ctx);
3623 ASSERT_TRUE(server_ctx);
3624
3625 bssl::UniquePtr<X509> cert = GetTestCertificate();
3626 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3627 ASSERT_TRUE(cert);
3628 ASSERT_TRUE(key);
3629 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3630 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3631
3632 bssl::UniquePtr<SSL> client, server;
3633 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3634 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3635
3636 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3637 std::vector<uint8_t> record = plaintext;
3638 std::vector<uint8_t> prefix(
3639 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3640 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3641 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3642 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3643 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3644 record.insert(record.begin(), prefix.begin(), prefix.end());
3645 record.insert(record.end(), suffix.begin(), suffix.end());
3646 record.insert(record.end(), {5, 4, 3, 2, 1});
3647
3648 bssl::Span<uint8_t> result;
3649 size_t record_len;
3650 uint8_t alert;
3651 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3652 bssl::MakeSpan(record)),
3653 bssl::OpenRecordResult::kOK);
3654 EXPECT_EQ(record_len, record.size() - 5);
3655 EXPECT_EQ(plaintext, result);
3656}
3657
3658TEST(SSLTest, SealRecordInvalidSpanSize) {
3659 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3660 server_ctx(SSL_CTX_new(TLS_method()));
3661 ASSERT_TRUE(client_ctx);
3662 ASSERT_TRUE(server_ctx);
3663
3664 bssl::UniquePtr<X509> cert = GetTestCertificate();
3665 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3666 ASSERT_TRUE(cert);
3667 ASSERT_TRUE(key);
3668 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3669 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3670
3671 bssl::UniquePtr<SSL> client, server;
3672 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3673 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3674
3675 std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3676 std::vector<uint8_t> prefix(
3677 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3678 body(record.size()),
3679 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3680
3681 auto expect_err = []() {
3682 int err = ERR_get_error();
3683 EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
3684 EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
3685 ERR_clear_error();
3686 };
3687 EXPECT_FALSE(bssl::SealRecord(
3688 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3689 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3690 expect_err();
3691 EXPECT_FALSE(bssl::SealRecord(
3692 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3693 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3694 expect_err();
3695
3696 EXPECT_FALSE(
3697 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3698 bssl::MakeSpan(record.data(), record.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3699 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3700 expect_err();
3701 EXPECT_FALSE(
3702 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3703 bssl::MakeSpan(record.data(), record.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3704 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3705 expect_err();
3706
3707 EXPECT_FALSE(bssl::SealRecord(
3708 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3709 bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3710 expect_err();
3711 EXPECT_FALSE(bssl::SealRecord(
3712 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3713 bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3714 expect_err();
3715}
3716
David Benjamin617b8182017-08-29 15:33:10 -0400[diff] [blame]3717// The client should gracefully handle no suitable ciphers being enabled.
3718TEST(SSLTest, NoCiphersAvailable) {
3719 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3720 ASSERT_TRUE(ctx);
3721
3722 // Configure |client_ctx| with a cipher list that does not intersect with its
3723 // version configuration.
3724 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(
3725 ctx.get(), "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
3726 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
3727
3728 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3729 ASSERT_TRUE(ssl);
3730 SSL_set_connect_state(ssl.get());
3731
3732 UniquePtr<BIO> rbio(BIO_new(BIO_s_mem())), wbio(BIO_new(BIO_s_mem()));
3733 ASSERT_TRUE(rbio);
3734 ASSERT_TRUE(wbio);
3735 SSL_set0_rbio(ssl.get(), rbio.release());
3736 SSL_set0_wbio(ssl.get(), wbio.release());
3737
3738 int ret = SSL_do_handshake(ssl.get());
3739 EXPECT_EQ(-1, ret);
3740 EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), ret));
3741 uint32_t err = ERR_get_error();
3742 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3743 EXPECT_EQ(SSL_R_NO_CIPHERS_AVAILABLE, ERR_GET_REASON(err));
3744}
3745
David Benjamina4bafd32017-10-03 15:06:29 -0400[diff] [blame]3746TEST_P(SSLVersionTest, SessionVersion) {
3747 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
3748 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
3749
3750 bssl::UniquePtr<SSL_SESSION> session =
3751 CreateClientSession(client_ctx_.get(), server_ctx_.get());
3752 ASSERT_TRUE(session);
3753 EXPECT_EQ(version(), SSL_SESSION_get_protocol_version(session.get()));
3754
3755 // Sessions in TLS 1.3 and later should be single-use.
3756 EXPECT_EQ(version() == TLS1_3_VERSION,
3757 !!SSL_SESSION_should_be_single_use(session.get()));
3758
3759 // Making fake sessions for testing works.
3760 session.reset(SSL_SESSION_new(client_ctx_.get()));
3761 ASSERT_TRUE(session);
3762 ASSERT_TRUE(SSL_SESSION_set_protocol_version(session.get(), version()));
3763 EXPECT_EQ(version(), SSL_SESSION_get_protocol_version(session.get()));
3764}
3765
David Benjaminfdb7a352017-10-12 17:34:18 -0400[diff] [blame]3766TEST_P(SSLVersionTest, SSLPending) {
3767 UniquePtr<SSL> ssl(SSL_new(client_ctx_.get()));
3768 ASSERT_TRUE(ssl);
3769 EXPECT_EQ(0, SSL_pending(ssl.get()));
3770
3771 ASSERT_TRUE(Connect());
3772 EXPECT_EQ(0, SSL_pending(client_.get()));
3773
3774 ASSERT_EQ(5, SSL_write(server_.get(), "hello", 5));
3775 ASSERT_EQ(5, SSL_write(server_.get(), "world", 5));
3776 EXPECT_EQ(0, SSL_pending(client_.get()));
3777
3778 char buf[10];
3779 ASSERT_EQ(1, SSL_peek(client_.get(), buf, 1));
3780 EXPECT_EQ(5, SSL_pending(client_.get()));
3781
3782 ASSERT_EQ(1, SSL_read(client_.get(), buf, 1));
3783 EXPECT_EQ(4, SSL_pending(client_.get()));
3784
3785 ASSERT_EQ(4, SSL_read(client_.get(), buf, 10));
3786 EXPECT_EQ(0, SSL_pending(client_.get()));
3787
3788 ASSERT_EQ(2, SSL_read(client_.get(), buf, 2));
3789 EXPECT_EQ(3, SSL_pending(client_.get()));
3790}
3791
David Benjamina031b612017-10-11 20:48:25 -0400[diff] [blame]3792// Test that post-handshake tickets consumed by |SSL_shutdown| are ignored.
3793TEST(SSLTest, ShutdownIgnoresTickets) {
3794 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3795 ASSERT_TRUE(ctx);
3796 ASSERT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_3_VERSION));
3797 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
3798
3799 bssl::UniquePtr<X509> cert = GetTestCertificate();
3800 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3801 ASSERT_TRUE(cert);
3802 ASSERT_TRUE(key);
3803 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3804 ASSERT_TRUE(SSL_CTX_use_PrivateKey(ctx.get(), key.get()));
3805
3806 SSL_CTX_set_session_cache_mode(ctx.get(), SSL_SESS_CACHE_BOTH);
3807
3808 bssl::UniquePtr<SSL> client, server;
3809 ASSERT_TRUE(ConnectClientAndServer(&client, &server, ctx.get(), ctx.get()));
3810
3811 SSL_CTX_sess_set_new_cb(ctx.get(), [](SSL *ssl, SSL_SESSION *session) -> int {
3812 ADD_FAILURE() << "New session callback called during SSL_shutdown";
3813 return 0;
3814 });
3815
3816 // Send close_notify.
3817 EXPECT_EQ(0, SSL_shutdown(server.get()));
3818 EXPECT_EQ(0, SSL_shutdown(client.get()));
3819
3820 // Receive close_notify.
3821 EXPECT_EQ(1, SSL_shutdown(server.get()));
3822 EXPECT_EQ(1, SSL_shutdown(client.get()));
3823}
3824
David Benjamin6cc352e2017-11-02 17:21:39 -0400[diff] [blame^]3825TEST(SSLTest, SignatureAlgorithmProperties) {
3826 EXPECT_EQ(EVP_PKEY_NONE, SSL_get_signature_algorithm_key_type(0x1234));
3827 EXPECT_EQ(nullptr, SSL_get_signature_algorithm_digest(0x1234));
3828 EXPECT_FALSE(SSL_is_signature_algorithm_rsa_pss(0x1234));
3829
3830 EXPECT_EQ(EVP_PKEY_RSA,
3831 SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3832 EXPECT_EQ(EVP_md5_sha1(),
3833 SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3834 EXPECT_FALSE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3835
3836 EXPECT_EQ(EVP_PKEY_EC, SSL_get_signature_algorithm_key_type(
3837 SSL_SIGN_ECDSA_SECP256R1_SHA256));
3838 EXPECT_EQ(EVP_sha256(), SSL_get_signature_algorithm_digest(
3839 SSL_SIGN_ECDSA_SECP256R1_SHA256));
3840 EXPECT_FALSE(
3841 SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_ECDSA_SECP256R1_SHA256));
3842
3843 EXPECT_EQ(EVP_PKEY_RSA,
3844 SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PSS_SHA384));
3845 EXPECT_EQ(EVP_sha384(),
3846 SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PSS_SHA384));
3847 EXPECT_TRUE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PSS_SHA384));
3848}
3849
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3850// TODO(davidben): Convert this file to GTest properly.
3851TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]3852 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3853 !TestSSL_SESSIONEncoding(kCustomSession) ||
3854 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3855 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3856 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3857 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3858 // Test the padding extension at TLS 1.2.
3859 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3860 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3861 // will be no PSK binder after the padding extension.
3862 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3863 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3864 // will be a PSK binder after the padding extension.
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]3865 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3866 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3867 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3868}
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]3869
3870} // namespace
3871} // namespace bssl