Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 70dbf042b61c68294474923accd49f1971032fab / . / ssl / ssl_test.cc
blob: 88c2ed24ed1d081a57e221c46840c8d318503844 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]62 // True if this cipher list should fail in strict mode.
63 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]64};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]65
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]66struct CurveTest {
67 // The rule string to apply.
68 const char *rule;
69 // The list of expected curves, in order.
70 std::vector<uint16_t> expected;
71};
72
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]73static const CipherTest kCipherTests[] = {
74 // Selecting individual ciphers should work.
75 {
76 "ECDHE-ECDSA-CHACHA20-POLY1305:"
77 "ECDHE-RSA-CHACHA20-POLY1305:"
78 "ECDHE-ECDSA-AES128-GCM-SHA256:"
79 "ECDHE-RSA-AES128-GCM-SHA256",
80 {
81 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]82 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]83 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
84 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
85 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]86 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]87 },
88 // + reorders selected ciphers to the end, keeping their relative order.
89 {
90 "ECDHE-ECDSA-CHACHA20-POLY1305:"
91 "ECDHE-RSA-CHACHA20-POLY1305:"
92 "ECDHE-ECDSA-AES128-GCM-SHA256:"
93 "ECDHE-RSA-AES128-GCM-SHA256:"
94 "+aRSA",
95 {
96 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]97 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]99 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
100 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]101 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]102 },
103 // ! banishes ciphers from future selections.
104 {
105 "!aRSA:"
106 "ECDHE-ECDSA-CHACHA20-POLY1305:"
107 "ECDHE-RSA-CHACHA20-POLY1305:"
108 "ECDHE-ECDSA-AES128-GCM-SHA256:"
109 "ECDHE-RSA-AES128-GCM-SHA256",
110 {
111 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]112 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
113 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]114 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]115 },
116 // Multiple masks can be ANDed in a single rule.
117 {
118 "kRSA+AESGCM+AES128",
119 {
120 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]122 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]123 },
124 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]125 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]126 // ECDHE_RSA.
127 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]128 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]129 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]130 "AESGCM+AES128+aRSA",
131 {
132 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]133 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
134 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]135 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]136 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]137 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]138 {
139 "ECDHE-ECDSA-CHACHA20-POLY1305:"
140 "ECDHE-RSA-CHACHA20-POLY1305:"
141 "ECDHE-ECDSA-AES128-GCM-SHA256:"
142 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]143 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
149 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]150 true,
151 },
152 // Unknown selectors are no-ops, except in strict mode.
153 {
154 "ECDHE-ECDSA-CHACHA20-POLY1305:"
155 "ECDHE-RSA-CHACHA20-POLY1305:"
156 "ECDHE-ECDSA-AES128-GCM-SHA256:"
157 "ECDHE-RSA-AES128-GCM-SHA256:"
158 "-BOGUS2:+BOGUS3:!BOGUS4",
159 {
160 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
161 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
162 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
163 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
164 },
165 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]166 },
167 // Square brackets specify equi-preference groups.
168 {
169 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
170 "[ECDHE-RSA-CHACHA20-POLY1305]:"
171 "ECDHE-RSA-AES128-GCM-SHA256",
172 {
173 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]175 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]176 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
177 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]178 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]179 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]180 // Standard names may be used instead of OpenSSL names.
181 {
182 "[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]183 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]184 "[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
185 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
186 {
187 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
188 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
189 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
190 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
191 },
192 false,
193 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]194 // @STRENGTH performs a stable strength-sort of the selected ciphers and
195 // only the selected ciphers.
196 {
197 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]198 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]199 "!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]200 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]201 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]202 // Select ECDHE ones and sort them by strength. Ties should resolve
203 // based on the order above.
204 "kECDHE:@STRENGTH:-ALL:"
205 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
206 // by strength. Then RSA, backwards by strength.
207 "aRSA",
208 {
209 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
210 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]211 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]212 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
213 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
214 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]215 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]216 },
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]217 // Additional masks after @STRENGTH get silently discarded.
218 //
219 // TODO(davidben): Make this an error. If not silently discarded, they get
220 // interpreted as + opcodes which are very different.
221 {
222 "ECDHE-RSA-AES128-GCM-SHA256:"
223 "ECDHE-RSA-AES256-GCM-SHA384:"
224 "@STRENGTH+AES256",
225 {
226 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
227 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
228 },
229 false,
230 },
231 {
232 "ECDHE-RSA-AES128-GCM-SHA256:"
233 "ECDHE-RSA-AES256-GCM-SHA384:"
234 "@STRENGTH+AES256:"
235 "ECDHE-RSA-CHACHA20-POLY1305",
236 {
237 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
238 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
239 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
240 },
241 false,
242 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]243 // Exact ciphers may not be used in multi-part rules; they are treated
244 // as unknown aliases.
245 {
246 "ECDHE-ECDSA-AES128-GCM-SHA256:"
247 "ECDHE-RSA-AES128-GCM-SHA256:"
248 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
249 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
250 {
251 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
252 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
253 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]254 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]255 },
256 // SSLv3 matches everything that existed before TLS 1.2.
257 {
258 "AES128-SHA:AES128-SHA256:!SSLv3",
259 {
260 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
261 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]262 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]263 },
264 // TLSv1.2 matches everything added in TLS 1.2.
265 {
266 "AES128-SHA:AES128-SHA256:!TLSv1.2",
267 {
268 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
269 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]270 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]271 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]272 // The two directives have no intersection. But each component is valid, so
273 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]274 {
275 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
276 {
277 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
278 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
279 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]280 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]281 },
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]282 // Spaces, semi-colons and commas are separators.
283 {
284 "AES128-SHA: AES128-SHA256 AES256-SHA ,AES256-SHA256 ; AES128-GCM-SHA256",
285 {
286 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
287 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
288 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
289 {TLS1_CK_RSA_WITH_AES_256_SHA256, 0},
290 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
291 },
292 // …but not in strict mode.
293 true,
294 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]295};
296
297static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]298 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]299 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
300 "RSA]",
301 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]302 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]303 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]304 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]305 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]306 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]307 "",
308 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]309 // COMPLEMENTOFDEFAULT is empty.
310 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]311 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]312 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]313 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]314 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
315 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
316 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
317 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]318 // Opcode supplied, but missing selector.
319 "+",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]320 // Spaces are forbidden in equal-preference groups.
321 "[AES128-SHA | AES128-SHA256]",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]322};
323
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]324static const char *kMustNotIncludeNull[] = {
325 "ALL",
326 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]327 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]328 "FIPS",
329 "SHA",
330 "SHA1",
331 "RSA",
332 "SSLv3",
333 "TLSv1",
334 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]335};
336
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]337static const CurveTest kCurveTests[] = {
338 {
339 "P-256",
340 { SSL_CURVE_SECP256R1 },
341 },
342 {
343 "P-256:P-384:P-521:X25519",
344 {
345 SSL_CURVE_SECP256R1,
346 SSL_CURVE_SECP384R1,
347 SSL_CURVE_SECP521R1,
348 SSL_CURVE_X25519,
349 },
350 },
351};
352
353static const char *kBadCurvesLists[] = {
354 "",
355 ":",
356 "::",
357 "P-256::X25519",
358 "RSA:P-256",
359 "P-256:RSA",
360 "X25519:P-256:",
361 ":X25519:P-256",
362};
363
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]364static std::string CipherListToString(SSL_CTX *ctx) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]365 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]366 std::string ret;
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]367 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
368 for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
369 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
370 if (!in_group && SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]371 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]372 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]373 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]374 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]375 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]376 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]377 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]378 ret += SSL_CIPHER_get_name(cipher);
379 ret += "\n";
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]380 if (in_group && !SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]381 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]382 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]383 }
384 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]385 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]386}
387
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]388static bool CipherListsEqual(SSL_CTX *ctx,
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]389 const std::vector<ExpectedCipher> &expected) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]390 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
391 if (sk_SSL_CIPHER_num(ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]392 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]393 }
394
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]395 for (size_t i = 0; i < expected.size(); i++) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]396 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]397 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]398 expected[i].in_group_flag != !!SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]399 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]400 }
401 }
402
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]403 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]404}
405
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]406TEST(SSLTest, CipherRules) {
407 for (const CipherTest &t : kCipherTests) {
408 SCOPED_TRACE(t.rule);
409 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
410 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]411
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]412 // Test lax mode.
413 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]414 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]415 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]416 << CipherListToString(ctx.get());
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]417
418 // Test strict mode.
419 if (t.strict_fail) {
420 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
421 } else {
422 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]423 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]424 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]425 << CipherListToString(ctx.get());
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]426 }
427 }
428
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]429 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]430 SCOPED_TRACE(rule);
431 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
432 ASSERT_TRUE(ctx);
433
434 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]435 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]436 }
437
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]438 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]439 SCOPED_TRACE(rule);
440 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
441 ASSERT_TRUE(ctx);
442
443 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame^]444 for (const SSL_CIPHER *cipher : SSL_CTX_get_ciphers(ctx.get())) {
445 EXPECT_FALSE(SSL_CIPHER_is_NULL(cipher));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]446 }
447 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]448}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]449
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]450TEST(SSLTest, CurveRules) {
451 for (const CurveTest &t : kCurveTests) {
452 SCOPED_TRACE(t.rule);
453 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
454 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]455
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]456 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
457 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
458 for (size_t i = 0; i < t.expected.size(); i++) {
459 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]460 }
461 }
462
463 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]464 SCOPED_TRACE(rule);
465 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
466 ASSERT_TRUE(ctx);
467
468 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]469 ERR_clear_error();
470 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]471}
472
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]473// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]474static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]475 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]476 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
477 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
478 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
479 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
480 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
481 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
482 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
483 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
484 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
485 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
486 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
487 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
488 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
489 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
490 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
491 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
492 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
493 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
494 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
495 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
496 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
497 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
498 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
499 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
500 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
501 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
502 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
503 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
504 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]505 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]506
507// kCustomSession is a custom serialized SSL_SESSION generated by
508// filling in missing fields from |kOpenSSLSession|. This includes
509// providing |peer_sha256|, so |peer| is not serialized.
510static const char kCustomSession[] =
511 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
512 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
513 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
514 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
515 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
516 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
517 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
518 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
519
520// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
521static const char kBoringSSLSession[] =
522 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
523 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
524 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
525 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
526 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
527 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
528 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
529 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
530 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
531 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
532 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
533 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
534 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
535 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
536 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
537 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
538 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
539 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
540 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
541 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
542 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
543 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
544 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
545 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
546 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
547 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
548 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
549 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
550 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
551 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
552 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
553 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
554 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
555 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
556 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
557 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
558 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
559 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
560 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
561 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
562 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
563 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
564 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
565 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
566 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
567 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
568 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
569 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
570 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
571 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
572 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
573 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
574 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
575 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
576 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
577 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
578 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
579 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
580 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
581 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
582 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
583 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
584 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
585 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
586 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
587 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
588 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
589 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
590 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
591 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
592 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
593 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
594 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
595 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
596 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
597 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
598 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
599 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
600 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
601 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
602 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
603 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
604 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
605 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
606 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
607 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
608 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
609 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
610 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
611 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
612 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
613 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
614 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
615 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
616 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
617
618// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
619// the final (optional) element of |kCustomSession| with tag number 30.
620static const char kBadSessionExtraField[] =
621 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
622 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
623 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
624 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
625 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
626 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
627 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
628 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
629
630// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
631// the version of |kCustomSession| with 2.
632static const char kBadSessionVersion[] =
633 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
634 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
635 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
636 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
637 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
638 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
639 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
640 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
641
642// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
643// appended.
644static const char kBadSessionTrailingData[] =
645 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
646 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
647 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
648 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
649 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
650 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
651 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
652 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
653
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]654static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]655 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]656 if (!EVP_DecodedLength(&len, strlen(in))) {
657 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]658 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]659 }
660
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]661 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]662 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]663 strlen(in))) {
664 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]665 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]666 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]667 out->resize(len);
668 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]669}
670
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]671static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]672 const uint8_t *cptr;
673 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]674
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]675 // Decode the input.
676 std::vector<uint8_t> input;
677 if (!DecodeBase64(&input, input_b64)) {
678 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]679 }
680
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]682 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
683 if (!ssl_ctx) {
684 return false;
685 }
686 bssl::UniquePtr<SSL_SESSION> session(
687 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]688 if (!session) {
689 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]690 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]691 }
692
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]693 // Verify the SSL_SESSION encoding round-trips.
694 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]695 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]696 uint8_t *encoded_raw;
697 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]698 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]699 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]700 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]701 encoded.reset(encoded_raw);
702 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]703 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]704 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]705 hexdump(stderr, "Before: ", input.data(), input.size());
706 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]707 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]708 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]709
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]710 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]711 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]712 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]713 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]714 fprintf(stderr, "d2i_SSL_SESSION failed\n");
715 return false;
716 }
717
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 // Verify the SSL_SESSION encoding round-trips via the legacy API.
719 int len = i2d_SSL_SESSION(session.get(), NULL);
720 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]721 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]722 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]723 }
724
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]725 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
726 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]727 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]728 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]729 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]730
731 ptr = encoded.get();
732 len = i2d_SSL_SESSION(session.get(), &ptr);
733 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]734 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]735 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]736 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]737 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]738 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]740 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]741 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]742 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]743 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]744 }
745
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]746 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]747}
748
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]749static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
750 std::vector<uint8_t> input;
751 if (!DecodeBase64(&input, input_b64)) {
752 return false;
753 }
754
755 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]756 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
757 if (!ssl_ctx) {
758 return false;
759 }
760 bssl::UniquePtr<SSL_SESSION> session(
761 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]762 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]763 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]764 return false;
765 }
766 ERR_clear_error();
767 return true;
768}
769
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]770static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
771 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]772 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]773 ASSERT_TRUE(ctx);
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]774 EXPECT_EQ(min_version, ctx->conf_min_version);
775 EXPECT_EQ(max_version, ctx->conf_max_version);
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]776}
777
778TEST(SSLTest, DefaultVersion) {
779 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
780 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
781 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
782 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
783 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
784 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
785 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
786 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]787}
788
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]789TEST(SSLTest, CipherGetStandardName) {
790 static const struct {
791 int id;
792 const char *standard_name;
793 } kTests[] = {
794 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
795 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
796 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
797 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
798 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
799 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
800 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
801 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
802 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
803 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
804 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
805 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
806 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
807 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
808 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
809 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
810 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
811 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
812 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
813 };
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]814
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]815 for (const auto &t : kTests) {
816 SCOPED_TRACE(t.standard_name);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]817
818 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
819 ASSERT_TRUE(cipher);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]820 EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));
821
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]822 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
823 ASSERT_TRUE(rfc_name);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]824 EXPECT_STREQ(t.standard_name, rfc_name.get());
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]825 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]826}
827
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]828// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
829// version and ticket length or nullptr on failure.
830static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
831 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]832 std::vector<uint8_t> der;
833 if (!DecodeBase64(&der, kOpenSSLSession)) {
834 return nullptr;
835 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]836
837 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
838 if (!ssl_ctx) {
839 return nullptr;
840 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]841 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]842 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]843 if (!session) {
844 return nullptr;
845 }
846
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]847 session->ssl_version = version;
848
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]849 // Swap out the ticket for a garbage one.
850 OPENSSL_free(session->tlsext_tick);
851 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
852 if (session->tlsext_tick == nullptr) {
853 return nullptr;
854 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]855 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]856 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]857
858 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]859#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
860 session->time = 1234;
861#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]862 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]863#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]864 return session;
865}
866
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]867static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]868 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]869 if (!bio) {
870 return false;
871 }
872 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]873 BIO_up_ref(bio.get());
874 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]875 int ret = SSL_connect(ssl);
876 if (ret > 0) {
877 // SSL_connect should fail without a BIO to write to.
878 return false;
879 }
880 ERR_clear_error();
881
882 const uint8_t *client_hello;
883 size_t client_hello_len;
884 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
885 return false;
886 }
887 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
888 return true;
889}
890
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]891// GetClientHelloLen creates a client SSL connection with the specified version
892// and ticket length. It returns the length of the ClientHello, not including
893// the record header, on success and zero on error.
894static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
895 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]896 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]897 bssl::UniquePtr<SSL_SESSION> session =
898 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]899 if (!ctx || !session) {
900 return 0;
901 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]902
903 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]904 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]905 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]906 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]907 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]908 return 0;
909 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]910
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]911 std::vector<uint8_t> client_hello;
912 if (!GetClientHello(ssl.get(), &client_hello) ||
913 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]914 return 0;
915 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]916
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]917 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]918}
919
920struct PaddingTest {
921 size_t input_len, padded_len;
922};
923
924static const PaddingTest kPaddingTests[] = {
925 // ClientHellos of length below 0x100 do not require padding.
926 {0xfe, 0xfe},
927 {0xff, 0xff},
928 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
929 {0x100, 0x200},
930 {0x123, 0x200},
931 {0x1fb, 0x200},
932 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
933 // padding extension takes a minimum of four bytes plus one required content
934 // byte. (To work around yet more server bugs, we avoid empty final
935 // extensions.)
936 {0x1fc, 0x201},
937 {0x1fd, 0x202},
938 {0x1fe, 0x203},
939 {0x1ff, 0x204},
940 // Finally, larger ClientHellos need no padding.
941 {0x200, 0x200},
942 {0x201, 0x201},
943};
944
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]945static bool TestPaddingExtension(uint16_t max_version,
946 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]947 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]948 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]949 if (base_len == 0) {
950 return false;
951 }
952
953 for (const PaddingTest &test : kPaddingTests) {
954 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]955 fprintf(stderr,
956 "Baseline ClientHello too long (max_version = %04x, "
957 "session_version = %04x).\n",
958 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]959 return false;
960 }
961
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]962 size_t padded_len = GetClientHelloLen(max_version, session_version,
963 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]964 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]965 fprintf(stderr,
966 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
967 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]968 static_cast<unsigned>(test.input_len),
969 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]970 static_cast<unsigned>(test.padded_len), max_version,
971 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]972 return false;
973 }
974 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]975
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]976 return true;
977}
978
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]979// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
980// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]981TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]982 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]983 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]984 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]985 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]986
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]987 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
988 ASSERT_TRUE(name);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]989
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]990 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
991 ASSERT_TRUE(name_dup);
992
993 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
994 ASSERT_TRUE(stack);
995
996 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
997 name_dup.release();
998
999 // |SSL_set_client_CA_list| takes ownership.
1000 SSL_set_client_CA_list(ssl.get(), stack.release());
1001
1002 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1003 ASSERT_TRUE(result);
1004 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1005 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1006}
1007
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1008static void AppendSession(SSL_SESSION *session, void *arg) {
1009 std::vector<SSL_SESSION*> *out =
1010 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1011 out->push_back(session);
1012}
1013
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1014// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1015// order.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1016static bool CacheEquals(SSL_CTX *ctx,
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1017 const std::vector<SSL_SESSION*> &expected) {
1018 // Check the linked list.
1019 SSL_SESSION *ptr = ctx->session_cache_head;
1020 for (SSL_SESSION *session : expected) {
1021 if (ptr != session) {
1022 return false;
1023 }
1024 // TODO(davidben): This is an absurd way to denote the end of the list.
1025 if (ptr->next ==
1026 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1027 ptr = nullptr;
1028 } else {
1029 ptr = ptr->next;
1030 }
1031 }
1032 if (ptr != nullptr) {
1033 return false;
1034 }
1035
1036 // Check the hash table.
1037 std::vector<SSL_SESSION*> actual, expected_copy;
1038 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1039 expected_copy = expected;
1040
1041 std::sort(actual.begin(), actual.end());
1042 std::sort(expected_copy.begin(), expected_copy.end());
1043
1044 return actual == expected_copy;
1045}
1046
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1047static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]1048 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1049 if (!ssl_ctx) {
1050 return nullptr;
1051 }
1052 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1053 if (!ret) {
1054 return nullptr;
1055 }
1056
1057 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1058 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1059 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1060 return ret;
1061}
1062
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1063// Test that the internal session cache behaves as expected.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1064TEST(SSLTest, InternalSessionCache) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1065 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1066 ASSERT_TRUE(ctx);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1067
1068 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1069 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1070 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1071 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1072 ASSERT_TRUE(session);
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1073 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1074 }
1075
1076 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1077
1078 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1079 for (const auto &session : sessions) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1080 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1081 }
1082
1083 // Only the last five should be in the list.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1084 ASSERT_TRUE(CacheEquals(
1085 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1086 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1087
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1088 // Inserting an element already in the cache should fail and leave the cache
1089 // unchanged.
1090 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1091 ASSERT_TRUE(CacheEquals(
1092 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1093 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1094
1095 // Although collisions should be impossible (256-bit session IDs), the cache
1096 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1097 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1098 ASSERT_TRUE(collision);
1099 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1100 ASSERT_TRUE(CacheEquals(
1101 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1102 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1103
1104 // Removing sessions behaves correctly.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1105 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1106 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1107 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1108
1109 // Removing sessions requires an exact match.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1110 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1111 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1112
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1113 // The cache remains unchanged.
1114 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1115 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1116}
1117
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1118static uint16_t EpochFromSequence(uint64_t seq) {
1119 return static_cast<uint16_t>(seq >> 48);
1120}
1121
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1122static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1123 static const char kCertPEM[] =
1124 "-----BEGIN CERTIFICATE-----\n"
1125 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1126 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1127 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1128 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1129 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1130 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1131 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1132 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1133 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1134 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1135 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1136 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1137 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1138 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1139 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1140 return bssl::UniquePtr<X509>(
1141 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1142}
1143
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1144static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1145 static const char kKeyPEM[] =
1146 "-----BEGIN RSA PRIVATE KEY-----\n"
1147 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1148 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1149 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1150 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1151 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1152 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1153 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1154 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1155 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1156 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1157 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1158 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1159 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1160 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1161 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1162 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1163 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1164}
1165
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1166static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1167 static const char kCertPEM[] =
1168 "-----BEGIN CERTIFICATE-----\n"
1169 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1170 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1171 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1172 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1173 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1174 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1175 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1176 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1177 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1178 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1179 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1180 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1181 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1182}
1183
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1184static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1185 static const char kKeyPEM[] =
1186 "-----BEGIN PRIVATE KEY-----\n"
1187 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1188 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1189 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1190 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1191 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1192 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1193 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1194}
1195
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1196static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1197 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1198 char *name, *header;
1199 uint8_t *data;
1200 long data_len;
1201 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1202 &data_len)) {
1203 return nullptr;
1204 }
1205 OPENSSL_free(name);
1206 OPENSSL_free(header);
1207
1208 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1209 CRYPTO_BUFFER_new(data, data_len, nullptr));
1210 OPENSSL_free(data);
1211 return ret;
1212}
1213
1214static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1215 static const char kCertPEM[] =
1216 "-----BEGIN CERTIFICATE-----\n"
1217 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1218 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1219 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1220 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1221 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1222 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1223 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1224 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1225 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1226 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1227 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1228 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1229 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1230 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1231 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1232 "1ngWZ7Ih\n"
1233 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1234 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1235}
1236
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1237static bssl::UniquePtr<X509> X509FromBuffer(
1238 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1239 if (!buffer) {
1240 return nullptr;
1241 }
1242 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1243 return bssl::UniquePtr<X509>(
1244 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1245}
1246
1247static bssl::UniquePtr<X509> GetChainTestCertificate() {
1248 return X509FromBuffer(GetChainTestCertificateBuffer());
1249}
1250
1251static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1252 static const char kCertPEM[] =
1253 "-----BEGIN CERTIFICATE-----\n"
1254 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1255 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1256 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1257 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1258 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1259 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1260 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1261 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1262 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1263 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1264 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1265 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1266 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1267 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1268 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1269 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1270 return BufferFromPEM(kCertPEM);
1271}
1272
1273static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1274 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1275}
1276
1277static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1278 static const char kKeyPEM[] =
1279 "-----BEGIN PRIVATE KEY-----\n"
1280 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1281 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1282 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1283 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1284 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1285 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1286 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1287 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1288 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1289 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1290 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1291 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1292 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1293 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1294 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1295 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1296 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1297 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1298 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1299 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1300 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1301 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1302 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1303 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1304 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1305 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1306 "-----END PRIVATE KEY-----\n";
1307 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1308 return bssl::UniquePtr<EVP_PKEY>(
1309 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1310}
1311
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]1312static const uint8_t kTestName[] = {
1313 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
1314 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1315 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
1316 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
1317 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
1318 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64,
1319};
1320
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1321static bool CompleteHandshakes(SSL *client, SSL *server) {
1322 // Drive both their handshakes to completion.
1323 for (;;) {
1324 int client_ret = SSL_do_handshake(client);
1325 int client_err = SSL_get_error(client, client_ret);
1326 if (client_err != SSL_ERROR_NONE &&
1327 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1328 client_err != SSL_ERROR_WANT_WRITE &&
1329 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1330 fprintf(stderr, "Client error: %d\n", client_err);
1331 return false;
1332 }
1333
1334 int server_ret = SSL_do_handshake(server);
1335 int server_err = SSL_get_error(server, server_ret);
1336 if (server_err != SSL_ERROR_NONE &&
1337 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1338 server_err != SSL_ERROR_WANT_WRITE &&
1339 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1340 fprintf(stderr, "Server error: %d\n", server_err);
1341 return false;
1342 }
1343
1344 if (client_ret == 1 && server_ret == 1) {
1345 break;
1346 }
1347 }
1348
1349 return true;
1350}
1351
1352static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1353 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1354 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1355 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1356 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1357 if (!client || !server) {
1358 return false;
1359 }
1360 SSL_set_connect_state(client.get());
1361 SSL_set_accept_state(server.get());
1362
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1363 SSL_set_session(client.get(), session);
1364
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1365 BIO *bio1, *bio2;
1366 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1367 return false;
1368 }
1369 // SSL_set_bio takes ownership.
1370 SSL_set_bio(client.get(), bio1, bio1);
1371 SSL_set_bio(server.get(), bio2, bio2);
1372
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1373 if (!CompleteHandshakes(client.get(), server.get())) {
1374 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1375 }
1376
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1377 *out_client = std::move(client);
1378 *out_server = std::move(server);
1379 return true;
1380}
1381
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1382static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1383 uint16_t version) {
1384 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1385 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1386 if (!server_ctx || !client_ctx ||
1387 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1388 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1389 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1390 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1391 return false;
1392 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1393
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1394 bssl::UniquePtr<X509> cert = GetTestCertificate();
1395 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1396 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1397 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1398 return false;
1399 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1400
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1401 bssl::UniquePtr<SSL> client, server;
1402 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1403 server_ctx.get(), nullptr /* no session */)) {
1404 return false;
1405 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1406
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1407 // Drain any post-handshake messages to ensure there are no unread records
1408 // on either end.
1409 uint8_t byte = 0;
1410 if (SSL_read(client.get(), &byte, 1) > 0 ||
1411 SSL_read(server.get(), &byte, 1) > 0) {
1412 fprintf(stderr, "Received unexpected data.\n");
1413 return false;
1414 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1415
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1416 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1417 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1418 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1419 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1420
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1421 if (is_dtls) {
1422 // Both client and server must be at epoch 1.
1423 if (EpochFromSequence(client_read_seq) != 1 ||
1424 EpochFromSequence(client_write_seq) != 1 ||
1425 EpochFromSequence(server_read_seq) != 1 ||
1426 EpochFromSequence(server_write_seq) != 1) {
1427 fprintf(stderr, "Bad epochs.\n");
1428 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1429 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1430
1431 // The next record to be written should exceed the largest received.
1432 if (client_write_seq <= server_read_seq ||
1433 server_write_seq <= client_read_seq) {
1434 fprintf(stderr, "Inconsistent sequence numbers.\n");
1435 return false;
1436 }
1437 } else {
1438 // The next record to be written should equal the next to be received.
1439 if (client_write_seq != server_read_seq ||
1440 server_write_seq != client_read_seq) {
1441 fprintf(stderr, "Inconsistent sequence numbers.\n");
1442 return false;
1443 }
1444 }
1445
1446 // Send a record from client to server.
1447 if (SSL_write(client.get(), &byte, 1) != 1 ||
1448 SSL_read(server.get(), &byte, 1) != 1) {
1449 fprintf(stderr, "Could not send byte.\n");
1450 return false;
1451 }
1452
1453 // The client write and server read sequence numbers should have
1454 // incremented.
1455 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1456 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1457 fprintf(stderr, "Sequence numbers did not increment.\n");
1458 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1459 }
1460
1461 return true;
1462}
1463
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1464static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1465 uint16_t version) {
1466 // SSL_shutdown is a no-op in DTLS.
1467 if (is_dtls) {
1468 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1469 }
1470
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1471 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1472 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1473 bssl::UniquePtr<X509> cert = GetTestCertificate();
1474 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1475 if (!client_ctx || !server_ctx || !cert || !key ||
1476 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1477 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1478 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1479 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1480 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1481 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1482 return false;
1483 }
1484
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1485 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1486 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1487 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1488 return false;
1489 }
1490
1491 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1492 // one side has shut down.
1493 if (SSL_shutdown(client.get()) != 0) {
1494 fprintf(stderr, "Could not shutdown.\n");
1495 return false;
1496 }
1497
1498 // Reading from the server should consume the EOF.
1499 uint8_t byte;
1500 if (SSL_read(server.get(), &byte, 1) != 0 ||
1501 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1502 fprintf(stderr, "Connection was not shut down cleanly.\n");
1503 return false;
1504 }
1505
1506 // However, the server may continue to write data and then shut down the
1507 // connection.
1508 byte = 42;
1509 if (SSL_write(server.get(), &byte, 1) != 1 ||
1510 SSL_read(client.get(), &byte, 1) != 1 ||
1511 byte != 42) {
1512 fprintf(stderr, "Could not send byte.\n");
1513 return false;
1514 }
1515
1516 // The server may then shutdown the connection.
1517 if (SSL_shutdown(server.get()) != 1 ||
1518 SSL_shutdown(client.get()) != 1) {
1519 fprintf(stderr, "Could not complete shutdown.\n");
1520 return false;
1521 }
1522
1523 return true;
1524}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1525
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1526TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1527 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1528 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1529 ASSERT_TRUE(client_ctx);
1530 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1531
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1532 bssl::UniquePtr<X509> cert = GetTestCertificate();
1533 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1534 ASSERT_TRUE(cert);
1535 ASSERT_TRUE(key);
1536 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1537 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1538
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1539 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1540 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1541 server_ctx.get(),
1542 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1543
1544 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjamin31b0c9b2017-07-20 14:49:15 -0400[diff] [blame]1545 bssl::UniquePtr<SSL_SESSION> session1 =
1546 bssl::SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1547 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1548
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1549 session1->not_resumable = 0;
1550
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1551 uint8_t *s0_bytes, *s1_bytes;
1552 size_t s0_len, s1_len;
1553
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1554 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1555 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1556
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1557 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1558 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1559
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1560 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1561}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1562
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1563static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]1564 EXPECT_EQ(rfd, SSL_get_fd(ssl));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1565 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1566 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1567
1568 // The wrapper BIOs are always equal when fds are equal, even if set
1569 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1570 if (rfd == wfd) {
1571 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1572 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1573}
1574
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1575TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1576 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1577 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1578
1579 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1580 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1581 ASSERT_TRUE(ssl);
1582 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1583 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1584 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1585
1586 // Test setting the same FD.
1587 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1588 ASSERT_TRUE(ssl);
1589 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1590 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1591
1592 // Test setting the same FD one side at a time.
1593 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1594 ASSERT_TRUE(ssl);
1595 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1596 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1597 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1598
1599 // Test setting the same FD in the other order.
1600 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1601 ASSERT_TRUE(ssl);
1602 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1603 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1604 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1605
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1606 // Test changing the read FD partway through.
1607 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1608 ASSERT_TRUE(ssl);
1609 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1610 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1611 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1612
1613 // Test changing the write FD partway through.
1614 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1615 ASSERT_TRUE(ssl);
1616 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1617 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1618 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1619
1620 // Test a no-op change to the read FD partway through.
1621 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1622 ASSERT_TRUE(ssl);
1623 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1624 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1625 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1626
1627 // Test a no-op change to the write FD partway through.
1628 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1629 ASSERT_TRUE(ssl);
1630 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1631 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1632 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1633
1634 // ASan builds will implicitly test that the internal |BIO| reference-counting
1635 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1636}
1637
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1638TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1639 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1640 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1641
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1642 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1643 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1644 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1645 ASSERT_TRUE(ssl);
1646 ASSERT_TRUE(bio1);
1647 ASSERT_TRUE(bio2);
1648 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1649
1650 // SSL_set_bio takes one reference when the parameters are the same.
1651 BIO_up_ref(bio1.get());
1652 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1653
1654 // Repeating the call does nothing.
1655 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1656
1657 // It takes one reference each when the parameters are different.
1658 BIO_up_ref(bio2.get());
1659 BIO_up_ref(bio3.get());
1660 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1661
1662 // Repeating the call does nothing.
1663 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1664
1665 // It takes one reference when changing only wbio.
1666 BIO_up_ref(bio1.get());
1667 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1668
1669 // It takes one reference when changing only rbio and the two are different.
1670 BIO_up_ref(bio3.get());
1671 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1672
1673 // If setting wbio to rbio, it takes no additional references.
1674 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1675
1676 // From there, wbio may be switched to something else.
1677 BIO_up_ref(bio1.get());
1678 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1679
1680 // If setting rbio to wbio, it takes no additional references.
1681 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1682
1683 // From there, rbio may be switched to something else, but, for historical
1684 // reasons, it takes a reference to both parameters.
1685 BIO_up_ref(bio1.get());
1686 BIO_up_ref(bio2.get());
1687 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1688
1689 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1690 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1691}
1692
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1693static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1694
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1695static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1696 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1697 bssl::UniquePtr<X509> cert = GetTestCertificate();
1698 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1699 if (!cert || !key) {
1700 return false;
1701 }
1702
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1703 // Configure both client and server to accept any certificate.
1704 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1705 if (!ctx ||
1706 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1707 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1708 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1709 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1710 return false;
1711 }
1712 SSL_CTX_set_verify(
1713 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1714 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1715
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1716 bssl::UniquePtr<SSL> client, server;
1717 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1718 nullptr /* no session */)) {
1719 return false;
1720 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1721
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1722 // Client and server should both see the leaf certificate.
1723 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1724 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1725 fprintf(stderr, "Server peer certificate did not match.\n");
1726 return false;
1727 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1728
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1729 peer.reset(SSL_get_peer_certificate(client.get()));
1730 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1731 fprintf(stderr, "Client peer certificate did not match.\n");
1732 return false;
1733 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1734
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1735 // However, for historical reasons, the X509 chain includes the leaf on the
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1736 // client, but does not on the server.
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1737 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1 ||
1738 sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client.get())) != 1) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1739 fprintf(stderr, "Client peer chain was incorrect.\n");
1740 return false;
1741 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1742
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1743 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0 ||
1744 sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server.get())) != 1) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1745 fprintf(stderr, "Server peer chain was incorrect.\n");
1746 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1747 }
1748
1749 return true;
1750}
1751
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1752static bool TestNoPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1753 uint16_t version) {
1754 bssl::UniquePtr<X509> cert = GetTestCertificate();
1755 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1756 if (!cert || !key) {
1757 return false;
1758 }
1759
1760 // Configure an anonymous client.
1761 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method)),
1762 client_ctx(SSL_CTX_new(method));
1763 if (!server_ctx || !client_ctx ||
1764 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1765 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
1766 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1767 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1768 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1769 !SSL_CTX_set_max_proto_version(client_ctx.get(), version)) {
1770 return false;
1771 }
1772 SSL_CTX_set_verify(
1773 server_ctx.get(), SSL_VERIFY_PEER, nullptr);
1774 SSL_CTX_set_cert_verify_callback(server_ctx.get(), VerifySucceed, NULL);
1775 SSL_CTX_set_cert_verify_callback(client_ctx.get(), VerifySucceed, NULL);
1776
1777 bssl::UniquePtr<SSL> client, server;
1778 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1779 server_ctx.get(), nullptr /* no session */)) {
1780 return false;
1781 }
1782
1783 // Client and server should both see the leaf certificate.
1784 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1785 if (peer ||
1786 SSL_get0_peer_certificates(server.get()) != nullptr) {
1787 fprintf(stderr, "Server peer certificate was non-null.\n");
1788 return false;
1789 }
1790
1791 return true;
1792}
1793
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1794static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1795 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1796 bssl::UniquePtr<X509> cert = GetTestCertificate();
1797 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1798 if (!cert || !key) {
1799 return false;
1800 }
1801
1802 uint8_t *cert_der = NULL;
1803 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1804 if (cert_der_len < 0) {
1805 return false;
1806 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1807 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1808
1809 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1810 SHA256(cert_der, cert_der_len, cert_sha256);
1811
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1812 // Configure both client and server to accept any certificate, but the
1813 // server must retain only the SHA-256 of the peer.
1814 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1815 if (!ctx ||
1816 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1817 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1818 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1819 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1820 return false;
1821 }
1822 SSL_CTX_set_verify(
1823 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1824 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1825 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1826
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1827 bssl::UniquePtr<SSL> client, server;
1828 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1829 nullptr /* no session */)) {
1830 return false;
1831 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1832
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1833 // The peer certificate has been dropped.
1834 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1835 if (peer) {
1836 fprintf(stderr, "Peer certificate was retained.\n");
1837 return false;
1838 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1839
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1840 SSL_SESSION *session = SSL_get_session(server.get());
1841 if (!session->peer_sha256_valid) {
1842 fprintf(stderr, "peer_sha256_valid was not set.\n");
1843 return false;
1844 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1845
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1846 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1847 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1848 fprintf(stderr, "peer_sha256 did not match.\n");
1849 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1850 }
1851
1852 return true;
1853}
1854
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1855static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1856 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1857 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1858 // Our default cipher list varies by CPU capabilities, so manually place the
1859 // ChaCha20 ciphers in front.
Matthew Braithwaite7e06de52017-04-10 15:52:14 -0700[diff] [blame]1860 const char* cipher_list = "CHACHA20:ALL";
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1861 if (!ctx ||
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]1862 // SSLv3 is off by default.
1863 !SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1864 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1865 !SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list)) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1866 return false;
1867 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1868
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1869 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1870 if (!ssl) {
1871 return false;
1872 }
1873 std::vector<uint8_t> client_hello;
1874 if (!GetClientHello(ssl.get(), &client_hello)) {
1875 return false;
1876 }
1877
1878 // Zero the client_random.
1879 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1880 1 + 3 + // handshake message header
1881 2; // client_version
1882 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1883 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1884 return false;
1885 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1886 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1887
1888 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1889 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1890 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1891 fprintf(stderr, "Got:\n\t");
1892 for (size_t i = 0; i < client_hello.size(); i++) {
1893 fprintf(stderr, "0x%02x, ", client_hello[i]);
1894 }
1895 fprintf(stderr, "\nWanted:\n\t");
1896 for (size_t i = 0; i < expected_len; i++) {
1897 fprintf(stderr, "0x%02x, ", expected[i]);
1898 }
1899 fprintf(stderr, "\n");
1900 return false;
1901 }
1902
1903 return true;
1904}
1905
1906// Tests that our ClientHellos do not change unexpectedly.
1907static bool TestClientHello() {
1908 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1909 0x16,
1910 0x03, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1911 0x00, 0x3b,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1912 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1913 0x00, 0x00, 0x37,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1914 0x03, 0x00,
1915 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1916 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1917 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1918 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1919 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1920 0x00, 0x10,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1921 0xc0, 0x09,
1922 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1923 0xc0, 0x0a,
1924 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1925 0x00, 0x2f,
1926 0x00, 0x35,
1927 0x00, 0x0a,
1928 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1929 };
1930 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1931 sizeof(kSSL3ClientHello))) {
1932 return false;
1933 }
1934
1935 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1936 0x16,
1937 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1938 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1939 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1940 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1941 0x03, 0x01,
1942 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1943 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1944 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1945 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1946 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1947 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1948 0xc0, 0x09,
1949 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1950 0xc0, 0x0a,
1951 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1952 0x00, 0x2f,
1953 0x00, 0x35,
1954 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1955 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1956 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1957 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1958 };
1959 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1960 sizeof(kTLS1ClientHello))) {
1961 return false;
1962 }
1963
1964 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1965 0x16,
1966 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1967 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1968 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1969 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1970 0x03, 0x02,
1971 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1972 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1973 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1974 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1975 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1976 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1977 0xc0, 0x09,
1978 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1979 0xc0, 0x0a,
1980 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1981 0x00, 0x2f,
1982 0x00, 0x35,
1983 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1984 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1985 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1986 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1987 };
1988 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1989 sizeof(kTLS11ClientHello))) {
1990 return false;
1991 }
1992
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1993 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1994 // builds.
1995#if defined(BORINGSSL_ANDROID_SYSTEM)
1996 return true;
1997#endif
1998
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1999 static const uint8_t kTLS12ClientHello[] = {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2000 0x16,
2001 0x03, 0x01,
2002 0x00, 0x8e,
2003 0x01,
2004 0x00, 0x00, 0x8a,
2005 0x03, 0x03,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]2006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2008 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2009 0x00, 0x2a,
2010 0xcc, 0xa9,
2011 0xcc, 0xa8,
2012 0xc0, 0x2b,
2013 0xc0, 0x2f,
2014 0xc0, 0x2c,
2015 0xc0, 0x30,
2016 0xc0, 0x09,
2017 0xc0, 0x23,
2018 0xc0, 0x13,
2019 0xc0, 0x27,
2020 0xc0, 0x0a,
2021 0xc0, 0x24,
2022 0xc0, 0x14,
2023 0xc0, 0x28,
2024 0x00, 0x9c,
2025 0x00, 0x9d,
2026 0x00, 0x2f,
2027 0x00, 0x3c,
2028 0x00, 0x35,
2029 0x00, 0x3d,
2030 0x00, 0x0a,
2031 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2032 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04,
2033 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08,
2034 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2035 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2036 };
2037 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
2038 sizeof(kTLS12ClientHello))) {
2039 return false;
2040 }
2041
2042 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
2043 // implementation has settled enough that it won't change.
2044
2045 return true;
2046}
2047
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2048static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2049
2050static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2051 // Save the most recent session.
2052 g_last_session.reset(session);
2053 return 1;
2054}
2055
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2056static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
Steven Valdeze831a812017-03-09 14:56:07 -0500[diff] [blame]2057 SSL_CTX *server_ctx) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2058 g_last_session = nullptr;
2059 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2060
2061 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2062 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2063 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2064 nullptr /* no session */)) {
2065 fprintf(stderr, "Failed to connect client and server.\n");
2066 return nullptr;
2067 }
2068
2069 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2070 SSL_read(client.get(), nullptr, 0);
2071
2072 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2073
2074 if (!g_last_session) {
2075 fprintf(stderr, "Client did not receive a session.\n");
2076 return nullptr;
2077 }
2078 return std::move(g_last_session);
2079}
2080
2081static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2082 SSL_SESSION *session,
2083 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2084 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2085 if (!ConnectClientAndServer(&client, &server, client_ctx,
2086 server_ctx, session)) {
2087 fprintf(stderr, "Failed to connect client and server.\n");
2088 return false;
2089 }
2090
2091 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2092 fprintf(stderr, "Client and server were inconsistent.\n");
2093 return false;
2094 }
2095
2096 bool was_reused = !!SSL_session_reused(client.get());
2097 if (was_reused != reused) {
2098 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
2099 was_reused ? "" : " not");
2100 return false;
2101 }
2102
2103 return true;
2104}
2105
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2106static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2107 SSL_CTX *server_ctx,
2108 SSL_SESSION *session) {
2109 g_last_session = nullptr;
2110 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2111
2112 bssl::UniquePtr<SSL> client, server;
2113 if (!ConnectClientAndServer(&client, &server, client_ctx,
2114 server_ctx, session)) {
2115 fprintf(stderr, "Failed to connect client and server.\n");
2116 return nullptr;
2117 }
2118
2119 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2120 fprintf(stderr, "Client and server were inconsistent.\n");
2121 return nullptr;
2122 }
2123
2124 if (!SSL_session_reused(client.get())) {
2125 fprintf(stderr, "Session was not reused.\n");
2126 return nullptr;
2127 }
2128
2129 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2130 SSL_read(client.get(), nullptr, 0);
2131
2132 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2133
2134 if (!g_last_session) {
2135 fprintf(stderr, "Client did not receive a renewed session.\n");
2136 return nullptr;
2137 }
2138 return std::move(g_last_session);
2139}
2140
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2141static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2142 static const uint8_t kContext[] = {3};
2143
2144 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2145 return SSL_TLSEXT_ERR_ALERT_FATAL;
2146 }
2147
2148 return SSL_TLSEXT_ERR_OK;
2149}
2150
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2151static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2152 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2153 bssl::UniquePtr<X509> cert = GetTestCertificate();
2154 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2155 if (!cert || !key) {
2156 return false;
2157 }
2158
2159 static const uint8_t kContext1[] = {1};
2160 static const uint8_t kContext2[] = {2};
2161
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2162 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2163 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2164 if (!server_ctx || !client_ctx ||
2165 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2166 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2167 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2168 sizeof(kContext1)) ||
2169 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2170 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2171 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2172 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2173 return false;
2174 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2175
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2176 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2177 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2178
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2179 bssl::UniquePtr<SSL_SESSION> session =
2180 CreateClientSession(client_ctx.get(), server_ctx.get());
2181 if (!session) {
2182 fprintf(stderr, "Error getting session.\n");
2183 return false;
2184 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2185
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2186 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2187 true /* expect session reused */)) {
2188 fprintf(stderr, "Error resuming session.\n");
2189 return false;
2190 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2191
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2192 // Change the session ID context.
2193 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2194 sizeof(kContext2))) {
2195 return false;
2196 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2197
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2198 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2199 false /* expect session not reused */)) {
2200 fprintf(stderr, "Error connecting with a different context.\n");
2201 return false;
2202 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2203
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2204 // Change the session ID context back and install an SNI callback to switch
2205 // it.
2206 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2207 sizeof(kContext1))) {
2208 return false;
2209 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2210
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2211 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2212 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2213
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2214 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2215 false /* expect session not reused */)) {
2216 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2217 return false;
2218 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2219
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2220 // Switch the session ID context with the early callback instead.
2221 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2222 SSL_CTX_set_select_certificate_cb(
2223 server_ctx.get(),
2224 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2225 static const uint8_t kContext[] = {3};
2226
2227 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2228 sizeof(kContext))) {
2229 return ssl_select_cert_error;
2230 }
2231
2232 return ssl_select_cert_success;
2233 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2234
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2235 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2236 false /* expect session not reused */)) {
2237 fprintf(stderr,
2238 "Error connecting with a context switch on early callback.\n");
2239 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2240 }
2241
2242 return true;
2243}
2244
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2245static timeval g_current_time;
2246
2247static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2248 *out_clock = g_current_time;
2249}
2250
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2251static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2252 out_clock->tv_sec = 1000;
2253 out_clock->tv_usec = 0;
2254}
2255
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2256static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2257 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2258 int encrypt) {
2259 static const uint8_t kZeros[16] = {0};
2260
2261 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2262 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2263 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2264 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2265 return 0;
2266 }
2267
2268 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2269 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2270 return -1;
2271 }
2272
2273 // Returning two from the callback in decrypt mode renews the
2274 // session in TLS 1.2 and below.
2275 return encrypt ? 1 : 2;
2276}
2277
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2278static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2279 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2280 return false;
2281 }
2282
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2283 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2284 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2285 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2286
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2287#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2288 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2289 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2290#else
2291 static const uint8_t kZeros[16] = {0};
2292 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2293 bssl::ScopedEVP_CIPHER_CTX ctx;
2294 int len1, len2;
2295 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2296 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2297 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2298 return false;
2299 }
2300
2301 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2302#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2303
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2304 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2305 if (!ssl_ctx) {
2306 return false;
2307 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2308 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2309 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2310 if (!server_session) {
2311 return false;
2312 }
2313
2314 *out = server_session->time;
2315 return true;
2316}
2317
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2318static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2319 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2320 bssl::UniquePtr<X509> cert = GetTestCertificate();
2321 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2322 if (!cert || !key) {
2323 return false;
2324 }
2325
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2326 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2327 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2328 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2329
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2330 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2331 // resumptions still perform ECDHE.
2332 const time_t timeout = version == TLS1_3_VERSION
2333 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2334 : SSL_DEFAULT_SESSION_TIMEOUT;
2335
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2336 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2337 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2338 if (!server_ctx || !client_ctx ||
2339 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2340 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2341 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2342 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2343 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2344 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2345 return false;
2346 }
2347
2348 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2349 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2350
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2351 // Both client and server must enforce session timeouts. We configure the
2352 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2353 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2354 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2355 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2356 } else {
2357 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2358 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2359 }
2360
2361 // Configure a ticket callback which renews tickets.
2362 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2363
2364 bssl::UniquePtr<SSL_SESSION> session =
2365 CreateClientSession(client_ctx.get(), server_ctx.get());
2366 if (!session) {
2367 fprintf(stderr, "Error getting session.\n");
2368 return false;
2369 }
2370
2371 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2372 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2373
2374 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2375 true /* expect session reused */)) {
2376 fprintf(stderr, "Error resuming session.\n");
2377 return false;
2378 }
2379
2380 // Advance the clock one more second.
2381 g_current_time.tv_sec++;
2382
2383 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2384 false /* expect session not reused */)) {
2385 fprintf(stderr, "Error resuming session.\n");
2386 return false;
2387 }
2388
2389 // Rewind the clock to before the session was minted.
2390 g_current_time.tv_sec = kStartTime - 1;
2391
2392 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2393 false /* expect session not reused */)) {
2394 fprintf(stderr, "Error resuming session.\n");
2395 return false;
2396 }
2397
2398 // SSL 3.0 cannot renew sessions.
2399 if (version == SSL3_VERSION) {
2400 continue;
2401 }
2402
2403 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2404 time_t new_start_time = kStartTime + timeout - 10;
2405 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2406 bssl::UniquePtr<SSL_SESSION> new_session =
2407 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2408 if (!new_session) {
2409 fprintf(stderr, "Error renewing session.\n");
2410 return false;
2411 }
2412
2413 // This new session is not the same object as before.
2414 if (session.get() == new_session.get()) {
2415 fprintf(stderr, "New and old sessions alias.\n");
2416 return false;
2417 }
2418
2419 // Check the sessions have timestamps measured from issuance.
2420 long session_time = 0;
2421 if (server_test) {
2422 if (!GetServerTicketTime(&session_time, new_session.get())) {
2423 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2424 return false;
2425 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2426 } else {
2427 session_time = new_session->time;
2428 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2429
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2430 if (session_time != g_current_time.tv_sec) {
2431 fprintf(stderr, "New session is not measured from issuance.\n");
2432 return false;
2433 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2434
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2435 if (version == TLS1_3_VERSION) {
2436 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2437 // lifetime TLS 1.3.
2438 g_current_time.tv_sec = new_start_time + timeout - 1;
2439 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2440 new_session.get(),
2441 true /* expect session reused */)) {
2442 fprintf(stderr, "Error resuming renewed session.\n");
2443 return false;
2444 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2445
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2446 // The new session expires after the new timeout.
2447 g_current_time.tv_sec = new_start_time + timeout + 1;
2448 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2449 new_session.get(),
2450 false /* expect session ot reused */)) {
2451 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2452 return false;
2453 }
2454
2455 // Renew the session until it begins just past the auth timeout.
2456 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2457 while (new_start_time < auth_end_time - 1000) {
2458 // Get as close as possible to target start time.
2459 new_start_time =
2460 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2461 g_current_time.tv_sec = new_start_time;
2462 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2463 new_session.get());
2464 if (!new_session) {
2465 fprintf(stderr, "Error renewing session.\n");
2466 return false;
2467 }
2468 }
2469
2470 // Now the session's lifetime is bound by the auth timeout.
2471 g_current_time.tv_sec = auth_end_time - 1;
2472 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2473 new_session.get(),
2474 true /* expect session reused */)) {
2475 fprintf(stderr, "Error resuming renewed session.\n");
2476 return false;
2477 }
2478
2479 g_current_time.tv_sec = auth_end_time + 1;
2480 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2481 new_session.get(),
2482 false /* expect session ot reused */)) {
2483 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2484 return false;
2485 }
2486 } else {
2487 // The new session is usable just before the old expiration.
2488 g_current_time.tv_sec = kStartTime + timeout - 1;
2489 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2490 new_session.get(),
2491 true /* expect session reused */)) {
2492 fprintf(stderr, "Error resuming renewed session.\n");
2493 return false;
2494 }
2495
2496 // Renewal does not extend the lifetime, so it is not usable beyond the
2497 // old expiration.
2498 g_current_time.tv_sec = kStartTime + timeout + 1;
2499 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2500 new_session.get(),
2501 false /* expect session not reused */)) {
2502 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2503 return false;
2504 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2505 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2506 }
2507
2508 return true;
2509}
2510
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2511static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2512 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2513 SSL_set_SSL_CTX(ssl, ctx);
2514 return SSL_TLSEXT_ERR_OK;
2515}
2516
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2517static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2518 uint16_t version) {
2519 // SSL 3.0 lacks extensions.
2520 if (version == SSL3_VERSION) {
2521 return true;
2522 }
2523
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2524 bssl::UniquePtr<X509> cert = GetTestCertificate();
2525 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2526 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2527 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2528 if (!cert || !key || !cert2 || !key2) {
2529 return false;
2530 }
2531
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2532 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2533 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2534
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2535 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2536 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2537
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2538 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2539 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2540 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2541 if (!server_ctx || !server_ctx2 || !client_ctx ||
2542 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2543 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2544 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2545 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2546 !SSL_CTX_set_signed_cert_timestamp_list(server_ctx2.get(), kSCTList,
2547 sizeof(kSCTList)) ||
2548 !SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2549 sizeof(kOCSPResponse)) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2550 // Historically signing preferences would be lost in some cases with the
2551 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2552 // this doesn't happen when |version| is TLS 1.2, configure the private
2553 // key to only sign SHA-256.
2554 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2555 1) ||
2556 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2557 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2558 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2559 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2560 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2561 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2562 return false;
2563 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2564
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2565 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2566 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2567
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2568 SSL_CTX_enable_signed_cert_timestamps(client_ctx.get());
2569 SSL_CTX_enable_ocsp_stapling(client_ctx.get());
2570
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2571 bssl::UniquePtr<SSL> client, server;
2572 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2573 server_ctx.get(), nullptr)) {
2574 fprintf(stderr, "Handshake failed.\n");
2575 return false;
2576 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2577
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2578 // The client should have received |cert2|.
2579 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2580 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2581 fprintf(stderr, "Incorrect certificate received.\n");
2582 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2583 }
2584
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2585 // The client should have received |server_ctx2|'s SCT list.
2586 const uint8_t *data;
2587 size_t len;
2588 SSL_get0_signed_cert_timestamp_list(client.get(), &data, &len);
2589 if (Bytes(kSCTList) != Bytes(data, len)) {
2590 fprintf(stderr, "Incorrect SCT list received.\n");
2591 return false;
2592 }
2593
2594 // The client should have received |server_ctx2|'s OCSP response.
2595 SSL_get0_ocsp_response(client.get(), &data, &len);
2596 if (Bytes(kOCSPResponse) != Bytes(data, len)) {
2597 fprintf(stderr, "Incorrect OCSP response received.\n");
2598 return false;
2599 }
2600
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2601 return true;
2602}
2603
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2604// Test that the early callback can swap the maximum version.
2605TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2606 bssl::UniquePtr<X509> cert = GetTestCertificate();
2607 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2608 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2609 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2610 ASSERT_TRUE(cert);
2611 ASSERT_TRUE(key);
2612 ASSERT_TRUE(server_ctx);
2613 ASSERT_TRUE(client_ctx);
2614 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2615 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2616 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2617 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2618
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2619 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2620 server_ctx.get(),
2621 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2622 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2623 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2624 }
2625
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2626 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2627 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2628
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2629 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2630 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2631 server_ctx.get(), nullptr));
2632 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2633}
2634
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2635TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2636 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2637 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2638
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2639 // Set valid TLS versions.
2640 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2641 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2642 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2643 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2644
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2645 // Invalid TLS versions are rejected.
2646 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2647 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2648 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2649 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2650 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2651 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2652
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2653 // Zero is the default version.
2654 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2655 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2656 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2657 EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2658
2659 // SSL 3.0 and TLS 1.3 are available, but not by default.
2660 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2661 EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2662 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2663 EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2664
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2665 // TLS1_3_DRAFT_VERSION is not an API-level version.
2666 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT_VERSION));
2667 ERR_clear_error();
2668
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2669 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2670 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2671
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2672 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2673 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2674 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2675 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2676
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2677 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2678 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2679 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2680 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2681 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2682 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2683 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2684 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2685
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2686 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2687 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2688 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2689 EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2690}
2691
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2692static const char *GetVersionName(uint16_t version) {
2693 switch (version) {
2694 case SSL3_VERSION:
2695 return "SSLv3";
2696 case TLS1_VERSION:
2697 return "TLSv1";
2698 case TLS1_1_VERSION:
2699 return "TLSv1.1";
2700 case TLS1_2_VERSION:
2701 return "TLSv1.2";
2702 case TLS1_3_VERSION:
2703 return "TLSv1.3";
2704 case DTLS1_VERSION:
2705 return "DTLSv1";
2706 case DTLS1_2_VERSION:
2707 return "DTLSv1.2";
2708 default:
2709 return "???";
2710 }
2711}
2712
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2713static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2714 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2715 bssl::UniquePtr<X509> cert = GetTestCertificate();
2716 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2717 if (!cert || !key) {
2718 return false;
2719 }
2720
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2721 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2722 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2723 bssl::UniquePtr<SSL> client, server;
2724 if (!server_ctx || !client_ctx ||
2725 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2726 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2727 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2728 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2729 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2730 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2731 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2732 server_ctx.get(), nullptr /* no session */)) {
2733 fprintf(stderr, "Failed to connect.\n");
2734 return false;
2735 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2736
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2737 if (SSL_version(client.get()) != version ||
2738 SSL_version(server.get()) != version) {
2739 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2740 SSL_version(client.get()), SSL_version(server.get()), version);
2741 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2742 }
2743
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2744 // Test the version name is reported as expected.
2745 const char *version_name = GetVersionName(version);
2746 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2747 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2748 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2749 SSL_get_version(client.get()), SSL_get_version(server.get()),
2750 version_name);
2751 return false;
2752 }
2753
2754 // Test SSL_SESSION reports the same name.
2755 const char *client_name =
2756 SSL_SESSION_get_version(SSL_get_session(client.get()));
2757 const char *server_name =
2758 SSL_SESSION_get_version(SSL_get_session(server.get()));
2759 if (strcmp(version_name, client_name) != 0 ||
2760 strcmp(version_name, server_name) != 0) {
2761 fprintf(stderr,
2762 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2763 client_name, server_name, version_name);
2764 return false;
2765 }
2766
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2767 return true;
2768}
2769
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2770// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2771// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2772static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2773 uint16_t version) {
2774 // SSL 3.0 lacks extensions.
2775 if (version == SSL3_VERSION) {
2776 return true;
2777 }
2778
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2779 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2780
2781 bssl::UniquePtr<X509> cert = GetTestCertificate();
2782 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2783 if (!cert || !key) {
2784 return false;
2785 }
2786
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2787 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2788 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2789 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2790 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2791 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2792 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2793 0) {
2794 return false;
2795 }
2796
2797 // The ALPN callback does not fail the handshake on error, so have the
2798 // callback write a boolean.
2799 std::pair<uint16_t, bool> callback_state(version, false);
2800 SSL_CTX_set_alpn_select_cb(
2801 ctx.get(),
2802 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2803 unsigned in_len, void *arg) -> int {
2804 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2805 if (SSL_get_pending_cipher(ssl) != nullptr &&
2806 SSL_version(ssl) == state->first) {
2807 state->second = true;
2808 }
2809 return SSL_TLSEXT_ERR_NOACK;
2810 },
2811 &callback_state);
2812
2813 bssl::UniquePtr<SSL> client, server;
2814 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2815 nullptr /* no session */)) {
2816 return false;
2817 }
2818
2819 if (!callback_state.second) {
2820 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2821 return false;
2822 }
2823
2824 return true;
2825}
2826
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2827static bool TestSSLClearSessionResumption(bool is_dtls,
2828 const SSL_METHOD *method,
2829 uint16_t version) {
2830 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2831 // API pattern.
2832 if (version == TLS1_3_VERSION) {
2833 return true;
2834 }
2835
2836 bssl::UniquePtr<X509> cert = GetTestCertificate();
2837 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2838 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2839 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2840 if (!cert || !key || !server_ctx || !client_ctx ||
2841 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2842 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2843 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2844 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2845 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2846 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2847 return false;
2848 }
2849
2850 // Connect a client and a server.
2851 bssl::UniquePtr<SSL> client, server;
2852 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2853 server_ctx.get(), nullptr /* no session */)) {
2854 return false;
2855 }
2856
2857 if (SSL_session_reused(client.get()) ||
2858 SSL_session_reused(server.get())) {
2859 fprintf(stderr, "Session unexpectedly reused.\n");
2860 return false;
2861 }
2862
2863 // Reset everything.
2864 if (!SSL_clear(client.get()) ||
2865 !SSL_clear(server.get())) {
2866 fprintf(stderr, "SSL_clear failed.\n");
2867 return false;
2868 }
2869
2870 // Attempt to connect a second time.
2871 if (!CompleteHandshakes(client.get(), server.get())) {
2872 fprintf(stderr, "Could not reuse SSL objects.\n");
2873 return false;
2874 }
2875
2876 // |SSL_clear| should implicitly offer the previous session to the server.
2877 if (!SSL_session_reused(client.get()) ||
2878 !SSL_session_reused(server.get())) {
2879 fprintf(stderr, "Session was not reused in second try.\n");
2880 return false;
2881 }
2882
2883 return true;
2884}
2885
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2886static bool ChainsEqual(STACK_OF(X509) *chain,
2887 const std::vector<X509 *> &expected) {
2888 if (sk_X509_num(chain) != expected.size()) {
2889 return false;
2890 }
2891
2892 for (size_t i = 0; i < expected.size(); i++) {
2893 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2894 return false;
2895 }
2896 }
2897
2898 return true;
2899}
2900
2901static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2902 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2903 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2904 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2905 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2906 if (!cert || !intermediate || !key) {
2907 return false;
2908 }
2909
2910 // Configure both client and server to accept any certificate. Add
2911 // |intermediate| to the cert store.
2912 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2913 if (!ctx ||
2914 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2915 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2916 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2917 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2918 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2919 intermediate.get())) {
2920 return false;
2921 }
2922 SSL_CTX_set_verify(
2923 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2924 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2925
2926 // By default, the client and server should each only send the leaf.
2927 bssl::UniquePtr<SSL> client, server;
2928 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2929 nullptr /* no session */)) {
2930 return false;
2931 }
2932
2933 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2934 fprintf(stderr, "Client-received chain did not match.\n");
2935 return false;
2936 }
2937
2938 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2939 fprintf(stderr, "Server-received chain did not match.\n");
2940 return false;
2941 }
2942
2943 // If auto-chaining is enabled, then the intermediate is sent.
2944 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2945 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2946 nullptr /* no session */)) {
2947 return false;
2948 }
2949
2950 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2951 {cert.get(), intermediate.get()})) {
2952 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
2953 return false;
2954 }
2955
2956 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2957 {cert.get(), intermediate.get()})) {
2958 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
2959 return false;
2960 }
2961
2962 // Auto-chaining does not override explicitly-configured intermediates.
2963 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
2964 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2965 nullptr /* no session */)) {
2966 return false;
2967 }
2968
2969 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2970 {cert.get(), cert.get()})) {
2971 fprintf(stderr,
2972 "Client-received chain did not match (auto-chaining, explicit "
2973 "intermediate).\n");
2974 return false;
2975 }
2976
2977 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2978 {cert.get(), cert.get()})) {
2979 fprintf(stderr,
2980 "Server-received chain did not match (auto-chaining, explicit "
2981 "intermediate).\n");
2982 return false;
2983 }
2984
2985 return true;
2986}
2987
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2988static bool ExpectBadWriteRetry() {
2989 int err = ERR_get_error();
2990 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2991 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2992 char buf[ERR_ERROR_STRING_BUF_LEN];
2993 ERR_error_string_n(err, buf, sizeof(buf));
2994 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2995 return false;
2996 }
2997
2998 if (ERR_peek_error() != 0) {
2999 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
3000 return false;
3001 }
3002
3003 return true;
3004}
3005
3006static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
3007 uint16_t version) {
3008 if (is_dtls) {
3009 return true;
3010 }
3011
3012 for (bool enable_partial_write : std::vector<bool>{false, true}) {
3013 // Connect a client and server.
3014 bssl::UniquePtr<X509> cert = GetTestCertificate();
3015 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3016 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3017 bssl::UniquePtr<SSL> client, server;
3018 if (!cert || !key || !ctx ||
3019 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3020 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3021 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3022 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
3023 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3024 nullptr /* no session */)) {
3025 return false;
3026 }
3027
3028 if (enable_partial_write) {
3029 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
3030 }
3031
3032 // Write without reading until the buffer is full and we have an unfinished
3033 // write. Keep a count so we may reread it again later. "hello!" will be
3034 // written in two chunks, "hello" and "!".
3035 char data[] = "hello!";
3036 static const int kChunkLen = 5; // The length of "hello".
3037 unsigned count = 0;
3038 for (;;) {
3039 int ret = SSL_write(client.get(), data, kChunkLen);
3040 if (ret <= 0) {
3041 int err = SSL_get_error(client.get(), ret);
3042 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
3043 break;
3044 }
3045 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
3046 return false;
3047 }
3048
3049 if (ret != 5) {
3050 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
3051 return false;
3052 }
3053
3054 count++;
3055 }
3056
3057 // Retrying with the same parameters is legal.
3058 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
3059 SSL_ERROR_WANT_WRITE) {
3060 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3061 return false;
3062 }
3063
3064 // Retrying with the same buffer but shorter length is not legal.
3065 if (SSL_get_error(client.get(),
3066 SSL_write(client.get(), data, kChunkLen - 1)) !=
3067 SSL_ERROR_SSL ||
3068 !ExpectBadWriteRetry()) {
3069 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3070 return false;
3071 }
3072
3073 // Retrying with a different buffer pointer is not legal.
3074 char data2[] = "hello";
3075 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
3076 kChunkLen)) != SSL_ERROR_SSL ||
3077 !ExpectBadWriteRetry()) {
3078 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3079 return false;
3080 }
3081
3082 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
3083 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
3084 if (SSL_get_error(client.get(),
3085 SSL_write(client.get(), data2, kChunkLen)) !=
3086 SSL_ERROR_WANT_WRITE) {
3087 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3088 return false;
3089 }
3090
3091 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
3092 if (SSL_get_error(client.get(),
3093 SSL_write(client.get(), data2, kChunkLen - 1)) !=
3094 SSL_ERROR_SSL ||
3095 !ExpectBadWriteRetry()) {
3096 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3097 return false;
3098 }
3099
3100 // Retrying with a larger buffer is legal.
3101 if (SSL_get_error(client.get(),
3102 SSL_write(client.get(), data, kChunkLen + 1)) !=
3103 SSL_ERROR_WANT_WRITE) {
3104 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3105 return false;
3106 }
3107
3108 // Drain the buffer.
3109 char buf[20];
3110 for (unsigned i = 0; i < count; i++) {
3111 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3112 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
3113 fprintf(stderr, "Failed to read initial records.\n");
3114 return false;
3115 }
3116 }
3117
3118 // Now that there is space, a retry with a larger buffer should flush the
3119 // pending record, skip over that many bytes of input (on assumption they
3120 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
3121 // is set, this will complete in two steps.
3122 char data3[] = "_____!";
3123 if (enable_partial_write) {
3124 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
3125 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
3126 fprintf(stderr, "SSL_write retry failed.\n");
3127 return false;
3128 }
3129 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3130 fprintf(stderr, "SSL_write retry failed.\n");
3131 return false;
3132 }
3133
3134 // Check the last write was correct. The data will be spread over two
3135 // records, so SSL_read returns twice.
3136 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3137 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3138 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3139 buf[0] != '!') {
3140 fprintf(stderr, "Failed to read write retry.\n");
3141 return false;
3142 }
3143 }
3144
3145 return true;
3146}
3147
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]3148static bool TestRecordCallback(bool is_dtls, const SSL_METHOD *method,
3149 uint16_t version) {
3150 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
3151 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
3152 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3153 if (!cert || !intermediate || !key) {
3154 return false;
3155 }
3156
3157 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3158 if (!ctx ||
3159 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3160 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3161 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3162 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
3163 return false;
3164 }
3165
3166 bool read_seen = false;
3167 bool write_seen = false;
3168 auto cb = [&](int is_write, int cb_version, int cb_type, const void *buf,
3169 size_t len, SSL *ssl) {
3170 if (cb_type != SSL3_RT_HEADER) {
3171 return;
3172 }
3173
3174 // The callback does not report a version for records.
3175 EXPECT_EQ(0, cb_version);
3176
3177 if (is_write) {
3178 write_seen = true;
3179 } else {
3180 read_seen = true;
3181 }
3182
3183 // Sanity-check that the record header is plausible.
3184 CBS cbs;
3185 CBS_init(&cbs, reinterpret_cast<const uint8_t *>(buf), len);
3186 uint8_t type;
3187 uint16_t record_version, length;
3188 ASSERT_TRUE(CBS_get_u8(&cbs, &type));
3189 ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
3190 EXPECT_TRUE(record_version == version ||
3191 record_version == (is_dtls ? DTLS1_VERSION : TLS1_VERSION))
3192 << "Invalid record version: " << record_version;
3193 if (is_dtls) {
3194 uint16_t epoch;
3195 ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
3196 EXPECT_TRUE(epoch == 0 || epoch == 1) << "Invalid epoch: " << epoch;
3197 ASSERT_TRUE(CBS_skip(&cbs, 6));
3198 }
3199 ASSERT_TRUE(CBS_get_u16(&cbs, &length));
3200 EXPECT_EQ(0u, CBS_len(&cbs));
3201 };
3202 using CallbackType = decltype(cb);
3203 SSL_CTX_set_msg_callback(
3204 ctx.get(), [](int is_write, int cb_version, int cb_type, const void *buf,
3205 size_t len, SSL *ssl, void *arg) {
3206 CallbackType *cb_ptr = reinterpret_cast<CallbackType *>(arg);
3207 (*cb_ptr)(is_write, cb_version, cb_type, buf, len, ssl);
3208 });
3209 SSL_CTX_set_msg_callback_arg(ctx.get(), &cb);
3210
3211 bssl::UniquePtr<SSL> client, server;
3212 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3213 nullptr /* no session */)) {
3214 return false;
3215 }
3216
3217 EXPECT_TRUE(read_seen);
3218 EXPECT_TRUE(write_seen);
3219 return true;
3220}
3221
3222
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3223static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3224 const SSL_METHOD *method,
3225 uint16_t version)) {
3226 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]3227 SSL3_VERSION,
3228 TLS1_VERSION,
3229 TLS1_1_VERSION,
3230 TLS1_2_VERSION,
3231// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3232#if !defined(BORINGSSL_ANDROID_SYSTEM)
3233 TLS1_3_VERSION,
3234#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3235 };
3236
3237 static uint16_t kDTLSVersions[] = {
3238 DTLS1_VERSION, DTLS1_2_VERSION,
3239 };
3240
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3241 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3242 if (!test_func(false, TLS_method(), version)) {
3243 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3244 return false;
3245 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3246 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3247
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3248 for (uint16_t version : kDTLSVersions) {
3249 if (!test_func(true, DTLS_method(), version)) {
3250 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3251 return false;
3252 }
3253 }
3254
3255 return true;
3256}
3257
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3258TEST(SSLTest, AddChainCertHack) {
3259 // Ensure that we don't accidently break the hack that we have in place to
3260 // keep curl and serf happy when they use an |X509| even after transfering
3261 // ownership.
3262
3263 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3264 ASSERT_TRUE(ctx);
3265 X509 *cert = GetTestCertificate().release();
3266 ASSERT_TRUE(cert);
3267 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3268
3269 // This should not trigger a use-after-free.
3270 X509_cmp(cert, cert);
3271}
3272
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3273TEST(SSLTest, GetCertificate) {
3274 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3275 ASSERT_TRUE(ctx);
3276 bssl::UniquePtr<X509> cert = GetTestCertificate();
3277 ASSERT_TRUE(cert);
3278 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3279 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3280 ASSERT_TRUE(ssl);
3281
3282 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3283 ASSERT_TRUE(cert2);
3284 X509 *cert3 = SSL_get_certificate(ssl.get());
3285 ASSERT_TRUE(cert3);
3286
3287 // The old and new certificates must be identical.
3288 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3289 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3290
3291 uint8_t *der = nullptr;
3292 long der_len = i2d_X509(cert.get(), &der);
3293 ASSERT_LT(0, der_len);
3294 bssl::UniquePtr<uint8_t> free_der(der);
3295
3296 uint8_t *der2 = nullptr;
3297 long der2_len = i2d_X509(cert2, &der2);
3298 ASSERT_LT(0, der2_len);
3299 bssl::UniquePtr<uint8_t> free_der2(der2);
3300
3301 uint8_t *der3 = nullptr;
3302 long der3_len = i2d_X509(cert3, &der3);
3303 ASSERT_LT(0, der3_len);
3304 bssl::UniquePtr<uint8_t> free_der3(der3);
3305
3306 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3307 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3308 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3309}
3310
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3311TEST(SSLTest, SetChainAndKeyMismatch) {
3312 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3313 ASSERT_TRUE(ctx);
3314
3315 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3316 ASSERT_TRUE(key);
3317 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3318 ASSERT_TRUE(leaf);
3319 std::vector<CRYPTO_BUFFER*> chain = {
3320 leaf.get(),
3321 };
3322
3323 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3324 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3325 key.get(), nullptr));
3326 ERR_clear_error();
3327}
3328
3329TEST(SSLTest, SetChainAndKey) {
3330 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3331 ASSERT_TRUE(client_ctx);
3332 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3333 ASSERT_TRUE(server_ctx);
3334
3335 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3336 ASSERT_TRUE(key);
3337 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3338 ASSERT_TRUE(leaf);
3339 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3340 GetChainTestIntermediateBuffer();
3341 ASSERT_TRUE(intermediate);
3342 std::vector<CRYPTO_BUFFER*> chain = {
3343 leaf.get(), intermediate.get(),
3344 };
3345 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3346 chain.size(), key.get(), nullptr));
3347
David Benjamin3a1dd462017-07-11 16:13:10 -0400[diff] [blame]3348 SSL_CTX_set_custom_verify(
3349 client_ctx.get(), SSL_VERIFY_PEER,
3350 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3351 return ssl_verify_ok;
3352 });
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3353
3354 bssl::UniquePtr<SSL> client, server;
3355 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3356 server_ctx.get(),
3357 nullptr /* no session */));
3358}
3359
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3360TEST(SSLTest, ClientCABuffers) {
3361 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3362 ASSERT_TRUE(client_ctx);
3363 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3364 ASSERT_TRUE(server_ctx);
3365
3366 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3367 ASSERT_TRUE(key);
3368 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3369 ASSERT_TRUE(leaf);
3370 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3371 GetChainTestIntermediateBuffer();
3372 ASSERT_TRUE(intermediate);
3373 std::vector<CRYPTO_BUFFER *> chain = {
3374 leaf.get(),
3375 intermediate.get(),
3376 };
3377 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3378 chain.size(), key.get(), nullptr));
3379
3380 bssl::UniquePtr<CRYPTO_BUFFER> ca_name(
3381 CRYPTO_BUFFER_new(kTestName, sizeof(kTestName), nullptr));
3382 ASSERT_TRUE(ca_name);
3383 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names(
3384 sk_CRYPTO_BUFFER_new_null());
3385 ASSERT_TRUE(ca_names);
3386 ASSERT_TRUE(sk_CRYPTO_BUFFER_push(ca_names.get(), ca_name.get()));
3387 ca_name.release();
3388 SSL_CTX_set0_client_CAs(server_ctx.get(), ca_names.release());
3389
3390 // Configure client and server to accept all certificates.
3391 SSL_CTX_set_custom_verify(
3392 client_ctx.get(), SSL_VERIFY_PEER,
3393 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3394 return ssl_verify_ok;
3395 });
3396 SSL_CTX_set_custom_verify(
3397 server_ctx.get(), SSL_VERIFY_PEER,
3398 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3399 return ssl_verify_ok;
3400 });
3401
3402 bool cert_cb_called = false;
3403 SSL_CTX_set_cert_cb(
3404 client_ctx.get(),
3405 [](SSL *ssl, void *arg) -> int {
3406 STACK_OF(CRYPTO_BUFFER) *peer_names =
3407 SSL_get0_server_requested_CAs(ssl);
3408 EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
3409 CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
3410 EXPECT_EQ(Bytes(kTestName), Bytes(CRYPTO_BUFFER_data(peer_name),
3411 CRYPTO_BUFFER_len(peer_name)));
3412 *reinterpret_cast<bool *>(arg) = true;
3413 return 1;
3414 },
3415 &cert_cb_called);
3416
3417 bssl::UniquePtr<SSL> client, server;
3418 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3419 server_ctx.get(),
3420 nullptr /* no session */));
3421 EXPECT_TRUE(cert_cb_called);
3422}
3423
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3424// Configuring the empty cipher list, though an error, should still modify the
3425// configuration.
3426TEST(SSLTest, EmptyCipherList) {
3427 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3428 ASSERT_TRUE(ctx);
3429
3430 // Initially, the cipher list is not empty.
3431 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3432
3433 // Configuring the empty cipher list fails.
3434 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3435 ERR_clear_error();
3436
3437 // But the cipher list is still updated to empty.
3438 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3439}
3440
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3441// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3442// test |SSL_TICKET_AEAD_METHOD| can fail.
3443enum ssl_test_ticket_aead_failure_mode {
3444 ssl_test_ticket_aead_ok = 0,
3445 ssl_test_ticket_aead_seal_fail,
3446 ssl_test_ticket_aead_open_soft_fail,
3447 ssl_test_ticket_aead_open_hard_fail,
3448};
3449
3450struct ssl_test_ticket_aead_state {
3451 unsigned retry_count;
3452 ssl_test_ticket_aead_failure_mode failure_mode;
3453};
3454
3455static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3456 const CRYPTO_EX_DATA *from,
3457 void **from_d, int index,
3458 long argl, void *argp) {
3459 abort();
3460}
3461
3462static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3463 CRYPTO_EX_DATA *ad, int index,
3464 long argl, void *argp) {
3465 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3466 if (state == nullptr) {
3467 return;
3468 }
3469
3470 OPENSSL_free(state);
3471}
3472
3473static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3474static int g_ssl_test_ticket_aead_ex_index;
3475
3476static int ssl_test_ticket_aead_get_ex_index() {
3477 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3478 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3479 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3480 ssl_test_ticket_aead_ex_index_free);
3481 });
3482 return g_ssl_test_ticket_aead_ex_index;
3483}
3484
3485static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3486 return 1;
3487}
3488
3489static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3490 size_t max_out_len, const uint8_t *in,
3491 size_t in_len) {
3492 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3493 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3494
3495 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3496 max_out_len < in_len + 1) {
3497 return 0;
3498 }
3499
3500 OPENSSL_memmove(out, in, in_len);
3501 out[in_len] = 0xff;
3502 *out_len = in_len + 1;
3503
3504 return 1;
3505}
3506
3507static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3508 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3509 const uint8_t *in, size_t in_len) {
3510 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3511 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3512
3513 if (state->retry_count > 0) {
3514 state->retry_count--;
3515 return ssl_ticket_aead_retry;
3516 }
3517
3518 switch (state->failure_mode) {
3519 case ssl_test_ticket_aead_ok:
3520 break;
3521 case ssl_test_ticket_aead_seal_fail:
3522 // If |seal| failed then there shouldn't be any ticket to try and
3523 // decrypt.
3524 abort();
3525 break;
3526 case ssl_test_ticket_aead_open_soft_fail:
3527 return ssl_ticket_aead_ignore_ticket;
3528 case ssl_test_ticket_aead_open_hard_fail:
3529 return ssl_ticket_aead_error;
3530 }
3531
3532 if (in_len == 0 || in[in_len - 1] != 0xff) {
3533 return ssl_ticket_aead_ignore_ticket;
3534 }
3535
3536 if (max_out_len < in_len - 1) {
3537 return ssl_ticket_aead_error;
3538 }
3539
3540 OPENSSL_memmove(out, in, in_len - 1);
3541 *out_len = in_len - 1;
3542 return ssl_ticket_aead_success;
3543}
3544
3545static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3546 ssl_test_ticket_aead_max_overhead,
3547 ssl_test_ticket_aead_seal,
3548 ssl_test_ticket_aead_open,
3549};
3550
3551static void ConnectClientAndServerWithTicketMethod(
3552 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3553 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3554 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3555 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3556 ASSERT_TRUE(client);
3557 ASSERT_TRUE(server);
3558 SSL_set_connect_state(client.get());
3559 SSL_set_accept_state(server.get());
3560
3561 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3562 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3563 ASSERT_TRUE(state);
3564 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3565 state->retry_count = retry_count;
3566 state->failure_mode = failure_mode;
3567
3568 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3569 state));
3570
3571 SSL_set_session(client.get(), session);
3572
3573 BIO *bio1, *bio2;
3574 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3575
3576 // SSL_set_bio takes ownership.
3577 SSL_set_bio(client.get(), bio1, bio1);
3578 SSL_set_bio(server.get(), bio2, bio2);
3579
3580 if (CompleteHandshakes(client.get(), server.get())) {
3581 *out_client = std::move(client);
3582 *out_server = std::move(server);
3583 } else {
3584 out_client->reset();
3585 out_server->reset();
3586 }
3587}
3588
3589class TicketAEADMethodTest
3590 : public ::testing::TestWithParam<testing::tuple<
3591 uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>> {};
3592
3593TEST_P(TicketAEADMethodTest, Resume) {
3594 bssl::UniquePtr<X509> cert = GetTestCertificate();
3595 ASSERT_TRUE(cert);
3596 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3597 ASSERT_TRUE(key);
3598
3599 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3600 ASSERT_TRUE(server_ctx);
3601 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3602 ASSERT_TRUE(client_ctx);
3603
3604 const uint16_t version = testing::get<0>(GetParam());
3605 const unsigned retry_count = testing::get<1>(GetParam());
3606 const ssl_test_ticket_aead_failure_mode failure_mode =
3607 testing::get<2>(GetParam());
3608
3609 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3610 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3611 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3612 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3613 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3614 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3615
3616 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3617 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3618 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3619 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3620 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3621
3622 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3623
3624 bssl::UniquePtr<SSL> client, server;
3625 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3626 server_ctx.get(), retry_count,
3627 failure_mode, nullptr);
3628 switch (failure_mode) {
3629 case ssl_test_ticket_aead_ok:
3630 case ssl_test_ticket_aead_open_hard_fail:
3631 case ssl_test_ticket_aead_open_soft_fail:
3632 ASSERT_TRUE(client);
3633 break;
3634 case ssl_test_ticket_aead_seal_fail:
3635 EXPECT_FALSE(client);
3636 return;
3637 }
3638 EXPECT_FALSE(SSL_session_reused(client.get()));
3639 EXPECT_FALSE(SSL_session_reused(server.get()));
3640
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3641 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3642 SSL_read(client.get(), nullptr, 0);
3643
3644 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3645 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3646 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3647 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3648 switch (failure_mode) {
3649 case ssl_test_ticket_aead_ok:
3650 ASSERT_TRUE(client);
3651 EXPECT_TRUE(SSL_session_reused(client.get()));
3652 EXPECT_TRUE(SSL_session_reused(server.get()));
3653 break;
3654 case ssl_test_ticket_aead_seal_fail:
3655 abort();
3656 break;
3657 case ssl_test_ticket_aead_open_hard_fail:
3658 EXPECT_FALSE(client);
3659 break;
3660 case ssl_test_ticket_aead_open_soft_fail:
3661 ASSERT_TRUE(client);
3662 EXPECT_FALSE(SSL_session_reused(client.get()));
3663 EXPECT_FALSE(SSL_session_reused(server.get()));
3664 }
3665}
3666
3667INSTANTIATE_TEST_CASE_P(
3668 TicketAEADMethodTests, TicketAEADMethodTest,
3669 testing::Combine(
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3670 testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3671 testing::Values(0, 1, 2),
3672 testing::Values(ssl_test_ticket_aead_ok,
3673 ssl_test_ticket_aead_seal_fail,
3674 ssl_test_ticket_aead_open_soft_fail,
3675 ssl_test_ticket_aead_open_hard_fail)));
3676
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3677TEST(SSLTest, SSL3Method) {
3678 bssl::UniquePtr<X509> cert = GetTestCertificate();
3679 ASSERT_TRUE(cert);
3680
3681 // For compatibility, SSLv3_method should work up to SSL_CTX_new and SSL_new.
3682 bssl::UniquePtr<SSL_CTX> ssl3_ctx(SSL_CTX_new(SSLv3_method()));
3683 ASSERT_TRUE(ssl3_ctx);
3684 ASSERT_TRUE(SSL_CTX_use_certificate(ssl3_ctx.get(), cert.get()));
3685 bssl::UniquePtr<SSL> ssl(SSL_new(ssl3_ctx.get()));
3686 EXPECT_TRUE(ssl);
3687
3688 // Create a normal TLS context to test against.
3689 bssl::UniquePtr<SSL_CTX> tls_ctx(SSL_CTX_new(TLS_method()));
3690 ASSERT_TRUE(tls_ctx);
3691 ASSERT_TRUE(SSL_CTX_use_certificate(tls_ctx.get(), cert.get()));
3692
3693 // However, handshaking an SSLv3_method server should fail to resolve the
3694 // version range. Explicit calls to SSL_CTX_set_min_proto_version are the only
3695 // way to enable SSL 3.0.
3696 bssl::UniquePtr<SSL> client, server;
3697 EXPECT_FALSE(ConnectClientAndServer(&client, &server, tls_ctx.get(),
3698 ssl3_ctx.get(),
3699 nullptr /* no session */));
3700 uint32_t err = ERR_get_error();
3701 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3702 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3703
3704 // Likewise for SSLv3_method clients.
3705 EXPECT_FALSE(ConnectClientAndServer(&client, &server, ssl3_ctx.get(),
3706 tls_ctx.get(),
3707 nullptr /* no session */));
3708 err = ERR_get_error();
3709 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3710 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3711}
3712
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]3713TEST(SSLTest, SelectNextProto) {
3714 uint8_t *result;
3715 uint8_t result_len;
3716
3717 // If there is an overlap, it should be returned.
3718 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3719 SSL_select_next_proto(&result, &result_len,
3720 (const uint8_t *)"\1a\2bb\3ccc", 9,
3721 (const uint8_t *)"\1x\1y\1a\1z", 8));
3722 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3723
3724 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3725 SSL_select_next_proto(&result, &result_len,
3726 (const uint8_t *)"\1a\2bb\3ccc", 9,
3727 (const uint8_t *)"\1x\1y\2bb\1z", 9));
3728 EXPECT_EQ(Bytes("bb"), Bytes(result, result_len));
3729
3730 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3731 SSL_select_next_proto(&result, &result_len,
3732 (const uint8_t *)"\1a\2bb\3ccc", 9,
3733 (const uint8_t *)"\1x\1y\3ccc\1z", 10));
3734 EXPECT_EQ(Bytes("ccc"), Bytes(result, result_len));
3735
3736 // Peer preference order takes precedence over local.
3737 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3738 SSL_select_next_proto(&result, &result_len,
3739 (const uint8_t *)"\1a\2bb\3ccc", 9,
3740 (const uint8_t *)"\3ccc\2bb\1a", 9));
3741 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3742
3743 // If there is no overlap, return the first local protocol.
3744 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3745 SSL_select_next_proto(&result, &result_len,
3746 (const uint8_t *)"\1a\2bb\3ccc", 9,
3747 (const uint8_t *)"\1x\2yy\3zzz", 9));
3748 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3749
3750 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3751 SSL_select_next_proto(&result, &result_len, nullptr, 0,
3752 (const uint8_t *)"\1x\2yy\3zzz", 9));
3753 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3754}
3755
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3756TEST(SSLTest, SealRecord) {
3757 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3758 server_ctx(SSL_CTX_new(TLS_method()));
3759 ASSERT_TRUE(client_ctx);
3760 ASSERT_TRUE(server_ctx);
3761
3762 bssl::UniquePtr<X509> cert = GetTestCertificate();
3763 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3764 ASSERT_TRUE(cert);
3765 ASSERT_TRUE(key);
3766 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3767 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3768
3769 bssl::UniquePtr<SSL> client, server;
3770 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3771 server_ctx.get(),
3772 nullptr /* no session */));
3773
3774 const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3775 std::vector<uint8_t> prefix(
3776 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3777 body(record.size()),
3778 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3779 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3780 bssl::MakeSpan(body), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3781 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3782
3783 std::vector<uint8_t> sealed;
3784 sealed.insert(sealed.end(), prefix.begin(), prefix.end());
3785 sealed.insert(sealed.end(), body.begin(), body.end());
3786 sealed.insert(sealed.end(), suffix.begin(), suffix.end());
3787 std::vector<uint8_t> sealed_copy = sealed;
3788
3789 bssl::Span<uint8_t> plaintext;
3790 size_t record_len;
3791 uint8_t alert = 255;
3792 EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
3793 bssl::MakeSpan(sealed)),
3794 bssl::OpenRecordResult::kOK);
3795 EXPECT_EQ(record_len, sealed.size());
3796 EXPECT_EQ(plaintext, record);
3797 EXPECT_EQ(255, alert);
3798}
3799
3800TEST(SSLTest, SealRecordInPlace) {
3801 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3802 server_ctx(SSL_CTX_new(TLS_method()));
3803 ASSERT_TRUE(client_ctx);
3804 ASSERT_TRUE(server_ctx);
3805
3806 bssl::UniquePtr<X509> cert = GetTestCertificate();
3807 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3808 ASSERT_TRUE(cert);
3809 ASSERT_TRUE(key);
3810 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3811 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3812
3813 bssl::UniquePtr<SSL> client, server;
3814 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3815 server_ctx.get(),
3816 nullptr /* no session */));
3817
3818 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3819 std::vector<uint8_t> record = plaintext;
3820 std::vector<uint8_t> prefix(
3821 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3822 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3823 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3824 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3825 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3826 record.insert(record.begin(), prefix.begin(), prefix.end());
3827 record.insert(record.end(), suffix.begin(), suffix.end());
3828
3829 bssl::Span<uint8_t> result;
3830 size_t record_len;
3831 uint8_t alert;
3832 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3833 bssl::MakeSpan(record)),
3834 bssl::OpenRecordResult::kOK);
3835 EXPECT_EQ(record_len, record.size());
3836 EXPECT_EQ(plaintext, result);
3837}
3838
3839TEST(SSLTest, SealRecordTrailingData) {
3840 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3841 server_ctx(SSL_CTX_new(TLS_method()));
3842 ASSERT_TRUE(client_ctx);
3843 ASSERT_TRUE(server_ctx);
3844
3845 bssl::UniquePtr<X509> cert = GetTestCertificate();
3846 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3847 ASSERT_TRUE(cert);
3848 ASSERT_TRUE(key);
3849 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3850 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3851
3852 bssl::UniquePtr<SSL> client, server;
3853 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3854 server_ctx.get(),
3855 nullptr /* no session */));
3856
3857 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3858 std::vector<uint8_t> record = plaintext;
3859 std::vector<uint8_t> prefix(
3860 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3861 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3862 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3863 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3864 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3865 record.insert(record.begin(), prefix.begin(), prefix.end());
3866 record.insert(record.end(), suffix.begin(), suffix.end());
3867 record.insert(record.end(), {5, 4, 3, 2, 1});
3868
3869 bssl::Span<uint8_t> result;
3870 size_t record_len;
3871 uint8_t alert;
3872 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3873 bssl::MakeSpan(record)),
3874 bssl::OpenRecordResult::kOK);
3875 EXPECT_EQ(record_len, record.size() - 5);
3876 EXPECT_EQ(plaintext, result);
3877}
3878
3879TEST(SSLTest, SealRecordInvalidSpanSize) {
3880 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3881 server_ctx(SSL_CTX_new(TLS_method()));
3882 ASSERT_TRUE(client_ctx);
3883 ASSERT_TRUE(server_ctx);
3884
3885 bssl::UniquePtr<X509> cert = GetTestCertificate();
3886 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3887 ASSERT_TRUE(cert);
3888 ASSERT_TRUE(key);
3889 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3890 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3891
3892 bssl::UniquePtr<SSL> client, server;
3893 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3894 server_ctx.get(),
3895 nullptr /* no session */));
3896
3897 std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3898 std::vector<uint8_t> prefix(
3899 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3900 body(record.size()),
3901 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3902
3903 auto expect_err = []() {
3904 int err = ERR_get_error();
3905 EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
3906 EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
3907 ERR_clear_error();
3908 };
3909 EXPECT_FALSE(bssl::SealRecord(
3910 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3911 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3912 expect_err();
3913 EXPECT_FALSE(bssl::SealRecord(
3914 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3915 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3916 expect_err();
3917
3918 EXPECT_FALSE(
3919 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3920 bssl::MakeSpan(record.data(), record.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3921 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3922 expect_err();
3923 EXPECT_FALSE(
3924 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3925 bssl::MakeSpan(record.data(), record.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3926 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3927 expect_err();
3928
3929 EXPECT_FALSE(bssl::SealRecord(
3930 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3931 bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3932 expect_err();
3933 EXPECT_FALSE(bssl::SealRecord(
3934 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3935 bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3936 expect_err();
3937}
3938
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3939// TODO(davidben): Convert this file to GTest properly.
3940TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]3941 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3942 !TestSSL_SESSIONEncoding(kCustomSession) ||
3943 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3944 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3945 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3946 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3947 // Test the padding extension at TLS 1.2.
3948 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3949 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3950 // will be no PSK binder after the padding extension.
3951 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3952 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3953 // will be a PSK binder after the padding extension.
3954 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3955 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3956 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3957 !ForEachVersion(TestGetPeerCertificate) ||
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]3958 !ForEachVersion(TestNoPeerCertificate) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3959 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3960 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3961 !ForEachVersion(TestSessionIDContext) ||
3962 !ForEachVersion(TestSessionTimeout) ||
3963 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3964 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3965 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3966 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3967 !ForEachVersion(TestAutoChain) ||
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]3968 !ForEachVersion(TestSSLWriteRetry) ||
3969 !ForEachVersion(TestRecordCallback)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3970 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3971 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3972}