Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 721e8b79a90ece5d49ac3c673127e9e9089f830e / . / ssl / ssl_test.cc
blob: c2ce99baa30423f4c4fe0bf6c5a37c86c8353af7 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]24#include <openssl/base64.h>
25#include <openssl/bio.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]26#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]27#include <openssl/err.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]28#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]29#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/ssl.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]31#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]32
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]33#include "internal.h"
Adam Langleyd2b5af52016-07-12 08:03:59 -0700[diff] [blame]34#include "test/scoped_types.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]35#include "../crypto/test/test_util.h"
36
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame^]37#if defined(OPENSSL_WINDOWS)
38/* Windows defines struct timeval in winsock2.h. */
39OPENSSL_MSVC_PRAGMA(warning(push, 3))
40#include <winsock2.h>
41OPENSSL_MSVC_PRAGMA(warning(pop))
42#else
43#include <sys/time.h>
44#endif
45
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]46
47struct ExpectedCipher {
48 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]49 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]50};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]51
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]52struct CipherTest {
53 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]55 // The list of expected ciphers, in order.
56 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]58
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]59static const CipherTest kCipherTests[] = {
60 // Selecting individual ciphers should work.
61 {
62 "ECDHE-ECDSA-CHACHA20-POLY1305:"
63 "ECDHE-RSA-CHACHA20-POLY1305:"
64 "ECDHE-ECDSA-AES128-GCM-SHA256:"
65 "ECDHE-RSA-AES128-GCM-SHA256",
66 {
67 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
68 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
69 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
70 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
71 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
72 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
73 },
74 },
75 // + reorders selected ciphers to the end, keeping their relative order.
76 {
77 "ECDHE-ECDSA-CHACHA20-POLY1305:"
78 "ECDHE-RSA-CHACHA20-POLY1305:"
79 "ECDHE-ECDSA-AES128-GCM-SHA256:"
80 "ECDHE-RSA-AES128-GCM-SHA256:"
81 "+aRSA",
82 {
83 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
84 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
85 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
86 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
87 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
88 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
89 },
90 },
91 // ! banishes ciphers from future selections.
92 {
93 "!aRSA:"
94 "ECDHE-ECDSA-CHACHA20-POLY1305:"
95 "ECDHE-RSA-CHACHA20-POLY1305:"
96 "ECDHE-ECDSA-AES128-GCM-SHA256:"
97 "ECDHE-RSA-AES128-GCM-SHA256",
98 {
99 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
100 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
101 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
102 },
103 },
104 // Multiple masks can be ANDed in a single rule.
105 {
106 "kRSA+AESGCM+AES128",
107 {
108 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
109 },
110 },
111 // - removes selected ciphers, but preserves their order for future
112 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
113 // ECDHE_RSA.
114 {
115 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
116 "AESGCM+AES128+aRSA",
117 {
118 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
119 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
120 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
122 },
123 // Unknown selectors are no-ops.
124 {
125 "ECDHE-ECDSA-CHACHA20-POLY1305:"
126 "ECDHE-RSA-CHACHA20-POLY1305:"
127 "ECDHE-ECDSA-AES128-GCM-SHA256:"
128 "ECDHE-RSA-AES128-GCM-SHA256:"
129 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
130 {
131 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
132 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
133 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
134 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
135 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
136 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
137 },
138 },
139 // Square brackets specify equi-preference groups.
140 {
141 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
142 "[ECDHE-RSA-CHACHA20-POLY1305]:"
143 "ECDHE-RSA-AES128-GCM-SHA256",
144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
146 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1},
147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1},
149 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
150 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
151 },
152 },
153 // @STRENGTH performs a stable strength-sort of the selected ciphers and
154 // only the selected ciphers.
155 {
156 // To simplify things, banish all but {ECDHE_RSA,RSA} x
157 // {CHACHA20,AES_256_CBC,AES_128_CBC,RC4} x SHA1.
158 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
159 // Order some ciphers backwards by strength.
160 "ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:"
161 // Select ECDHE ones and sort them by strength. Ties should resolve
162 // based on the order above.
163 "kECDHE:@STRENGTH:-ALL:"
164 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
165 // by strength. Then RSA, backwards by strength.
166 "aRSA",
167 {
168 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
169 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
170 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
171 {TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0},
172 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
173 {SSL3_CK_RSA_RC4_128_SHA, 0},
174 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
175 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
176 },
177 },
178 // Exact ciphers may not be used in multi-part rules; they are treated
179 // as unknown aliases.
180 {
181 "ECDHE-ECDSA-AES128-GCM-SHA256:"
182 "ECDHE-RSA-AES128-GCM-SHA256:"
183 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
184 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
185 {
186 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
187 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
188 },
189 },
190 // SSLv3 matches everything that existed before TLS 1.2.
191 {
192 "AES128-SHA:AES128-SHA256:!SSLv3",
193 {
194 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
195 },
196 },
197 // TLSv1.2 matches everything added in TLS 1.2.
198 {
199 "AES128-SHA:AES128-SHA256:!TLSv1.2",
200 {
201 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
202 },
203 },
204 // The two directives have no intersection.
205 {
206 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
207 {
208 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
209 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
210 },
211 },
212 // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher
213 // name and not an alias. It may not be used in a multipart rule. (That the
214 // shared name works is covered by the standard tests.)
215 {
216 "ECDHE-ECDSA-CHACHA20-POLY1305:"
217 "ECDHE-RSA-CHACHA20-POLY1305:"
218 "!ECDHE-RSA-CHACHA20-POLY1305+RSA:"
219 "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305",
220 {
221 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
222 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
223 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
224 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
225 },
226 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]227};
228
229static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]230 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]231 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
232 "RSA]",
233 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]234 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]235 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]236 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]237 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]238 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]239 "",
240 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]241 // COMPLEMENTOFDEFAULT is empty.
242 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]243 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]244 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]245 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]246 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
247 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
248 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
249 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]250};
251
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]252static const char *kMustNotIncludeNull[] = {
253 "ALL",
254 "DEFAULT",
255 "ALL:!eNULL",
256 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]257 "MEDIUM",
258 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]259 "FIPS",
260 "SHA",
261 "SHA1",
262 "RSA",
263 "SSLv3",
264 "TLSv1",
265 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]266};
267
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]268static const char *kMustNotIncludeCECPQ1[] = {
269 "ALL",
270 "DEFAULT",
271 "MEDIUM",
272 "HIGH",
273 "FIPS",
274 "SHA",
275 "SHA1",
276 "SHA256",
277 "SHA384",
278 "RSA",
279 "SSLv3",
280 "TLSv1",
281 "TLSv1.2",
282 "aRSA",
283 "RSA",
284 "aECDSA",
285 "ECDSA",
286 "AES",
287 "AES128",
288 "AES256",
289 "AESGCM",
290 "CHACHA20",
291};
292
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]293static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
294 bool in_group = false;
295 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]296 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
297 if (!in_group && list->in_group_flags[i]) {
298 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]299 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]300 }
301 fprintf(stderr, "\t");
302 if (in_group) {
303 fprintf(stderr, " ");
304 }
305 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
306 if (in_group && !list->in_group_flags[i]) {
307 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]308 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]309 }
310 }
311}
312
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]313static bool TestCipherRule(const CipherTest &t) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]314 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
315 if (!ctx) {
316 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]317 }
318
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]319 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
320 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]321 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]322 }
323
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]324 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]325 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
326 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
327 PrintCipherPreferenceList(ctx->cipher_list);
328 return false;
329 }
330
331 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]332 const SSL_CIPHER *cipher =
333 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]334 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
335 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
336 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]337 PrintCipherPreferenceList(ctx->cipher_list);
338 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]339 }
340 }
341
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]342 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]343}
344
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]345static bool TestRuleDoesNotIncludeNull(const char *rule) {
346 ScopedSSL_CTX ctx(SSL_CTX_new(SSLv23_server_method()));
347 if (!ctx) {
348 return false;
349 }
350 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
351 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
352 return false;
353 }
354 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
355 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
356 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
357 return false;
358 }
359 }
360 return true;
361}
362
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]363static bool TestRuleDoesNotIncludeCECPQ1(const char *rule) {
364 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
365 if (!ctx) {
366 return false;
367 }
368 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
369 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
370 return false;
371 }
372 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
373 if (SSL_CIPHER_is_CECPQ1(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
374 fprintf(stderr, "Error: cipher rule '%s' includes CECPQ1\n",rule);
375 return false;
376 }
377 }
378 return true;
379}
380
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]381static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]382 for (const CipherTest &test : kCipherTests) {
383 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]384 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]385 }
386 }
387
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]388 for (const char *rule : kBadRules) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]389 ScopedSSL_CTX ctx(SSL_CTX_new(SSLv23_server_method()));
390 if (!ctx) {
391 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]392 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]393 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
394 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]395 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]396 }
397 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]398 }
399
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]400 for (const char *rule : kMustNotIncludeNull) {
401 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]402 return false;
403 }
404 }
405
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]406 for (const char *rule : kMustNotIncludeCECPQ1) {
407 if (!TestRuleDoesNotIncludeCECPQ1(rule)) {
408 return false;
409 }
410 }
411
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]412 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]413}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]414
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]415// kOpenSSLSession is a serialized SSL_SESSION generated from openssl
416// s_client -sess_out.
417static const char kOpenSSLSession[] =
418 "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
419 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
420 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
421 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
422 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
423 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
424 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
425 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
426 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
427 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
428 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
429 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
430 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
431 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
432 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
433 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
434 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
435 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
436 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
437 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
438 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
439 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
440 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
441 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
442 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
443 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
444 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
445 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
446 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
447 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
448 "i4gv7Y5oliyn";
449
450// kCustomSession is a custom serialized SSL_SESSION generated by
451// filling in missing fields from |kOpenSSLSession|. This includes
452// providing |peer_sha256|, so |peer| is not serialized.
453static const char kCustomSession[] =
454 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
455 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
456 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
457 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
458 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
459 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
460 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
461 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
462
463// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
464static const char kBoringSSLSession[] =
465 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
466 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
467 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
468 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
469 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
470 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
471 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
472 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
473 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
474 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
475 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
476 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
477 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
478 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
479 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
480 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
481 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
482 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
483 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
484 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
485 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
486 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
487 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
488 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
489 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
490 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
491 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
492 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
493 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
494 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
495 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
496 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
497 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
498 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
499 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
500 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
501 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
502 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
503 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
504 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
505 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
506 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
507 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
508 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
509 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
510 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
511 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
512 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
513 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
514 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
515 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
516 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
517 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
518 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
519 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
520 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
521 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
522 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
523 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
524 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
525 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
526 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
527 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
528 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
529 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
530 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
531 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
532 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
533 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
534 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
535 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
536 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
537 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
538 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
539 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
540 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
541 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
542 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
543 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
544 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
545 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
546 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
547 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
548 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
549 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
550 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
551 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
552 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
553 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
554 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
555 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
556 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
557 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
558 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
559 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
560
561// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
562// the final (optional) element of |kCustomSession| with tag number 30.
563static const char kBadSessionExtraField[] =
564 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
565 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
566 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
567 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
568 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
569 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
570 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
571 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
572
573// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
574// the version of |kCustomSession| with 2.
575static const char kBadSessionVersion[] =
576 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
577 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
578 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
579 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
580 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
581 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
582 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
583 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
584
585// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
586// appended.
587static const char kBadSessionTrailingData[] =
588 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
589 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
590 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
591 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
592 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
593 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
594 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
595 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
596
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]597static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]598 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]599 if (!EVP_DecodedLength(&len, strlen(in))) {
600 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]601 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]602 }
603
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]604 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]605 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]606 strlen(in))) {
607 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]608 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]609 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]610 out->resize(len);
611 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]612}
613
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]614static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]615 const uint8_t *cptr;
616 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]617
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]618 // Decode the input.
619 std::vector<uint8_t> input;
620 if (!DecodeBase64(&input, input_b64)) {
621 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]622 }
623
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]624 // Verify the SSL_SESSION decodes.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]625 ScopedSSL_SESSION session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]626 if (!session) {
627 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]628 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]629 }
630
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]631 // Verify the SSL_SESSION encoding round-trips.
632 size_t encoded_len;
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]633 ScopedOpenSSLBytes encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]634 uint8_t *encoded_raw;
635 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]636 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]637 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]638 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]639 encoded.reset(encoded_raw);
640 if (encoded_len != input.size() ||
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]641 memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]642 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]643 hexdump(stderr, "Before: ", input.data(), input.size());
644 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]645 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]646 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]647
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]648 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]649 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]650 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]651 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]652 fprintf(stderr, "d2i_SSL_SESSION failed\n");
653 return false;
654 }
655
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]656 // Verify the SSL_SESSION encoding round-trips via the legacy API.
657 int len = i2d_SSL_SESSION(session.get(), NULL);
658 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]659 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]660 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]661 }
662
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]663 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
664 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]665 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]666 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]667 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]668
669 ptr = encoded.get();
670 len = i2d_SSL_SESSION(session.get(), &ptr);
671 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]672 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]673 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]674 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]675 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]676 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]677 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]678 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]679 if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]680 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 }
683
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]684 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]685}
686
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]687static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
688 std::vector<uint8_t> input;
689 if (!DecodeBase64(&input, input_b64)) {
690 return false;
691 }
692
693 // Verify that the SSL_SESSION fails to decode.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]694 ScopedSSL_SESSION session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]695 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]696 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]697 return false;
698 }
699 ERR_clear_error();
700 return true;
701}
702
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]703static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]704 const SSL_METHOD *(*method)(void)) {
705 ScopedSSL_CTX ctx(SSL_CTX_new(method()));
706 if (!ctx) {
707 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]708 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]709 if (ctx->min_version != min_version || ctx->max_version != max_version) {
710 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
711 ctx->min_version, ctx->max_version, min_version, max_version);
712 return false;
713 }
714 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]715}
716
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]717static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]718 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
719 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]720 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]721 }
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]722 ScopedOpenSSLString rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]723 if (!rfc_name) {
724 return false;
725 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]726 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]727 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]728}
729
730typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]731 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]732 const char *rfc_name;
733} CIPHER_RFC_NAME_TEST;
734
735static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]736 { SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
737 { SSL3_CK_RSA_RC4_128_MD5, "TLS_RSA_WITH_RC4_MD5" },
738 { TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA" },
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]739 { TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
740 { TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
741 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" },
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]742 { TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
743 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" },
744 { TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
745 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" },
746 { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
747 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" },
748 { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
749 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" },
750 { TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
751 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" },
752 { TLS1_CK_PSK_WITH_RC4_128_SHA, "TLS_PSK_WITH_RC4_SHA" },
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]753 { TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
754 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" },
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]755 { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
756 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]757 // These names are non-standard:
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]758 { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]759 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]760 { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]761 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" },
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]762};
763
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]764static bool TestCipherGetRFCName(void) {
765 for (size_t i = 0;
766 i < sizeof(kCipherRFCNameTests) / sizeof(kCipherRFCNameTests[0]); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]767 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 std::string rfc_name;
769 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
770 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
771 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]772 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]773 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]774 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]775 rfc_name.c_str(), test->rfc_name);
776 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]777 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]778 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]779 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]780}
781
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]782// CreateSessionWithTicket returns a sample |SSL_SESSION| with the ticket
783// replaced for one of length |ticket_len| or nullptr on failure.
784static ScopedSSL_SESSION CreateSessionWithTicket(size_t ticket_len) {
785 std::vector<uint8_t> der;
786 if (!DecodeBase64(&der, kOpenSSLSession)) {
787 return nullptr;
788 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]789 ScopedSSL_SESSION session(SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]790 if (!session) {
791 return nullptr;
792 }
793
794 // Swap out the ticket for a garbage one.
795 OPENSSL_free(session->tlsext_tick);
796 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
797 if (session->tlsext_tick == nullptr) {
798 return nullptr;
799 }
800 memset(session->tlsext_tick, 'a', ticket_len);
801 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]802
803 // Fix up the timeout.
804 session->time = time(NULL);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]805 return session;
806}
807
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]808static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
809 ScopedBIO bio(BIO_new(BIO_s_mem()));
810 if (!bio) {
811 return false;
812 }
813 // Do not configure a reading BIO, but record what's written to a memory BIO.
814 SSL_set_bio(ssl, nullptr /* rbio */, BIO_up_ref(bio.get()));
815 int ret = SSL_connect(ssl);
816 if (ret > 0) {
817 // SSL_connect should fail without a BIO to write to.
818 return false;
819 }
820 ERR_clear_error();
821
822 const uint8_t *client_hello;
823 size_t client_hello_len;
824 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
825 return false;
826 }
827 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
828 return true;
829}
830
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]831// GetClientHelloLen creates a client SSL connection with a ticket of length
832// |ticket_len| and records the ClientHello. It returns the length of the
833// ClientHello, not including the record header, on success and zero on error.
834static size_t GetClientHelloLen(size_t ticket_len) {
835 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
836 ScopedSSL_SESSION session = CreateSessionWithTicket(ticket_len);
837 if (!ctx || !session) {
838 return 0;
839 }
840 ScopedSSL ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]841 if (!ssl || !SSL_set_session(ssl.get(), session.get())) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]842 return 0;
843 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]844 std::vector<uint8_t> client_hello;
845 if (!GetClientHello(ssl.get(), &client_hello) ||
846 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]847 return 0;
848 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]849 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]850}
851
852struct PaddingTest {
853 size_t input_len, padded_len;
854};
855
856static const PaddingTest kPaddingTests[] = {
857 // ClientHellos of length below 0x100 do not require padding.
858 {0xfe, 0xfe},
859 {0xff, 0xff},
860 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
861 {0x100, 0x200},
862 {0x123, 0x200},
863 {0x1fb, 0x200},
864 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
865 // padding extension takes a minimum of four bytes plus one required content
866 // byte. (To work around yet more server bugs, we avoid empty final
867 // extensions.)
868 {0x1fc, 0x201},
869 {0x1fd, 0x202},
870 {0x1fe, 0x203},
871 {0x1ff, 0x204},
872 // Finally, larger ClientHellos need no padding.
873 {0x200, 0x200},
874 {0x201, 0x201},
875};
876
877static bool TestPaddingExtension() {
878 // Sample a baseline length.
879 size_t base_len = GetClientHelloLen(1);
880 if (base_len == 0) {
881 return false;
882 }
883
884 for (const PaddingTest &test : kPaddingTests) {
885 if (base_len > test.input_len) {
886 fprintf(stderr, "Baseline ClientHello too long.\n");
887 return false;
888 }
889
890 size_t padded_len = GetClientHelloLen(1 + test.input_len - base_len);
891 if (padded_len != test.padded_len) {
892 fprintf(stderr, "%u-byte ClientHello padded to %u bytes, not %u.\n",
893 static_cast<unsigned>(test.input_len),
894 static_cast<unsigned>(padded_len),
895 static_cast<unsigned>(test.padded_len));
896 return false;
897 }
898 }
899 return true;
900}
901
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]902// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
903// before configuring as a server.
904static bool TestClientCAList() {
905 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
906 if (!ctx) {
907 return false;
908 }
909 ScopedSSL ssl(SSL_new(ctx.get()));
910 if (!ssl) {
911 return false;
912 }
913
914 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
915 if (stack == nullptr) {
916 return false;
917 }
918 // |SSL_set_client_CA_list| takes ownership.
919 SSL_set_client_CA_list(ssl.get(), stack);
920
921 return SSL_get_client_CA_list(ssl.get()) == stack;
922}
923
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]924static void AppendSession(SSL_SESSION *session, void *arg) {
925 std::vector<SSL_SESSION*> *out =
926 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
927 out->push_back(session);
928}
929
930// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
931// order.
932static bool ExpectCache(SSL_CTX *ctx,
933 const std::vector<SSL_SESSION*> &expected) {
934 // Check the linked list.
935 SSL_SESSION *ptr = ctx->session_cache_head;
936 for (SSL_SESSION *session : expected) {
937 if (ptr != session) {
938 return false;
939 }
940 // TODO(davidben): This is an absurd way to denote the end of the list.
941 if (ptr->next ==
942 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
943 ptr = nullptr;
944 } else {
945 ptr = ptr->next;
946 }
947 }
948 if (ptr != nullptr) {
949 return false;
950 }
951
952 // Check the hash table.
953 std::vector<SSL_SESSION*> actual, expected_copy;
954 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
955 expected_copy = expected;
956
957 std::sort(actual.begin(), actual.end());
958 std::sort(expected_copy.begin(), expected_copy.end());
959
960 return actual == expected_copy;
961}
962
963static ScopedSSL_SESSION CreateTestSession(uint32_t number) {
964 ScopedSSL_SESSION ret(SSL_SESSION_new());
965 if (!ret) {
966 return nullptr;
967 }
968
969 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
970 memset(ret->session_id, 0, ret->session_id_length);
971 memcpy(ret->session_id, &number, sizeof(number));
972 return ret;
973}
974
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]975// Test that the internal session cache behaves as expected.
976static bool TestInternalSessionCache() {
977 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
978 if (!ctx) {
979 return false;
980 }
981
982 // Prepare 10 test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]983 std::vector<ScopedSSL_SESSION> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]984 for (int i = 0; i < 10; i++) {
985 ScopedSSL_SESSION session = CreateTestSession(i);
986 if (!session) {
987 return false;
988 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]989 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]990 }
991
992 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
993
994 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]995 for (const auto &session : sessions) {
996 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]997 return false;
998 }
999 }
1000
1001 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1002 std::vector<SSL_SESSION*> expected = {
1003 sessions[9].get(),
1004 sessions[8].get(),
1005 sessions[7].get(),
1006 sessions[6].get(),
1007 sessions[5].get(),
1008 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1009 if (!ExpectCache(ctx.get(), expected)) {
1010 return false;
1011 }
1012
1013 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1014 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1015 !ExpectCache(ctx.get(), expected)) {
1016 return false;
1017 }
1018
1019 // Although collisions should be impossible (256-bit session IDs), the cache
1020 // must handle them gracefully.
1021 ScopedSSL_SESSION collision(CreateTestSession(7));
1022 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1023 return false;
1024 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1025 expected = {
1026 collision.get(),
1027 sessions[9].get(),
1028 sessions[8].get(),
1029 sessions[6].get(),
1030 sessions[5].get(),
1031 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1032 if (!ExpectCache(ctx.get(), expected)) {
1033 return false;
1034 }
1035
1036 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1037 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1038 return false;
1039 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1040 expected = {
1041 collision.get(),
1042 sessions[9].get(),
1043 sessions[8].get(),
1044 sessions[5].get(),
1045 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1046 if (!ExpectCache(ctx.get(), expected)) {
1047 return false;
1048 }
1049
1050 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1051 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1052 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1053 !ExpectCache(ctx.get(), expected)) {
1054 return false;
1055 }
1056
1057 return true;
1058}
1059
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1060static uint16_t EpochFromSequence(uint64_t seq) {
1061 return static_cast<uint16_t>(seq >> 48);
1062}
1063
1064static ScopedX509 GetTestCertificate() {
1065 static const char kCertPEM[] =
1066 "-----BEGIN CERTIFICATE-----\n"
1067 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1068 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1069 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1070 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1071 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1072 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1073 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1074 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1075 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1076 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1077 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1078 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1079 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1080 "-----END CERTIFICATE-----\n";
Steven Valdezd8eea142016-02-24 14:00:22 -0500[diff] [blame]1081 ScopedBIO bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1082 return ScopedX509(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1083}
1084
1085static ScopedEVP_PKEY GetTestKey() {
1086 static const char kKeyPEM[] =
1087 "-----BEGIN RSA PRIVATE KEY-----\n"
1088 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1089 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1090 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1091 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1092 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1093 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1094 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1095 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1096 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1097 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1098 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1099 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1100 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1101 "-----END RSA PRIVATE KEY-----\n";
Steven Valdezd8eea142016-02-24 14:00:22 -0500[diff] [blame]1102 ScopedBIO bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1103 return ScopedEVP_PKEY(
1104 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1105}
1106
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1107static bool ConnectClientAndServer(ScopedSSL *out_client, ScopedSSL *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1108 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1109 SSL_SESSION *session) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1110 ScopedSSL client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1111 if (!client || !server) {
1112 return false;
1113 }
1114 SSL_set_connect_state(client.get());
1115 SSL_set_accept_state(server.get());
1116
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1117 SSL_set_session(client.get(), session);
1118
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1119 BIO *bio1, *bio2;
1120 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1121 return false;
1122 }
1123 // SSL_set_bio takes ownership.
1124 SSL_set_bio(client.get(), bio1, bio1);
1125 SSL_set_bio(server.get(), bio2, bio2);
1126
1127 // Drive both their handshakes to completion.
1128 for (;;) {
1129 int client_ret = SSL_do_handshake(client.get());
1130 int client_err = SSL_get_error(client.get(), client_ret);
1131 if (client_err != SSL_ERROR_NONE &&
1132 client_err != SSL_ERROR_WANT_READ &&
1133 client_err != SSL_ERROR_WANT_WRITE) {
1134 fprintf(stderr, "Client error: %d\n", client_err);
1135 return false;
1136 }
1137
1138 int server_ret = SSL_do_handshake(server.get());
1139 int server_err = SSL_get_error(server.get(), server_ret);
1140 if (server_err != SSL_ERROR_NONE &&
1141 server_err != SSL_ERROR_WANT_READ &&
1142 server_err != SSL_ERROR_WANT_WRITE) {
1143 fprintf(stderr, "Server error: %d\n", server_err);
1144 return false;
1145 }
1146
1147 if (client_ret == 1 && server_ret == 1) {
1148 break;
1149 }
1150 }
1151
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1152 *out_client = std::move(client);
1153 *out_server = std::move(server);
1154 return true;
1155}
1156
1157static bool TestSequenceNumber(bool dtls) {
1158 ScopedSSL_CTX client_ctx(SSL_CTX_new(dtls ? DTLS_method() : TLS_method()));
1159 ScopedSSL_CTX server_ctx(SSL_CTX_new(dtls ? DTLS_method() : TLS_method()));
1160 if (!client_ctx || !server_ctx) {
1161 return false;
1162 }
1163
1164 ScopedX509 cert = GetTestCertificate();
1165 ScopedEVP_PKEY key = GetTestKey();
1166 if (!cert || !key ||
1167 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1168 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1169 return false;
1170 }
1171
1172 ScopedSSL client, server;
1173 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1174 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1175 return false;
1176 }
1177
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1178 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1179 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1180 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1181 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
1182
1183 if (dtls) {
1184 // Both client and server must be at epoch 1.
1185 if (EpochFromSequence(client_read_seq) != 1 ||
1186 EpochFromSequence(client_write_seq) != 1 ||
1187 EpochFromSequence(server_read_seq) != 1 ||
1188 EpochFromSequence(server_write_seq) != 1) {
1189 fprintf(stderr, "Bad epochs.\n");
1190 return false;
1191 }
1192
1193 // The next record to be written should exceed the largest received.
1194 if (client_write_seq <= server_read_seq ||
1195 server_write_seq <= client_read_seq) {
1196 fprintf(stderr, "Inconsistent sequence numbers.\n");
1197 return false;
1198 }
1199 } else {
1200 // The next record to be written should equal the next to be received.
1201 if (client_write_seq != server_read_seq ||
1202 server_write_seq != client_write_seq) {
1203 fprintf(stderr, "Inconsistent sequence numbers.\n");
1204 return false;
1205 }
1206 }
1207
1208 // Send a record from client to server.
1209 uint8_t byte = 0;
1210 if (SSL_write(client.get(), &byte, 1) != 1 ||
1211 SSL_read(server.get(), &byte, 1) != 1) {
1212 fprintf(stderr, "Could not send byte.\n");
1213 return false;
1214 }
1215
1216 // The client write and server read sequence numbers should have incremented.
1217 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1218 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1219 fprintf(stderr, "Sequence numbers did not increment.\n");\
1220 return false;
1221 }
1222
1223 return true;
1224}
1225
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1226static bool TestOneSidedShutdown() {
1227 ScopedSSL_CTX client_ctx(SSL_CTX_new(TLS_method()));
1228 ScopedSSL_CTX server_ctx(SSL_CTX_new(TLS_method()));
1229 if (!client_ctx || !server_ctx) {
1230 return false;
1231 }
1232
1233 ScopedX509 cert = GetTestCertificate();
1234 ScopedEVP_PKEY key = GetTestKey();
1235 if (!cert || !key ||
1236 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1237 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1238 return false;
1239 }
1240
1241 ScopedSSL client, server;
1242 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1243 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1244 return false;
1245 }
1246
1247 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1248 // one side has shut down.
1249 if (SSL_shutdown(client.get()) != 0) {
1250 fprintf(stderr, "Could not shutdown.\n");
1251 return false;
1252 }
1253
1254 // Reading from the server should consume the EOF.
1255 uint8_t byte;
1256 if (SSL_read(server.get(), &byte, 1) != 0 ||
1257 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1258 fprintf(stderr, "Connection was not shut down cleanly.\n");
1259 return false;
1260 }
1261
1262 // However, the server may continue to write data and then shut down the
1263 // connection.
1264 byte = 42;
1265 if (SSL_write(server.get(), &byte, 1) != 1 ||
1266 SSL_read(client.get(), &byte, 1) != 1 ||
1267 byte != 42) {
1268 fprintf(stderr, "Could not send byte.\n");
1269 return false;
1270 }
1271
1272 // The server may then shutdown the connection.
1273 if (SSL_shutdown(server.get()) != 1 ||
1274 SSL_shutdown(client.get()) != 1) {
1275 fprintf(stderr, "Could not complete shutdown.\n");
1276 return false;
1277 }
1278
1279 return true;
1280}
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1281static bool TestSessionDuplication() {
1282 ScopedSSL_CTX client_ctx(SSL_CTX_new(TLS_method()));
1283 ScopedSSL_CTX server_ctx(SSL_CTX_new(TLS_method()));
1284 if (!client_ctx || !server_ctx) {
1285 return false;
1286 }
1287
1288 ScopedX509 cert = GetTestCertificate();
1289 ScopedEVP_PKEY key = GetTestKey();
1290 if (!cert || !key ||
1291 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1292 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1293 return false;
1294 }
1295
1296 ScopedSSL client, server;
1297 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1298 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1299 return false;
1300 }
1301
1302 SSL_SESSION *session0 = SSL_get_session(client.get());
1303 ScopedSSL_SESSION session1(SSL_SESSION_dup(session0, 1));
1304 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1305 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1306 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1307
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1308 uint8_t *s0_bytes, *s1_bytes;
1309 size_t s0_len, s1_len;
1310
1311 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1312 return false;
1313 }
1314 ScopedOpenSSLBytes free_s0(s0_bytes);
1315
1316 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1317 return false;
1318 }
1319 ScopedOpenSSLBytes free_s1(s1_bytes);
1320
1321 return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
1322}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1323
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1324static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1325 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1326 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1327 SSL_get_wfd(ssl), rfd, wfd);
1328 return false;
1329 }
1330
1331 // The wrapper BIOs are always equal when fds are equal, even if set
1332 // individually.
1333 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1334 fprintf(stderr, "rbio and wbio did not match.\n");
1335 return false;
1336 }
1337
1338 return true;
1339}
1340
1341static bool TestSetFD() {
1342 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1343 if (!ctx) {
1344 return false;
1345 }
1346
1347 // Test setting different read and write FDs.
1348 ScopedSSL ssl(SSL_new(ctx.get()));
1349 if (!ssl ||
1350 !SSL_set_rfd(ssl.get(), 1) ||
1351 !SSL_set_wfd(ssl.get(), 2) ||
1352 !ExpectFDs(ssl.get(), 1, 2)) {
1353 return false;
1354 }
1355
1356 // Test setting the same FD.
1357 ssl.reset(SSL_new(ctx.get()));
1358 if (!ssl ||
1359 !SSL_set_fd(ssl.get(), 1) ||
1360 !ExpectFDs(ssl.get(), 1, 1)) {
1361 return false;
1362 }
1363
1364 // Test setting the same FD one side at a time.
1365 ssl.reset(SSL_new(ctx.get()));
1366 if (!ssl ||
1367 !SSL_set_rfd(ssl.get(), 1) ||
1368 !SSL_set_wfd(ssl.get(), 1) ||
1369 !ExpectFDs(ssl.get(), 1, 1)) {
1370 return false;
1371 }
1372
1373 // Test setting the same FD in the other order.
1374 ssl.reset(SSL_new(ctx.get()));
1375 if (!ssl ||
1376 !SSL_set_wfd(ssl.get(), 1) ||
1377 !SSL_set_rfd(ssl.get(), 1) ||
1378 !ExpectFDs(ssl.get(), 1, 1)) {
1379 return false;
1380 }
1381
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1382 // Test changing the read FD partway through.
1383 ssl.reset(SSL_new(ctx.get()));
1384 if (!ssl ||
1385 !SSL_set_fd(ssl.get(), 1) ||
1386 !SSL_set_rfd(ssl.get(), 2) ||
1387 !ExpectFDs(ssl.get(), 2, 1)) {
1388 return false;
1389 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1390
1391 // Test changing the write FD partway through.
1392 ssl.reset(SSL_new(ctx.get()));
1393 if (!ssl ||
1394 !SSL_set_fd(ssl.get(), 1) ||
1395 !SSL_set_wfd(ssl.get(), 2) ||
1396 !ExpectFDs(ssl.get(), 1, 2)) {
1397 return false;
1398 }
1399
1400 // Test a no-op change to the read FD partway through.
1401 ssl.reset(SSL_new(ctx.get()));
1402 if (!ssl ||
1403 !SSL_set_fd(ssl.get(), 1) ||
1404 !SSL_set_rfd(ssl.get(), 1) ||
1405 !ExpectFDs(ssl.get(), 1, 1)) {
1406 return false;
1407 }
1408
1409 // Test a no-op change to the write FD partway through.
1410 ssl.reset(SSL_new(ctx.get()));
1411 if (!ssl ||
1412 !SSL_set_fd(ssl.get(), 1) ||
1413 !SSL_set_wfd(ssl.get(), 1) ||
1414 !ExpectFDs(ssl.get(), 1, 1)) {
1415 return false;
1416 }
1417
1418 // ASan builds will implicitly test that the internal |BIO| reference-counting
1419 // is correct.
1420
1421 return true;
1422}
1423
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1424static bool TestSetBIO() {
1425 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1426 if (!ctx) {
1427 return false;
1428 }
1429
1430 ScopedSSL ssl(SSL_new(ctx.get()));
1431 ScopedBIO bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
1432 bio3(BIO_new(BIO_s_mem()));
1433 if (!ssl || !bio1 || !bio2 || !bio3) {
1434 return false;
1435 }
1436
1437 // SSL_set_bio takes one reference when the parameters are the same.
1438 BIO_up_ref(bio1.get());
1439 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1440
1441 // Repeating the call does nothing.
1442 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1443
1444 // It takes one reference each when the parameters are different.
1445 BIO_up_ref(bio2.get());
1446 BIO_up_ref(bio3.get());
1447 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1448
1449 // Repeating the call does nothing.
1450 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1451
1452 // It takes one reference when changing only wbio.
1453 BIO_up_ref(bio1.get());
1454 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1455
1456 // It takes one reference when changing only rbio and the two are different.
1457 BIO_up_ref(bio3.get());
1458 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1459
1460 // If setting wbio to rbio, it takes no additional references.
1461 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1462
1463 // From there, wbio may be switched to something else.
1464 BIO_up_ref(bio1.get());
1465 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1466
1467 // If setting rbio to wbio, it takes no additional references.
1468 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1469
1470 // From there, rbio may be switched to something else, but, for historical
1471 // reasons, it takes a reference to both parameters.
1472 BIO_up_ref(bio1.get());
1473 BIO_up_ref(bio2.get());
1474 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1475
1476 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1477 // is correct.
1478 return true;
1479}
1480
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1481static uint16_t kVersions[] = {
1482 SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION,
1483};
1484
1485static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1486
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1487static bool TestGetPeerCertificate() {
1488 ScopedX509 cert = GetTestCertificate();
1489 ScopedEVP_PKEY key = GetTestKey();
1490 if (!cert || !key) {
1491 return false;
1492 }
1493
1494 for (uint16_t version : kVersions) {
1495 // Configure both client and server to accept any certificate.
1496 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1497 if (!ctx ||
1498 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1499 !SSL_CTX_use_PrivateKey(ctx.get(), key.get())) {
1500 return false;
1501 }
1502 SSL_CTX_set_min_version(ctx.get(), version);
1503 SSL_CTX_set_max_version(ctx.get(), version);
1504 SSL_CTX_set_verify(
1505 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1506 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1507
1508 ScopedSSL client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1509 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1510 nullptr /* no session */)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1511 return false;
1512 }
1513
1514 // Client and server should both see the leaf certificate.
1515 ScopedX509 peer(SSL_get_peer_certificate(server.get()));
1516 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1517 fprintf(stderr, "%x: Server peer certificate did not match.\n", version);
1518 return false;
1519 }
1520
1521 peer.reset(SSL_get_peer_certificate(client.get()));
1522 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1523 fprintf(stderr, "%x: Client peer certificate did not match.\n", version);
1524 return false;
1525 }
1526
1527 // However, for historical reasons, the chain includes the leaf on the
1528 // client, but does not on the server.
1529 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1530 fprintf(stderr, "%x: Client peer chain was incorrect.\n", version);
1531 return false;
1532 }
1533
1534 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1535 fprintf(stderr, "%x: Server peer chain was incorrect.\n", version);
1536 return false;
1537 }
1538 }
1539
1540 return true;
1541}
1542
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1543static bool TestRetainOnlySHA256OfCerts() {
1544 ScopedX509 cert = GetTestCertificate();
1545 ScopedEVP_PKEY key = GetTestKey();
1546 if (!cert || !key) {
1547 return false;
1548 }
1549
1550 uint8_t *cert_der = NULL;
1551 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1552 if (cert_der_len < 0) {
1553 return false;
1554 }
1555 ScopedOpenSSLBytes free_cert_der(cert_der);
1556
1557 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1558 SHA256(cert_der, cert_der_len, cert_sha256);
1559
1560 for (uint16_t version : kVersions) {
1561 // Configure both client and server to accept any certificate, but the
1562 // server must retain only the SHA-256 of the peer.
1563 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1564 if (!ctx ||
1565 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1566 !SSL_CTX_use_PrivateKey(ctx.get(), key.get())) {
1567 return false;
1568 }
1569 SSL_CTX_set_min_version(ctx.get(), version);
1570 SSL_CTX_set_max_version(ctx.get(), version);
1571 SSL_CTX_set_verify(
1572 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1573 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1574 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
1575
1576 ScopedSSL client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1577 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1578 nullptr /* no session */)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1579 return false;
1580 }
1581
1582 // The peer certificate has been dropped.
1583 ScopedX509 peer(SSL_get_peer_certificate(server.get()));
1584 if (peer) {
1585 fprintf(stderr, "%x: Peer certificate was retained.\n", version);
1586 return false;
1587 }
1588
1589 SSL_SESSION *session = SSL_get_session(server.get());
1590 if (!session->peer_sha256_valid) {
1591 fprintf(stderr, "%x: peer_sha256_valid was not set.\n", version);
1592 return false;
1593 }
1594
1595 if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
1596 fprintf(stderr, "%x: peer_sha256 did not match.\n", version);
1597 return false;
1598 }
1599 }
1600
1601 return true;
1602}
1603
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1604static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1605 size_t expected_len) {
1606 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1607 if (!ctx) {
1608 return false;
1609 }
1610 SSL_CTX_set_max_version(ctx.get(), version);
1611 // Our default cipher list varies by CPU capabilities, so manually place the
1612 // ChaCha20 ciphers in front.
1613 if (!SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
1614 return false;
1615 }
1616 ScopedSSL ssl(SSL_new(ctx.get()));
1617 if (!ssl) {
1618 return false;
1619 }
1620 std::vector<uint8_t> client_hello;
1621 if (!GetClientHello(ssl.get(), &client_hello)) {
1622 return false;
1623 }
1624
1625 // Zero the client_random.
1626 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1627 1 + 3 + // handshake message header
1628 2; // client_version
1629 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1630 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1631 return false;
1632 }
1633 memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
1634
1635 if (client_hello.size() != expected_len ||
1636 memcmp(client_hello.data(), expected, expected_len) != 0) {
1637 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1638 fprintf(stderr, "Got:\n\t");
1639 for (size_t i = 0; i < client_hello.size(); i++) {
1640 fprintf(stderr, "0x%02x, ", client_hello[i]);
1641 }
1642 fprintf(stderr, "\nWanted:\n\t");
1643 for (size_t i = 0; i < expected_len; i++) {
1644 fprintf(stderr, "0x%02x, ", expected[i]);
1645 }
1646 fprintf(stderr, "\n");
1647 return false;
1648 }
1649
1650 return true;
1651}
1652
1653// Tests that our ClientHellos do not change unexpectedly.
1654static bool TestClientHello() {
1655 static const uint8_t kSSL3ClientHello[] = {
1656 0x16, 0x03, 0x00, 0x00, 0x47, 0x01, 0x00, 0x00, 0x43, 0x03, 0x00,
1657 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1658 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1659 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1660 0x00, 0x1c, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0,
1661 0x14, 0x00, 0x39, 0xc0, 0x07, 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35,
1662 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x00, 0xff, 0x01, 0x00,
1663 };
1664 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1665 sizeof(kSSL3ClientHello))) {
1666 return false;
1667 }
1668
1669 static const uint8_t kTLS1ClientHello[] = {
1670 0x16, 0x03, 0x01, 0x00, 0x66, 0x01, 0x00, 0x00, 0x62, 0x03, 0x01, 0x00,
1671 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1672 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1673 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0xc0, 0x09,
1674 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x39, 0xc0, 0x07,
1675 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04,
1676 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1677 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1678 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1679 };
1680 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1681 sizeof(kTLS1ClientHello))) {
1682 return false;
1683 }
1684
1685 static const uint8_t kTLS11ClientHello[] = {
1686 0x16, 0x03, 0x01, 0x00, 0x66, 0x01, 0x00, 0x00, 0x62, 0x03, 0x02, 0x00,
1687 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1688 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1689 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0xc0, 0x09,
1690 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x39, 0xc0, 0x07,
1691 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04,
1692 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1693 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1694 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1695 };
1696 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1697 sizeof(kTLS11ClientHello))) {
1698 return false;
1699 }
1700
1701 static const uint8_t kTLS12ClientHello[] = {
1702 0x16, 0x03, 0x01, 0x00, 0xa4, 0x01, 0x00, 0x00, 0xa0, 0x03, 0x03, 0x00,
1703 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1704 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1705 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0xcc, 0xa9,
1706 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
1707 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13,
1708 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1709 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0xc0, 0x07, 0xc0, 0x11, 0x00, 0x9c,
1710 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a,
1711 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x35, 0xff, 0x01, 0x00, 0x01,
1712 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1713 0x12, 0x00, 0x10, 0x06, 0x01, 0x06, 0x03, 0x05, 0x01, 0x05, 0x03, 0x04,
1714 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x0b, 0x00, 0x02, 0x01,
1715 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00,
1716 0x18,
1717 };
1718 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1719 sizeof(kTLS12ClientHello))) {
1720 return false;
1721 }
1722
1723 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1724 // implementation has settled enough that it won't change.
1725
1726 return true;
1727}
1728
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1729static ScopedSSL_SESSION g_last_session;
1730
1731static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1732 // Save the most recent session.
1733 g_last_session.reset(session);
1734 return 1;
1735}
1736
1737static ScopedSSL_SESSION CreateClientSession(SSL_CTX *client_ctx,
1738 SSL_CTX *server_ctx) {
1739 g_last_session = nullptr;
1740 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1741
1742 // Connect client and server to get a session.
1743 ScopedSSL client, server;
1744 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1745 nullptr /* no session */)) {
1746 fprintf(stderr, "Failed to connect client and server.\n");
1747 return nullptr;
1748 }
1749
1750 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1751 SSL_read(client.get(), nullptr, 0);
1752
1753 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1754
1755 if (!g_last_session) {
1756 fprintf(stderr, "Client did not receive a session.\n");
1757 return nullptr;
1758 }
1759 return std::move(g_last_session);
1760}
1761
1762static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1763 SSL_SESSION *session,
1764 bool reused) {
1765 ScopedSSL client, server;
1766 if (!ConnectClientAndServer(&client, &server, client_ctx,
1767 server_ctx, session)) {
1768 fprintf(stderr, "Failed to connect client and server.\n");
1769 return false;
1770 }
1771
1772 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1773 fprintf(stderr, "Client and server were inconsistent.\n");
1774 return false;
1775 }
1776
1777 bool was_reused = !!SSL_session_reused(client.get());
1778 if (was_reused != reused) {
1779 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1780 was_reused ? "" : " not");
1781 return false;
1782 }
1783
1784 return true;
1785}
1786
1787static bool TestSessionIDContext() {
1788 ScopedX509 cert = GetTestCertificate();
1789 ScopedEVP_PKEY key = GetTestKey();
1790 if (!cert || !key) {
1791 return false;
1792 }
1793
1794 static const uint8_t kContext1[] = {1};
1795 static const uint8_t kContext2[] = {2};
1796
1797 for (uint16_t version : kVersions) {
1798 // TODO(davidben): Enable this when TLS 1.3 resumption is implemented.
1799 if (version == TLS1_3_VERSION) {
1800 continue;
1801 }
1802
1803 ScopedSSL_CTX server_ctx(SSL_CTX_new(TLS_method()));
1804 ScopedSSL_CTX client_ctx(SSL_CTX_new(TLS_method()));
1805 if (!server_ctx || !client_ctx ||
1806 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1807 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
1808 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
1809 sizeof(kContext1))) {
1810 return false;
1811 }
1812
1813 SSL_CTX_set_min_version(client_ctx.get(), version);
1814 SSL_CTX_set_max_version(client_ctx.get(), version);
1815 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
1816
1817 SSL_CTX_set_min_version(server_ctx.get(), version);
1818 SSL_CTX_set_max_version(server_ctx.get(), version);
1819 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
1820
1821 ScopedSSL_SESSION session =
1822 CreateClientSession(client_ctx.get(), server_ctx.get());
1823 if (!session) {
1824 fprintf(stderr, "Error getting session (version = %04x).\n", version);
1825 return false;
1826 }
1827
1828 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1829 true /* expect session reused */)) {
1830 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1831 return false;
1832 }
1833
1834 // Change the session ID context.
1835 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
1836 sizeof(kContext2))) {
1837 return false;
1838 }
1839
1840 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1841 false /* expect session not reused */)) {
1842 fprintf(stderr,
1843 "Error connection with different context (version = %04x).\n",
1844 version);
1845 return false;
1846 }
1847 }
1848
1849 return true;
1850}
1851
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame^]1852static timeval g_current_time;
1853
1854static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
1855 *out_clock = g_current_time;
1856}
1857
1858static bool TestSessionTimeout() {
1859 ScopedX509 cert = GetTestCertificate();
1860 ScopedEVP_PKEY key = GetTestKey();
1861 if (!cert || !key) {
1862 return false;
1863 }
1864
1865 for (uint16_t version : kVersions) {
1866 // TODO(davidben): Enable this when TLS 1.3 resumption is implemented.
1867 if (version == TLS1_3_VERSION) {
1868 continue;
1869 }
1870
1871 ScopedSSL_CTX server_ctx(SSL_CTX_new(TLS_method()));
1872 ScopedSSL_CTX client_ctx(SSL_CTX_new(TLS_method()));
1873 if (!server_ctx || !client_ctx ||
1874 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1875 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1876 return false;
1877 }
1878
1879 SSL_CTX_set_min_version(client_ctx.get(), version);
1880 SSL_CTX_set_max_version(client_ctx.get(), version);
1881 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
1882
1883 SSL_CTX_set_min_version(server_ctx.get(), version);
1884 SSL_CTX_set_max_version(server_ctx.get(), version);
1885 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
1886 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
1887
1888 ScopedSSL_SESSION session =
1889 CreateClientSession(client_ctx.get(), server_ctx.get());
1890 if (!session) {
1891 fprintf(stderr, "Error getting session (version = %04x).\n", version);
1892 return false;
1893 }
1894
1895 // Advance the clock just behind the timeout.
1896 g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT;
1897
1898 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1899 true /* expect session reused */)) {
1900 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1901 return false;
1902 }
1903
1904 // Advance the clock one more second.
1905 g_current_time.tv_sec++;
1906
1907 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1908 false /* expect session not reused */)) {
1909 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1910 return false;
1911 }
1912 }
1913
1914 return true;
1915}
1916
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1917int main() {
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]1918 CRYPTO_library_init();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]1919
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]1920 if (!TestCipherRules() ||
1921 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
1922 !TestSSL_SESSIONEncoding(kCustomSession) ||
1923 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
1924 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
1925 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
1926 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]1927 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]1928 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
1929 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
1930 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
1931 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
1932 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
1933 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
1934 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
1935 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
1936 !TestCipherGetRFCName() ||
1937 !TestPaddingExtension() ||
1938 !TestClientCAList() ||
1939 !TestInternalSessionCache() ||
1940 !TestSequenceNumber(false /* TLS */) ||
1941 !TestSequenceNumber(true /* DTLS */) ||
1942 !TestOneSidedShutdown() ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1943 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1944 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1945 !TestSetBIO() ||
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1946 !TestGetPeerCertificate() ||
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1947 !TestRetainOnlySHA256OfCerts() ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1948 !TestClientHello() ||
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame^]1949 !TestSessionIDContext() ||
1950 !TestSessionTimeout()) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]1951 ERR_print_errors_fp(stderr);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]1952 return 1;
1953 }
1954
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1955 printf("PASS\n");
1956 return 0;
1957}