Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 91222b8d3835844802b7564ac12e92055e8554eb / . / ssl / ssl_test.cc
blob: 5f89b81867cbd9342322ebc9ca8b5b9c715a1a8d [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]62 // True if this cipher list should fail in strict mode.
63 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]64};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]65
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]66struct CurveTest {
67 // The rule string to apply.
68 const char *rule;
69 // The list of expected curves, in order.
70 std::vector<uint16_t> expected;
71};
72
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]73static const CipherTest kCipherTests[] = {
74 // Selecting individual ciphers should work.
75 {
76 "ECDHE-ECDSA-CHACHA20-POLY1305:"
77 "ECDHE-RSA-CHACHA20-POLY1305:"
78 "ECDHE-ECDSA-AES128-GCM-SHA256:"
79 "ECDHE-RSA-AES128-GCM-SHA256",
80 {
81 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]82 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]83 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
84 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
85 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]86 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]87 },
88 // + reorders selected ciphers to the end, keeping their relative order.
89 {
90 "ECDHE-ECDSA-CHACHA20-POLY1305:"
91 "ECDHE-RSA-CHACHA20-POLY1305:"
92 "ECDHE-ECDSA-AES128-GCM-SHA256:"
93 "ECDHE-RSA-AES128-GCM-SHA256:"
94 "+aRSA",
95 {
96 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]97 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]99 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
100 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]101 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]102 },
103 // ! banishes ciphers from future selections.
104 {
105 "!aRSA:"
106 "ECDHE-ECDSA-CHACHA20-POLY1305:"
107 "ECDHE-RSA-CHACHA20-POLY1305:"
108 "ECDHE-ECDSA-AES128-GCM-SHA256:"
109 "ECDHE-RSA-AES128-GCM-SHA256",
110 {
111 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]112 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
113 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]114 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]115 },
116 // Multiple masks can be ANDed in a single rule.
117 {
118 "kRSA+AESGCM+AES128",
119 {
120 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]122 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]123 },
124 // - removes selected ciphers, but preserves their order for future
125 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
126 // ECDHE_RSA.
127 {
128 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
129 "AESGCM+AES128+aRSA",
130 {
131 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
132 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
133 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
134 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]135 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]136 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]137 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]138 {
139 "ECDHE-ECDSA-CHACHA20-POLY1305:"
140 "ECDHE-RSA-CHACHA20-POLY1305:"
141 "ECDHE-ECDSA-AES128-GCM-SHA256:"
142 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]143 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
149 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]150 true,
151 },
152 // Unknown selectors are no-ops, except in strict mode.
153 {
154 "ECDHE-ECDSA-CHACHA20-POLY1305:"
155 "ECDHE-RSA-CHACHA20-POLY1305:"
156 "ECDHE-ECDSA-AES128-GCM-SHA256:"
157 "ECDHE-RSA-AES128-GCM-SHA256:"
158 "-BOGUS2:+BOGUS3:!BOGUS4",
159 {
160 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
161 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
162 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
163 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
164 },
165 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]166 },
167 // Square brackets specify equi-preference groups.
168 {
169 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
170 "[ECDHE-RSA-CHACHA20-POLY1305]:"
171 "ECDHE-RSA-AES128-GCM-SHA256",
172 {
173 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]175 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]176 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
177 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]178 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]179 },
180 // @STRENGTH performs a stable strength-sort of the selected ciphers and
181 // only the selected ciphers.
182 {
183 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]184 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]185 "!kEDH:!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]186 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]187 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]188 // Select ECDHE ones and sort them by strength. Ties should resolve
189 // based on the order above.
190 "kECDHE:@STRENGTH:-ALL:"
191 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
192 // by strength. Then RSA, backwards by strength.
193 "aRSA",
194 {
195 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
196 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]197 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]198 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
199 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
200 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]201 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]202 },
203 // Exact ciphers may not be used in multi-part rules; they are treated
204 // as unknown aliases.
205 {
206 "ECDHE-ECDSA-AES128-GCM-SHA256:"
207 "ECDHE-RSA-AES128-GCM-SHA256:"
208 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
209 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
210 {
211 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
212 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
213 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]214 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]215 },
216 // SSLv3 matches everything that existed before TLS 1.2.
217 {
218 "AES128-SHA:AES128-SHA256:!SSLv3",
219 {
220 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
221 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]222 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]223 },
224 // TLSv1.2 matches everything added in TLS 1.2.
225 {
226 "AES128-SHA:AES128-SHA256:!TLSv1.2",
227 {
228 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
229 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]230 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]231 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]232 // The two directives have no intersection. But each component is valid, so
233 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]234 {
235 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
236 {
237 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
238 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
239 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]240 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]241 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]242};
243
244static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]245 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]246 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
247 "RSA]",
248 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]249 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]250 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]251 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]252 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]253 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]254 "",
255 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]256 // COMPLEMENTOFDEFAULT is empty.
257 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]258 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]259 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]260 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]261 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
262 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
263 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
264 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]265 // Opcode supplied, but missing selector.
266 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]267};
268
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]269static const char *kMustNotIncludeNull[] = {
270 "ALL",
271 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]272 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]273 "FIPS",
274 "SHA",
275 "SHA1",
276 "RSA",
277 "SSLv3",
278 "TLSv1",
279 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]280};
281
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]282static const CurveTest kCurveTests[] = {
283 {
284 "P-256",
285 { SSL_CURVE_SECP256R1 },
286 },
287 {
288 "P-256:P-384:P-521:X25519",
289 {
290 SSL_CURVE_SECP256R1,
291 SSL_CURVE_SECP384R1,
292 SSL_CURVE_SECP521R1,
293 SSL_CURVE_X25519,
294 },
295 },
296};
297
298static const char *kBadCurvesLists[] = {
299 "",
300 ":",
301 "::",
302 "P-256::X25519",
303 "RSA:P-256",
304 "P-256:RSA",
305 "X25519:P-256:",
306 ":X25519:P-256",
307};
308
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]309static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
310 bool in_group = false;
311 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]312 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
313 if (!in_group && list->in_group_flags[i]) {
314 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]315 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]316 }
317 fprintf(stderr, "\t");
318 if (in_group) {
319 fprintf(stderr, " ");
320 }
321 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
322 if (in_group && !list->in_group_flags[i]) {
323 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]324 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]325 }
326 }
327}
328
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]329static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]330 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]331 if (!ctx) {
332 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]333 }
334
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]335 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
336 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]337 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]338 }
339
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]340 if (!SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule) != t.strict_fail) {
341 fprintf(stderr, "Unexpected strict failure result testing cipher rule '%s':"
342 " expected %d\n", t.rule, t.strict_fail);
343 return false;
344 }
345
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]346 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]347 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
348 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
349 PrintCipherPreferenceList(ctx->cipher_list);
350 return false;
351 }
352
353 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]354 const SSL_CIPHER *cipher =
355 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]356 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
357 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
358 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]359 PrintCipherPreferenceList(ctx->cipher_list);
360 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]361 }
362 }
363
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]364 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]365}
366
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]367static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]368 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]369 if (!ctx) {
370 return false;
371 }
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]372 if (!SSL_CTX_set_strict_cipher_list(ctx.get(), rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]373 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
374 return false;
375 }
376 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
377 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
378 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
379 return false;
380 }
381 }
382 return true;
383}
384
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]385static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]386 for (const CipherTest &test : kCipherTests) {
387 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]388 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]389 }
390 }
391
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]392 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]393 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]394 if (!ctx) {
395 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]396 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]397 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
398 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]399 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]400 }
401 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]402 }
403
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]404 for (const char *rule : kMustNotIncludeNull) {
405 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]406 return false;
407 }
408 }
409
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]410 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]411}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]412
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]413static bool TestCurveRule(const CurveTest &t) {
414 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
415 if (!ctx) {
416 return false;
417 }
418
419 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
420 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
421 return false;
422 }
423
424 // Compare the two lists.
425 if (ctx->supported_group_list_len != t.expected.size()) {
426 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
427 return false;
428 }
429
430 for (size_t i = 0; i < t.expected.size(); i++) {
431 if (t.expected[i] != ctx->supported_group_list[i]) {
432 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
433 return false;
434 }
435 }
436
437 return true;
438}
439
440static bool TestCurveRules() {
441 for (const CurveTest &test : kCurveTests) {
442 if (!TestCurveRule(test)) {
443 return false;
444 }
445 }
446
447 for (const char *rule : kBadCurvesLists) {
448 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
449 if (!ctx) {
450 return false;
451 }
452 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
453 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
454 return false;
455 }
456 ERR_clear_error();
457 }
458
459 return true;
460}
461
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]462// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]463static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]464 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]465 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
466 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
467 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
468 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
469 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
470 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
471 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
472 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
473 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
474 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
475 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
476 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
477 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
478 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
479 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
480 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
481 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
482 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
483 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
484 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
485 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
486 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
487 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
488 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
489 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
490 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
491 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
492 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
493 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]494 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]495
496// kCustomSession is a custom serialized SSL_SESSION generated by
497// filling in missing fields from |kOpenSSLSession|. This includes
498// providing |peer_sha256|, so |peer| is not serialized.
499static const char kCustomSession[] =
500 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
501 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
502 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
503 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
504 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
505 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
506 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
507 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
508
509// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
510static const char kBoringSSLSession[] =
511 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
512 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
513 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
514 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
515 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
516 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
517 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
518 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
519 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
520 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
521 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
522 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
523 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
524 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
525 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
526 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
527 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
528 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
529 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
530 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
531 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
532 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
533 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
534 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
535 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
536 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
537 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
538 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
539 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
540 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
541 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
542 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
543 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
544 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
545 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
546 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
547 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
548 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
549 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
550 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
551 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
552 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
553 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
554 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
555 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
556 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
557 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
558 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
559 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
560 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
561 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
562 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
563 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
564 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
565 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
566 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
567 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
568 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
569 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
570 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
571 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
572 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
573 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
574 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
575 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
576 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
577 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
578 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
579 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
580 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
581 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
582 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
583 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
584 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
585 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
586 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
587 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
588 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
589 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
590 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
591 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
592 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
593 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
594 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
595 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
596 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
597 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
598 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
599 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
600 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
601 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
602 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
603 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
604 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
605 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
606
607// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
608// the final (optional) element of |kCustomSession| with tag number 30.
609static const char kBadSessionExtraField[] =
610 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
611 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
612 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
613 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
614 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
615 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
616 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
617 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
618
619// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
620// the version of |kCustomSession| with 2.
621static const char kBadSessionVersion[] =
622 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
623 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
624 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
625 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
626 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
627 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
628 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
629 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
630
631// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
632// appended.
633static const char kBadSessionTrailingData[] =
634 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
635 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
636 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
637 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
638 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
639 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
640 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
641 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
642
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]643static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]644 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]645 if (!EVP_DecodedLength(&len, strlen(in))) {
646 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]647 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]648 }
649
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]650 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]651 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]652 strlen(in))) {
653 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]654 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]655 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]656 out->resize(len);
657 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]658}
659
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]660static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]661 const uint8_t *cptr;
662 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]663
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]664 // Decode the input.
665 std::vector<uint8_t> input;
666 if (!DecodeBase64(&input, input_b64)) {
667 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]668 }
669
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]670 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]671 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
672 if (!ssl_ctx) {
673 return false;
674 }
675 bssl::UniquePtr<SSL_SESSION> session(
676 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]677 if (!session) {
678 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]679 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]680 }
681
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]682 // Verify the SSL_SESSION encoding round-trips.
683 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]684 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 uint8_t *encoded_raw;
686 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]687 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]688 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]689 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]690 encoded.reset(encoded_raw);
691 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]692 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]693 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]694 hexdump(stderr, "Before: ", input.data(), input.size());
695 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]696 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]697 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]698
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]699 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]700 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]701 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]702 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]703 fprintf(stderr, "d2i_SSL_SESSION failed\n");
704 return false;
705 }
706
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]707 // Verify the SSL_SESSION encoding round-trips via the legacy API.
708 int len = i2d_SSL_SESSION(session.get(), NULL);
709 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]710 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]711 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]712 }
713
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]714 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
715 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]716 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]717 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]718 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]719
720 ptr = encoded.get();
721 len = i2d_SSL_SESSION(session.get(), &ptr);
722 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]723 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]724 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]725 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]726 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]727 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]728 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]729 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]730 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]731 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]732 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]733 }
734
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]735 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]736}
737
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]738static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
739 std::vector<uint8_t> input;
740 if (!DecodeBase64(&input, input_b64)) {
741 return false;
742 }
743
744 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]745 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
746 if (!ssl_ctx) {
747 return false;
748 }
749 bssl::UniquePtr<SSL_SESSION> session(
750 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]751 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]752 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]753 return false;
754 }
755 ERR_clear_error();
756 return true;
757}
758
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]759static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]760 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]761 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]762 if (!ctx) {
763 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]764 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]765 if (ctx->min_version != min_version || ctx->max_version != max_version) {
766 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
767 ctx->min_version, ctx->max_version, min_version, max_version);
768 return false;
769 }
770 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]771}
772
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]773static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]774 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
775 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]776 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]777 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]778 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]779 if (!rfc_name) {
780 return false;
781 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]782 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]783 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]784}
785
786typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]787 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]788 const char *rfc_name;
789} CIPHER_RFC_NAME_TEST;
790
791static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]792 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
793 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
794 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
795 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
796 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
797 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
798 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
799 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
800 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
801 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
802 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
803 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
804 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
805 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
806 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
807 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
808 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
809 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
810 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
811 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
812 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
813 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]814};
815
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]816static bool TestCipherGetRFCName(void) {
817 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]818 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]819 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]820 std::string rfc_name;
821 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
822 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
823 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]824 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]825 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]826 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]827 rfc_name.c_str(), test->rfc_name);
828 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]829 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]830 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]831 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]832}
833
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]834// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
835// version and ticket length or nullptr on failure.
836static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
837 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]838 std::vector<uint8_t> der;
839 if (!DecodeBase64(&der, kOpenSSLSession)) {
840 return nullptr;
841 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]842
843 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
844 if (!ssl_ctx) {
845 return nullptr;
846 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]847 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]848 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]849 if (!session) {
850 return nullptr;
851 }
852
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]853 session->ssl_version = version;
854
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]855 // Swap out the ticket for a garbage one.
856 OPENSSL_free(session->tlsext_tick);
857 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
858 if (session->tlsext_tick == nullptr) {
859 return nullptr;
860 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]861 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]862 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]863
864 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]865#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
866 session->time = 1234;
867#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]868 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]869#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]870 return session;
871}
872
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]873static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]874 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]875 if (!bio) {
876 return false;
877 }
878 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]879 BIO_up_ref(bio.get());
880 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]881 int ret = SSL_connect(ssl);
882 if (ret > 0) {
883 // SSL_connect should fail without a BIO to write to.
884 return false;
885 }
886 ERR_clear_error();
887
888 const uint8_t *client_hello;
889 size_t client_hello_len;
890 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
891 return false;
892 }
893 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
894 return true;
895}
896
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]897// GetClientHelloLen creates a client SSL connection with the specified version
898// and ticket length. It returns the length of the ClientHello, not including
899// the record header, on success and zero on error.
900static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
901 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]902 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]903 bssl::UniquePtr<SSL_SESSION> session =
904 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]905 if (!ctx || !session) {
906 return 0;
907 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]908
909 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]910 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]911 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]912 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]913 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]914 return 0;
915 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]916
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]917 std::vector<uint8_t> client_hello;
918 if (!GetClientHello(ssl.get(), &client_hello) ||
919 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]920 return 0;
921 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]922
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]923 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]924}
925
926struct PaddingTest {
927 size_t input_len, padded_len;
928};
929
930static const PaddingTest kPaddingTests[] = {
931 // ClientHellos of length below 0x100 do not require padding.
932 {0xfe, 0xfe},
933 {0xff, 0xff},
934 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
935 {0x100, 0x200},
936 {0x123, 0x200},
937 {0x1fb, 0x200},
938 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
939 // padding extension takes a minimum of four bytes plus one required content
940 // byte. (To work around yet more server bugs, we avoid empty final
941 // extensions.)
942 {0x1fc, 0x201},
943 {0x1fd, 0x202},
944 {0x1fe, 0x203},
945 {0x1ff, 0x204},
946 // Finally, larger ClientHellos need no padding.
947 {0x200, 0x200},
948 {0x201, 0x201},
949};
950
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]951static bool TestPaddingExtension(uint16_t max_version,
952 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]953 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]954 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]955 if (base_len == 0) {
956 return false;
957 }
958
959 for (const PaddingTest &test : kPaddingTests) {
960 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]961 fprintf(stderr,
962 "Baseline ClientHello too long (max_version = %04x, "
963 "session_version = %04x).\n",
964 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]965 return false;
966 }
967
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]968 size_t padded_len = GetClientHelloLen(max_version, session_version,
969 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]970 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]971 fprintf(stderr,
972 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
973 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]974 static_cast<unsigned>(test.input_len),
975 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]976 static_cast<unsigned>(test.padded_len), max_version,
977 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]978 return false;
979 }
980 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]981
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]982 return true;
983}
984
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]985// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
986// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]987TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]988 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]989 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]990 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]991 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]992
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]993 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
994 ASSERT_TRUE(name);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]995
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]996 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
997 ASSERT_TRUE(name_dup);
998
999 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
1000 ASSERT_TRUE(stack);
1001
1002 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
1003 name_dup.release();
1004
1005 // |SSL_set_client_CA_list| takes ownership.
1006 SSL_set_client_CA_list(ssl.get(), stack.release());
1007
1008 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1009 ASSERT_TRUE(result);
1010 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1011 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1012}
1013
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1014static void AppendSession(SSL_SESSION *session, void *arg) {
1015 std::vector<SSL_SESSION*> *out =
1016 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1017 out->push_back(session);
1018}
1019
1020// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
1021// order.
1022static bool ExpectCache(SSL_CTX *ctx,
1023 const std::vector<SSL_SESSION*> &expected) {
1024 // Check the linked list.
1025 SSL_SESSION *ptr = ctx->session_cache_head;
1026 for (SSL_SESSION *session : expected) {
1027 if (ptr != session) {
1028 return false;
1029 }
1030 // TODO(davidben): This is an absurd way to denote the end of the list.
1031 if (ptr->next ==
1032 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1033 ptr = nullptr;
1034 } else {
1035 ptr = ptr->next;
1036 }
1037 }
1038 if (ptr != nullptr) {
1039 return false;
1040 }
1041
1042 // Check the hash table.
1043 std::vector<SSL_SESSION*> actual, expected_copy;
1044 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1045 expected_copy = expected;
1046
1047 std::sort(actual.begin(), actual.end());
1048 std::sort(expected_copy.begin(), expected_copy.end());
1049
1050 return actual == expected_copy;
1051}
1052
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1053static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]1054 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1055 if (!ssl_ctx) {
1056 return nullptr;
1057 }
1058 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1059 if (!ret) {
1060 return nullptr;
1061 }
1062
1063 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1064 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1065 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1066 return ret;
1067}
1068
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1069// Test that the internal session cache behaves as expected.
1070static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1071 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1072 if (!ctx) {
1073 return false;
1074 }
1075
1076 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1077 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1078 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1079 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1080 if (!session) {
1081 return false;
1082 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1083 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1084 }
1085
1086 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1087
1088 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1089 for (const auto &session : sessions) {
1090 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1091 return false;
1092 }
1093 }
1094
1095 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1096 std::vector<SSL_SESSION*> expected = {
1097 sessions[9].get(),
1098 sessions[8].get(),
1099 sessions[7].get(),
1100 sessions[6].get(),
1101 sessions[5].get(),
1102 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1103 if (!ExpectCache(ctx.get(), expected)) {
1104 return false;
1105 }
1106
1107 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1108 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1109 !ExpectCache(ctx.get(), expected)) {
1110 return false;
1111 }
1112
1113 // Although collisions should be impossible (256-bit session IDs), the cache
1114 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1115 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1116 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1117 return false;
1118 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1119 expected = {
1120 collision.get(),
1121 sessions[9].get(),
1122 sessions[8].get(),
1123 sessions[6].get(),
1124 sessions[5].get(),
1125 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1126 if (!ExpectCache(ctx.get(), expected)) {
1127 return false;
1128 }
1129
1130 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1131 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1132 return false;
1133 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1134 expected = {
1135 collision.get(),
1136 sessions[9].get(),
1137 sessions[8].get(),
1138 sessions[5].get(),
1139 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1140 if (!ExpectCache(ctx.get(), expected)) {
1141 return false;
1142 }
1143
1144 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1145 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1146 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1147 !ExpectCache(ctx.get(), expected)) {
1148 return false;
1149 }
1150
1151 return true;
1152}
1153
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1154static uint16_t EpochFromSequence(uint64_t seq) {
1155 return static_cast<uint16_t>(seq >> 48);
1156}
1157
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1158static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1159 static const char kCertPEM[] =
1160 "-----BEGIN CERTIFICATE-----\n"
1161 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1162 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1163 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1164 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1165 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1166 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1167 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1168 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1169 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1170 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1171 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1172 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1173 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1174 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1175 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1176 return bssl::UniquePtr<X509>(
1177 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1178}
1179
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1180static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1181 static const char kKeyPEM[] =
1182 "-----BEGIN RSA PRIVATE KEY-----\n"
1183 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1184 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1185 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1186 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1187 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1188 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1189 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1190 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1191 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1192 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1193 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1194 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1195 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1196 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1198 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1199 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1200}
1201
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1202static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1203 static const char kCertPEM[] =
1204 "-----BEGIN CERTIFICATE-----\n"
1205 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1206 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1207 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1208 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1209 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1210 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1211 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1212 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1213 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1214 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1215 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1216 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1217 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1218}
1219
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1220static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1221 static const char kKeyPEM[] =
1222 "-----BEGIN PRIVATE KEY-----\n"
1223 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1224 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1225 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1226 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1227 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1228 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1229 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1230}
1231
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1232static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1233 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1234 char *name, *header;
1235 uint8_t *data;
1236 long data_len;
1237 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1238 &data_len)) {
1239 return nullptr;
1240 }
1241 OPENSSL_free(name);
1242 OPENSSL_free(header);
1243
1244 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1245 CRYPTO_BUFFER_new(data, data_len, nullptr));
1246 OPENSSL_free(data);
1247 return ret;
1248}
1249
1250static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1251 static const char kCertPEM[] =
1252 "-----BEGIN CERTIFICATE-----\n"
1253 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1254 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1255 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1256 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1257 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1258 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1259 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1260 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1261 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1262 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1263 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1264 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1265 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1266 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1267 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1268 "1ngWZ7Ih\n"
1269 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1270 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1271}
1272
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1273static bssl::UniquePtr<X509> X509FromBuffer(
1274 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1275 if (!buffer) {
1276 return nullptr;
1277 }
1278 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1279 return bssl::UniquePtr<X509>(
1280 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1281}
1282
1283static bssl::UniquePtr<X509> GetChainTestCertificate() {
1284 return X509FromBuffer(GetChainTestCertificateBuffer());
1285}
1286
1287static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1288 static const char kCertPEM[] =
1289 "-----BEGIN CERTIFICATE-----\n"
1290 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1291 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1292 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1293 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1294 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1295 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1296 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1297 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1298 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1299 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1300 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1301 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1302 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1303 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1304 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1305 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1306 return BufferFromPEM(kCertPEM);
1307}
1308
1309static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1310 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1311}
1312
1313static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1314 static const char kKeyPEM[] =
1315 "-----BEGIN PRIVATE KEY-----\n"
1316 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1317 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1318 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1319 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1320 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1321 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1322 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1323 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1324 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1325 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1326 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1327 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1328 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1329 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1330 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1331 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1332 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1333 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1334 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1335 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1336 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1337 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1338 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1339 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1340 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1341 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1342 "-----END PRIVATE KEY-----\n";
1343 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1344 return bssl::UniquePtr<EVP_PKEY>(
1345 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1346}
1347
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1348static bool CompleteHandshakes(SSL *client, SSL *server) {
1349 // Drive both their handshakes to completion.
1350 for (;;) {
1351 int client_ret = SSL_do_handshake(client);
1352 int client_err = SSL_get_error(client, client_ret);
1353 if (client_err != SSL_ERROR_NONE &&
1354 client_err != SSL_ERROR_WANT_READ &&
1355 client_err != SSL_ERROR_WANT_WRITE) {
1356 fprintf(stderr, "Client error: %d\n", client_err);
1357 return false;
1358 }
1359
1360 int server_ret = SSL_do_handshake(server);
1361 int server_err = SSL_get_error(server, server_ret);
1362 if (server_err != SSL_ERROR_NONE &&
1363 server_err != SSL_ERROR_WANT_READ &&
1364 server_err != SSL_ERROR_WANT_WRITE) {
1365 fprintf(stderr, "Server error: %d\n", server_err);
1366 return false;
1367 }
1368
1369 if (client_ret == 1 && server_ret == 1) {
1370 break;
1371 }
1372 }
1373
1374 return true;
1375}
1376
1377static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1378 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1379 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1380 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1381 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1382 if (!client || !server) {
1383 return false;
1384 }
1385 SSL_set_connect_state(client.get());
1386 SSL_set_accept_state(server.get());
1387
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1388 SSL_set_session(client.get(), session);
1389
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1390 BIO *bio1, *bio2;
1391 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1392 return false;
1393 }
1394 // SSL_set_bio takes ownership.
1395 SSL_set_bio(client.get(), bio1, bio1);
1396 SSL_set_bio(server.get(), bio2, bio2);
1397
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1398 if (!CompleteHandshakes(client.get(), server.get())) {
1399 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1400 }
1401
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1402 *out_client = std::move(client);
1403 *out_server = std::move(server);
1404 return true;
1405}
1406
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1407static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1408 uint16_t version) {
1409 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1410 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1411 if (!server_ctx || !client_ctx ||
1412 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1413 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1414 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1415 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1416 return false;
1417 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1418
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1419 bssl::UniquePtr<X509> cert = GetTestCertificate();
1420 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1421 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1422 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1423 return false;
1424 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1425
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1426 bssl::UniquePtr<SSL> client, server;
1427 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1428 server_ctx.get(), nullptr /* no session */)) {
1429 return false;
1430 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1431
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1432 // Drain any post-handshake messages to ensure there are no unread records
1433 // on either end.
1434 uint8_t byte = 0;
1435 if (SSL_read(client.get(), &byte, 1) > 0 ||
1436 SSL_read(server.get(), &byte, 1) > 0) {
1437 fprintf(stderr, "Received unexpected data.\n");
1438 return false;
1439 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1440
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1441 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1442 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1443 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1444 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1445
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1446 if (is_dtls) {
1447 // Both client and server must be at epoch 1.
1448 if (EpochFromSequence(client_read_seq) != 1 ||
1449 EpochFromSequence(client_write_seq) != 1 ||
1450 EpochFromSequence(server_read_seq) != 1 ||
1451 EpochFromSequence(server_write_seq) != 1) {
1452 fprintf(stderr, "Bad epochs.\n");
1453 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1454 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1455
1456 // The next record to be written should exceed the largest received.
1457 if (client_write_seq <= server_read_seq ||
1458 server_write_seq <= client_read_seq) {
1459 fprintf(stderr, "Inconsistent sequence numbers.\n");
1460 return false;
1461 }
1462 } else {
1463 // The next record to be written should equal the next to be received.
1464 if (client_write_seq != server_read_seq ||
1465 server_write_seq != client_read_seq) {
1466 fprintf(stderr, "Inconsistent sequence numbers.\n");
1467 return false;
1468 }
1469 }
1470
1471 // Send a record from client to server.
1472 if (SSL_write(client.get(), &byte, 1) != 1 ||
1473 SSL_read(server.get(), &byte, 1) != 1) {
1474 fprintf(stderr, "Could not send byte.\n");
1475 return false;
1476 }
1477
1478 // The client write and server read sequence numbers should have
1479 // incremented.
1480 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1481 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1482 fprintf(stderr, "Sequence numbers did not increment.\n");
1483 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1484 }
1485
1486 return true;
1487}
1488
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1489static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1490 uint16_t version) {
1491 // SSL_shutdown is a no-op in DTLS.
1492 if (is_dtls) {
1493 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1494 }
1495
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1496 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1497 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1498 bssl::UniquePtr<X509> cert = GetTestCertificate();
1499 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1500 if (!client_ctx || !server_ctx || !cert || !key ||
1501 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1502 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1503 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1504 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1505 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1506 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1507 return false;
1508 }
1509
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1510 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1511 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1512 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1513 return false;
1514 }
1515
1516 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1517 // one side has shut down.
1518 if (SSL_shutdown(client.get()) != 0) {
1519 fprintf(stderr, "Could not shutdown.\n");
1520 return false;
1521 }
1522
1523 // Reading from the server should consume the EOF.
1524 uint8_t byte;
1525 if (SSL_read(server.get(), &byte, 1) != 0 ||
1526 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1527 fprintf(stderr, "Connection was not shut down cleanly.\n");
1528 return false;
1529 }
1530
1531 // However, the server may continue to write data and then shut down the
1532 // connection.
1533 byte = 42;
1534 if (SSL_write(server.get(), &byte, 1) != 1 ||
1535 SSL_read(client.get(), &byte, 1) != 1 ||
1536 byte != 42) {
1537 fprintf(stderr, "Could not send byte.\n");
1538 return false;
1539 }
1540
1541 // The server may then shutdown the connection.
1542 if (SSL_shutdown(server.get()) != 1 ||
1543 SSL_shutdown(client.get()) != 1) {
1544 fprintf(stderr, "Could not complete shutdown.\n");
1545 return false;
1546 }
1547
1548 return true;
1549}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1550
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1551TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1552 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1553 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1554 ASSERT_TRUE(client_ctx);
1555 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1556
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1557 bssl::UniquePtr<X509> cert = GetTestCertificate();
1558 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1559 ASSERT_TRUE(cert);
1560 ASSERT_TRUE(key);
1561 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1562 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1563
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1564 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1565 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1566 server_ctx.get(),
1567 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1568
1569 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1570 bssl::UniquePtr<SSL_SESSION> session1(
1571 SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
1572 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1573
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1574 session1->not_resumable = 0;
1575
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1576 uint8_t *s0_bytes, *s1_bytes;
1577 size_t s0_len, s1_len;
1578
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1579 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1580 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1581
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1582 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1583 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1584
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1585 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1586}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1587
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1588static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1589 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1590 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1591
1592 // The wrapper BIOs are always equal when fds are equal, even if set
1593 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1594 if (rfd == wfd) {
1595 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1596 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1597}
1598
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1599TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1600 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1601 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1602
1603 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1604 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1605 ASSERT_TRUE(ssl);
1606 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1607 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1608 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1609
1610 // Test setting the same FD.
1611 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1612 ASSERT_TRUE(ssl);
1613 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1614 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1615
1616 // Test setting the same FD one side at a time.
1617 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1618 ASSERT_TRUE(ssl);
1619 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1620 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1621 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1622
1623 // Test setting the same FD in the other order.
1624 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1625 ASSERT_TRUE(ssl);
1626 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1627 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1628 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1629
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1630 // Test changing the read FD partway through.
1631 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1632 ASSERT_TRUE(ssl);
1633 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1634 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1635 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1636
1637 // Test changing the write FD partway through.
1638 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1639 ASSERT_TRUE(ssl);
1640 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1641 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1642 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1643
1644 // Test a no-op change to the read FD partway through.
1645 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1646 ASSERT_TRUE(ssl);
1647 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1648 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1649 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1650
1651 // Test a no-op change to the write FD partway through.
1652 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1653 ASSERT_TRUE(ssl);
1654 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1655 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1656 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1657
1658 // ASan builds will implicitly test that the internal |BIO| reference-counting
1659 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1660}
1661
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1662TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1663 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1664 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1665
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1666 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1667 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1668 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1669 ASSERT_TRUE(ssl);
1670 ASSERT_TRUE(bio1);
1671 ASSERT_TRUE(bio2);
1672 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1673
1674 // SSL_set_bio takes one reference when the parameters are the same.
1675 BIO_up_ref(bio1.get());
1676 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1677
1678 // Repeating the call does nothing.
1679 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1680
1681 // It takes one reference each when the parameters are different.
1682 BIO_up_ref(bio2.get());
1683 BIO_up_ref(bio3.get());
1684 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1685
1686 // Repeating the call does nothing.
1687 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1688
1689 // It takes one reference when changing only wbio.
1690 BIO_up_ref(bio1.get());
1691 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1692
1693 // It takes one reference when changing only rbio and the two are different.
1694 BIO_up_ref(bio3.get());
1695 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1696
1697 // If setting wbio to rbio, it takes no additional references.
1698 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1699
1700 // From there, wbio may be switched to something else.
1701 BIO_up_ref(bio1.get());
1702 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1703
1704 // If setting rbio to wbio, it takes no additional references.
1705 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1706
1707 // From there, rbio may be switched to something else, but, for historical
1708 // reasons, it takes a reference to both parameters.
1709 BIO_up_ref(bio1.get());
1710 BIO_up_ref(bio2.get());
1711 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1712
1713 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1714 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1715}
1716
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1717static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1718
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1719static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1720 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1721 bssl::UniquePtr<X509> cert = GetTestCertificate();
1722 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1723 if (!cert || !key) {
1724 return false;
1725 }
1726
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1727 // Configure both client and server to accept any certificate.
1728 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1729 if (!ctx ||
1730 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1731 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1732 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1733 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1734 return false;
1735 }
1736 SSL_CTX_set_verify(
1737 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1738 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1739
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1740 bssl::UniquePtr<SSL> client, server;
1741 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1742 nullptr /* no session */)) {
1743 return false;
1744 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1745
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1746 // Client and server should both see the leaf certificate.
1747 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1748 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1749 fprintf(stderr, "Server peer certificate did not match.\n");
1750 return false;
1751 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1752
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1753 peer.reset(SSL_get_peer_certificate(client.get()));
1754 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1755 fprintf(stderr, "Client peer certificate did not match.\n");
1756 return false;
1757 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1758
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1759 // However, for historical reasons, the chain includes the leaf on the
1760 // client, but does not on the server.
1761 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1762 fprintf(stderr, "Client peer chain was incorrect.\n");
1763 return false;
1764 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1765
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1766 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1767 fprintf(stderr, "Server peer chain was incorrect.\n");
1768 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1769 }
1770
1771 return true;
1772}
1773
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1774static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1775 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1776 bssl::UniquePtr<X509> cert = GetTestCertificate();
1777 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1778 if (!cert || !key) {
1779 return false;
1780 }
1781
1782 uint8_t *cert_der = NULL;
1783 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1784 if (cert_der_len < 0) {
1785 return false;
1786 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1787 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1788
1789 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1790 SHA256(cert_der, cert_der_len, cert_sha256);
1791
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1792 // Configure both client and server to accept any certificate, but the
1793 // server must retain only the SHA-256 of the peer.
1794 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1795 if (!ctx ||
1796 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1797 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1798 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1799 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1800 return false;
1801 }
1802 SSL_CTX_set_verify(
1803 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1804 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1805 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1806
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1807 bssl::UniquePtr<SSL> client, server;
1808 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1809 nullptr /* no session */)) {
1810 return false;
1811 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1812
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1813 // The peer certificate has been dropped.
1814 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1815 if (peer) {
1816 fprintf(stderr, "Peer certificate was retained.\n");
1817 return false;
1818 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1819
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1820 SSL_SESSION *session = SSL_get_session(server.get());
1821 if (!session->peer_sha256_valid) {
1822 fprintf(stderr, "peer_sha256_valid was not set.\n");
1823 return false;
1824 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1825
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1826 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1827 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1828 fprintf(stderr, "peer_sha256 did not match.\n");
1829 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1830 }
1831
1832 return true;
1833}
1834
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1835static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1836 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1837 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1838 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1839 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1840 // Our default cipher list varies by CPU capabilities, so manually place
1841 // the ChaCha20 ciphers in front.
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]1842 !SSL_CTX_set_strict_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1843 return false;
1844 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1845
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1846 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1847 if (!ssl) {
1848 return false;
1849 }
1850 std::vector<uint8_t> client_hello;
1851 if (!GetClientHello(ssl.get(), &client_hello)) {
1852 return false;
1853 }
1854
1855 // Zero the client_random.
1856 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1857 1 + 3 + // handshake message header
1858 2; // client_version
1859 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1860 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1861 return false;
1862 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1863 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1864
1865 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1866 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1867 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1868 fprintf(stderr, "Got:\n\t");
1869 for (size_t i = 0; i < client_hello.size(); i++) {
1870 fprintf(stderr, "0x%02x, ", client_hello[i]);
1871 }
1872 fprintf(stderr, "\nWanted:\n\t");
1873 for (size_t i = 0; i < expected_len; i++) {
1874 fprintf(stderr, "0x%02x, ", expected[i]);
1875 }
1876 fprintf(stderr, "\n");
1877 return false;
1878 }
1879
1880 return true;
1881}
1882
1883// Tests that our ClientHellos do not change unexpectedly.
1884static bool TestClientHello() {
1885 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1886 0x16,
1887 0x03, 0x00,
1888 0x00, 0x3f,
1889 0x01,
1890 0x00, 0x00, 0x3b,
1891 0x03, 0x00,
1892 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1893 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1894 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1895 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1896 0x00,
1897 0x00, 0x14,
1898 0xc0, 0x09,
1899 0xc0, 0x13,
1900 0x00, 0x33,
1901 0xc0, 0x0a,
1902 0xc0, 0x14,
1903 0x00, 0x39,
1904 0x00, 0x2f,
1905 0x00, 0x35,
1906 0x00, 0x0a,
1907 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1908 };
1909 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1910 sizeof(kSSL3ClientHello))) {
1911 return false;
1912 }
1913
1914 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1915 0x16,
1916 0x03, 0x01,
1917 0x00, 0x5e,
1918 0x01,
1919 0x00, 0x00, 0x5a,
1920 0x03, 0x01,
1921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1922 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1923 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1924 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1925 0x00,
1926 0x00, 0x12,
1927 0xc0, 0x09,
1928 0xc0, 0x13,
1929 0x00, 0x33,
1930 0xc0, 0x0a,
1931 0xc0, 0x14,
1932 0x00, 0x39,
1933 0x00, 0x2f,
1934 0x00, 0x35,
1935 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1936 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1937 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1938 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1939 };
1940 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1941 sizeof(kTLS1ClientHello))) {
1942 return false;
1943 }
1944
1945 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1946 0x16,
1947 0x03, 0x01,
1948 0x00, 0x5e,
1949 0x01,
1950 0x00, 0x00, 0x5a,
1951 0x03, 0x02,
1952 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1953 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1954 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1955 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1956 0x00,
1957 0x00, 0x12,
1958 0xc0, 0x09,
1959 0xc0, 0x13,
1960 0x00, 0x33,
1961 0xc0, 0x0a,
1962 0xc0, 0x14,
1963 0x00, 0x39,
1964 0x00, 0x2f,
1965 0x00, 0x35,
1966 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1967 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1968 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1969 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1970 };
1971 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1972 sizeof(kTLS11ClientHello))) {
1973 return false;
1974 }
1975
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1976 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1977 // builds.
1978#if defined(BORINGSSL_ANDROID_SYSTEM)
1979 return true;
1980#endif
1981
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1982 static const uint8_t kTLS12ClientHello[] = {
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1983 0x16, 0x03, 0x01, 0x00, 0x9a, 0x01, 0x00, 0x00, 0x96, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1984 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1985 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1986 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0xcc, 0xa9,
1987 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x2c, 0xc0, 0x30,
1988 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0x00, 0x33,
1989 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x28, 0x00, 0x39,
1990 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
1991 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
1992 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1993 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
1994 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
1995 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
1996 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1997 };
1998 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1999 sizeof(kTLS12ClientHello))) {
2000 return false;
2001 }
2002
2003 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
2004 // implementation has settled enough that it won't change.
2005
2006 return true;
2007}
2008
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2009static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2010
2011static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2012 // Save the most recent session.
2013 g_last_session.reset(session);
2014 return 1;
2015}
2016
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2017static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2018 SSL_CTX *server_ctx) {
2019 g_last_session = nullptr;
2020 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2021
2022 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2023 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2024 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2025 nullptr /* no session */)) {
2026 fprintf(stderr, "Failed to connect client and server.\n");
2027 return nullptr;
2028 }
2029
2030 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2031 SSL_read(client.get(), nullptr, 0);
2032
2033 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2034
2035 if (!g_last_session) {
2036 fprintf(stderr, "Client did not receive a session.\n");
2037 return nullptr;
2038 }
2039 return std::move(g_last_session);
2040}
2041
2042static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2043 SSL_SESSION *session,
2044 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2045 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2046 if (!ConnectClientAndServer(&client, &server, client_ctx,
2047 server_ctx, session)) {
2048 fprintf(stderr, "Failed to connect client and server.\n");
2049 return false;
2050 }
2051
2052 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2053 fprintf(stderr, "Client and server were inconsistent.\n");
2054 return false;
2055 }
2056
2057 bool was_reused = !!SSL_session_reused(client.get());
2058 if (was_reused != reused) {
2059 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
2060 was_reused ? "" : " not");
2061 return false;
2062 }
2063
2064 return true;
2065}
2066
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2067static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2068 SSL_CTX *server_ctx,
2069 SSL_SESSION *session) {
2070 g_last_session = nullptr;
2071 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2072
2073 bssl::UniquePtr<SSL> client, server;
2074 if (!ConnectClientAndServer(&client, &server, client_ctx,
2075 server_ctx, session)) {
2076 fprintf(stderr, "Failed to connect client and server.\n");
2077 return nullptr;
2078 }
2079
2080 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2081 fprintf(stderr, "Client and server were inconsistent.\n");
2082 return nullptr;
2083 }
2084
2085 if (!SSL_session_reused(client.get())) {
2086 fprintf(stderr, "Session was not reused.\n");
2087 return nullptr;
2088 }
2089
2090 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2091 SSL_read(client.get(), nullptr, 0);
2092
2093 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2094
2095 if (!g_last_session) {
2096 fprintf(stderr, "Client did not receive a renewed session.\n");
2097 return nullptr;
2098 }
2099 return std::move(g_last_session);
2100}
2101
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2102static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2103 static const uint8_t kContext[] = {3};
2104
2105 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2106 return SSL_TLSEXT_ERR_ALERT_FATAL;
2107 }
2108
2109 return SSL_TLSEXT_ERR_OK;
2110}
2111
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2112static int SwitchSessionIDContextEarly(const SSL_CLIENT_HELLO *client_hello) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2113 static const uint8_t kContext[] = {3};
2114
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2115 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2116 sizeof(kContext))) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2117 return -1;
2118 }
2119
2120 return 1;
2121}
2122
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2123static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2124 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2125 bssl::UniquePtr<X509> cert = GetTestCertificate();
2126 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2127 if (!cert || !key) {
2128 return false;
2129 }
2130
2131 static const uint8_t kContext1[] = {1};
2132 static const uint8_t kContext2[] = {2};
2133
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2134 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2135 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2136 if (!server_ctx || !client_ctx ||
2137 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2138 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2139 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2140 sizeof(kContext1)) ||
2141 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2142 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2143 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2144 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2145 return false;
2146 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2147
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2148 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2149 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2150
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2151 bssl::UniquePtr<SSL_SESSION> session =
2152 CreateClientSession(client_ctx.get(), server_ctx.get());
2153 if (!session) {
2154 fprintf(stderr, "Error getting session.\n");
2155 return false;
2156 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2157
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2158 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2159 true /* expect session reused */)) {
2160 fprintf(stderr, "Error resuming session.\n");
2161 return false;
2162 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2163
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2164 // Change the session ID context.
2165 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2166 sizeof(kContext2))) {
2167 return false;
2168 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2169
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2170 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2171 false /* expect session not reused */)) {
2172 fprintf(stderr, "Error connecting with a different context.\n");
2173 return false;
2174 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2175
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2176 // Change the session ID context back and install an SNI callback to switch
2177 // it.
2178 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2179 sizeof(kContext1))) {
2180 return false;
2181 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2182
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2183 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2184 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2185
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2186 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2187 false /* expect session not reused */)) {
2188 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2189 return false;
2190 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2191
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2192 // Switch the session ID context with the early callback instead.
2193 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2194 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2195 SwitchSessionIDContextEarly);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2196
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2197 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2198 false /* expect session not reused */)) {
2199 fprintf(stderr,
2200 "Error connecting with a context switch on early callback.\n");
2201 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2202 }
2203
2204 return true;
2205}
2206
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2207static timeval g_current_time;
2208
2209static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2210 *out_clock = g_current_time;
2211}
2212
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2213static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2214 out_clock->tv_sec = 1000;
2215 out_clock->tv_usec = 0;
2216}
2217
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2218static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2219 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2220 int encrypt) {
2221 static const uint8_t kZeros[16] = {0};
2222
2223 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2224 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2225 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2226 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2227 return 0;
2228 }
2229
2230 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2231 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2232 return -1;
2233 }
2234
2235 // Returning two from the callback in decrypt mode renews the
2236 // session in TLS 1.2 and below.
2237 return encrypt ? 1 : 2;
2238}
2239
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2240static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2241 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2242 return false;
2243 }
2244
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2245 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2246 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2247 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2248
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2249#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2250 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2251 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2252#else
2253 static const uint8_t kZeros[16] = {0};
2254 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2255 bssl::ScopedEVP_CIPHER_CTX ctx;
2256 int len1, len2;
2257 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2258 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2259 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2260 return false;
2261 }
2262
2263 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2264#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2265
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2266 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2267 if (!ssl_ctx) {
2268 return false;
2269 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2270 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2271 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2272 if (!server_session) {
2273 return false;
2274 }
2275
2276 *out = server_session->time;
2277 return true;
2278}
2279
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2280static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2281 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2282 bssl::UniquePtr<X509> cert = GetTestCertificate();
2283 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2284 if (!cert || !key) {
2285 return false;
2286 }
2287
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2288 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2289 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2290 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2291
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2292 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2293 // resumptions still perform ECDHE.
2294 const time_t timeout = version == TLS1_3_VERSION
2295 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2296 : SSL_DEFAULT_SESSION_TIMEOUT;
2297
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2298 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2299 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2300 if (!server_ctx || !client_ctx ||
2301 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2302 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2303 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2304 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2305 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2306 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2307 return false;
2308 }
2309
2310 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2311 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2312
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2313 // Both client and server must enforce session timeouts. We configure the
2314 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2315 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2316 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2317 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2318 } else {
2319 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2320 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2321 }
2322
2323 // Configure a ticket callback which renews tickets.
2324 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2325
2326 bssl::UniquePtr<SSL_SESSION> session =
2327 CreateClientSession(client_ctx.get(), server_ctx.get());
2328 if (!session) {
2329 fprintf(stderr, "Error getting session.\n");
2330 return false;
2331 }
2332
2333 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2334 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2335
2336 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2337 true /* expect session reused */)) {
2338 fprintf(stderr, "Error resuming session.\n");
2339 return false;
2340 }
2341
2342 // Advance the clock one more second.
2343 g_current_time.tv_sec++;
2344
2345 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2346 false /* expect session not reused */)) {
2347 fprintf(stderr, "Error resuming session.\n");
2348 return false;
2349 }
2350
2351 // Rewind the clock to before the session was minted.
2352 g_current_time.tv_sec = kStartTime - 1;
2353
2354 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2355 false /* expect session not reused */)) {
2356 fprintf(stderr, "Error resuming session.\n");
2357 return false;
2358 }
2359
2360 // SSL 3.0 cannot renew sessions.
2361 if (version == SSL3_VERSION) {
2362 continue;
2363 }
2364
2365 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2366 time_t new_start_time = kStartTime + timeout - 10;
2367 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2368 bssl::UniquePtr<SSL_SESSION> new_session =
2369 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2370 if (!new_session) {
2371 fprintf(stderr, "Error renewing session.\n");
2372 return false;
2373 }
2374
2375 // This new session is not the same object as before.
2376 if (session.get() == new_session.get()) {
2377 fprintf(stderr, "New and old sessions alias.\n");
2378 return false;
2379 }
2380
2381 // Check the sessions have timestamps measured from issuance.
2382 long session_time = 0;
2383 if (server_test) {
2384 if (!GetServerTicketTime(&session_time, new_session.get())) {
2385 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2386 return false;
2387 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2388 } else {
2389 session_time = new_session->time;
2390 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2391
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2392 if (session_time != g_current_time.tv_sec) {
2393 fprintf(stderr, "New session is not measured from issuance.\n");
2394 return false;
2395 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2396
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2397 if (version == TLS1_3_VERSION) {
2398 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2399 // lifetime TLS 1.3.
2400 g_current_time.tv_sec = new_start_time + timeout - 1;
2401 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2402 new_session.get(),
2403 true /* expect session reused */)) {
2404 fprintf(stderr, "Error resuming renewed session.\n");
2405 return false;
2406 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2407
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2408 // The new session expires after the new timeout.
2409 g_current_time.tv_sec = new_start_time + timeout + 1;
2410 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2411 new_session.get(),
2412 false /* expect session ot reused */)) {
2413 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2414 return false;
2415 }
2416
2417 // Renew the session until it begins just past the auth timeout.
2418 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2419 while (new_start_time < auth_end_time - 1000) {
2420 // Get as close as possible to target start time.
2421 new_start_time =
2422 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2423 g_current_time.tv_sec = new_start_time;
2424 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2425 new_session.get());
2426 if (!new_session) {
2427 fprintf(stderr, "Error renewing session.\n");
2428 return false;
2429 }
2430 }
2431
2432 // Now the session's lifetime is bound by the auth timeout.
2433 g_current_time.tv_sec = auth_end_time - 1;
2434 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2435 new_session.get(),
2436 true /* expect session reused */)) {
2437 fprintf(stderr, "Error resuming renewed session.\n");
2438 return false;
2439 }
2440
2441 g_current_time.tv_sec = auth_end_time + 1;
2442 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2443 new_session.get(),
2444 false /* expect session ot reused */)) {
2445 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2446 return false;
2447 }
2448 } else {
2449 // The new session is usable just before the old expiration.
2450 g_current_time.tv_sec = kStartTime + timeout - 1;
2451 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2452 new_session.get(),
2453 true /* expect session reused */)) {
2454 fprintf(stderr, "Error resuming renewed session.\n");
2455 return false;
2456 }
2457
2458 // Renewal does not extend the lifetime, so it is not usable beyond the
2459 // old expiration.
2460 g_current_time.tv_sec = kStartTime + timeout + 1;
2461 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2462 new_session.get(),
2463 false /* expect session not reused */)) {
2464 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2465 return false;
2466 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2467 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2468 }
2469
2470 return true;
2471}
2472
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2473static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2474 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2475 SSL_set_SSL_CTX(ssl, ctx);
2476 return SSL_TLSEXT_ERR_OK;
2477}
2478
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2479static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2480 uint16_t version) {
2481 // SSL 3.0 lacks extensions.
2482 if (version == SSL3_VERSION) {
2483 return true;
2484 }
2485
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2486 bssl::UniquePtr<X509> cert = GetTestCertificate();
2487 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2488 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2489 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2490 if (!cert || !key || !cert2 || !key2) {
2491 return false;
2492 }
2493
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2494 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2495 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2496
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2497 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2498 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2499
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2500 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2501 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2502 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2503 if (!server_ctx || !server_ctx2 || !client_ctx ||
2504 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2505 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2506 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2507 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2508 !SSL_CTX_set_signed_cert_timestamp_list(server_ctx2.get(), kSCTList,
2509 sizeof(kSCTList)) ||
2510 !SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2511 sizeof(kOCSPResponse)) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2512 // Historically signing preferences would be lost in some cases with the
2513 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2514 // this doesn't happen when |version| is TLS 1.2, configure the private
2515 // key to only sign SHA-256.
2516 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2517 1) ||
2518 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2519 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2520 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2521 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2522 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2523 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2524 return false;
2525 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2526
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2527 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2528 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2529
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2530 SSL_CTX_enable_signed_cert_timestamps(client_ctx.get());
2531 SSL_CTX_enable_ocsp_stapling(client_ctx.get());
2532
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2533 bssl::UniquePtr<SSL> client, server;
2534 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2535 server_ctx.get(), nullptr)) {
2536 fprintf(stderr, "Handshake failed.\n");
2537 return false;
2538 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2539
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2540 // The client should have received |cert2|.
2541 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2542 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2543 fprintf(stderr, "Incorrect certificate received.\n");
2544 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2545 }
2546
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2547 // The client should have received |server_ctx2|'s SCT list.
2548 const uint8_t *data;
2549 size_t len;
2550 SSL_get0_signed_cert_timestamp_list(client.get(), &data, &len);
2551 if (Bytes(kSCTList) != Bytes(data, len)) {
2552 fprintf(stderr, "Incorrect SCT list received.\n");
2553 return false;
2554 }
2555
2556 // The client should have received |server_ctx2|'s OCSP response.
2557 SSL_get0_ocsp_response(client.get(), &data, &len);
2558 if (Bytes(kOCSPResponse) != Bytes(data, len)) {
2559 fprintf(stderr, "Incorrect OCSP response received.\n");
2560 return false;
2561 }
2562
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2563 return true;
2564}
2565
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2566// Test that the early callback can swap the maximum version.
2567TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2568 bssl::UniquePtr<X509> cert = GetTestCertificate();
2569 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2570 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2571 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2572 ASSERT_TRUE(cert);
2573 ASSERT_TRUE(key);
2574 ASSERT_TRUE(server_ctx);
2575 ASSERT_TRUE(client_ctx);
2576 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2577 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2578 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2579 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2580
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2581 SSL_CTX_set_select_certificate_cb(
2582 server_ctx.get(), [](const SSL_CLIENT_HELLO *client_hello) -> int {
2583 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
2584 return -1;
2585 }
2586
2587 return 1;
2588 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2589
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2590 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2591 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2592 server_ctx.get(), nullptr));
2593 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2594}
2595
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2596TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2597 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2598 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2599
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2600 // Set valid TLS versions.
2601 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2602 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2603 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2604 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2605
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2606 // Invalid TLS versions are rejected.
2607 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2608 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2609 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2610 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2611 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2612 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2613
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2614 // Zero is the default version.
2615 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2616 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2617 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2618 EXPECT_EQ(SSL3_VERSION, ctx->min_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2619
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2620 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2621 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2622
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2623 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2624 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2625 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2626 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2627
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2628 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2629 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2630 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2631 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2632 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2633 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2634 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2635 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2636
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2637 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2638 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2639 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2640 EXPECT_EQ(TLS1_1_VERSION, ctx->min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2641}
2642
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2643static const char *GetVersionName(uint16_t version) {
2644 switch (version) {
2645 case SSL3_VERSION:
2646 return "SSLv3";
2647 case TLS1_VERSION:
2648 return "TLSv1";
2649 case TLS1_1_VERSION:
2650 return "TLSv1.1";
2651 case TLS1_2_VERSION:
2652 return "TLSv1.2";
2653 case TLS1_3_VERSION:
2654 return "TLSv1.3";
2655 case DTLS1_VERSION:
2656 return "DTLSv1";
2657 case DTLS1_2_VERSION:
2658 return "DTLSv1.2";
2659 default:
2660 return "???";
2661 }
2662}
2663
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2664static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2665 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2666 bssl::UniquePtr<X509> cert = GetTestCertificate();
2667 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2668 if (!cert || !key) {
2669 return false;
2670 }
2671
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2672 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2673 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2674 bssl::UniquePtr<SSL> client, server;
2675 if (!server_ctx || !client_ctx ||
2676 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2677 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2678 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2679 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2680 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2681 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2682 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2683 server_ctx.get(), nullptr /* no session */)) {
2684 fprintf(stderr, "Failed to connect.\n");
2685 return false;
2686 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2687
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2688 if (SSL_version(client.get()) != version ||
2689 SSL_version(server.get()) != version) {
2690 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2691 SSL_version(client.get()), SSL_version(server.get()), version);
2692 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2693 }
2694
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2695 // Test the version name is reported as expected.
2696 const char *version_name = GetVersionName(version);
2697 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2698 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2699 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2700 SSL_get_version(client.get()), SSL_get_version(server.get()),
2701 version_name);
2702 return false;
2703 }
2704
2705 // Test SSL_SESSION reports the same name.
2706 const char *client_name =
2707 SSL_SESSION_get_version(SSL_get_session(client.get()));
2708 const char *server_name =
2709 SSL_SESSION_get_version(SSL_get_session(server.get()));
2710 if (strcmp(version_name, client_name) != 0 ||
2711 strcmp(version_name, server_name) != 0) {
2712 fprintf(stderr,
2713 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2714 client_name, server_name, version_name);
2715 return false;
2716 }
2717
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2718 return true;
2719}
2720
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2721// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2722// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2723static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2724 uint16_t version) {
2725 // SSL 3.0 lacks extensions.
2726 if (version == SSL3_VERSION) {
2727 return true;
2728 }
2729
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2730 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2731
2732 bssl::UniquePtr<X509> cert = GetTestCertificate();
2733 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2734 if (!cert || !key) {
2735 return false;
2736 }
2737
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2738 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2739 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2740 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2741 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2742 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2743 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2744 0) {
2745 return false;
2746 }
2747
2748 // The ALPN callback does not fail the handshake on error, so have the
2749 // callback write a boolean.
2750 std::pair<uint16_t, bool> callback_state(version, false);
2751 SSL_CTX_set_alpn_select_cb(
2752 ctx.get(),
2753 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2754 unsigned in_len, void *arg) -> int {
2755 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2756 if (SSL_get_pending_cipher(ssl) != nullptr &&
2757 SSL_version(ssl) == state->first) {
2758 state->second = true;
2759 }
2760 return SSL_TLSEXT_ERR_NOACK;
2761 },
2762 &callback_state);
2763
2764 bssl::UniquePtr<SSL> client, server;
2765 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2766 nullptr /* no session */)) {
2767 return false;
2768 }
2769
2770 if (!callback_state.second) {
2771 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2772 return false;
2773 }
2774
2775 return true;
2776}
2777
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2778static bool TestSSLClearSessionResumption(bool is_dtls,
2779 const SSL_METHOD *method,
2780 uint16_t version) {
2781 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2782 // API pattern.
2783 if (version == TLS1_3_VERSION) {
2784 return true;
2785 }
2786
2787 bssl::UniquePtr<X509> cert = GetTestCertificate();
2788 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2789 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2790 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2791 if (!cert || !key || !server_ctx || !client_ctx ||
2792 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2793 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2794 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2795 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2796 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2797 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2798 return false;
2799 }
2800
2801 // Connect a client and a server.
2802 bssl::UniquePtr<SSL> client, server;
2803 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2804 server_ctx.get(), nullptr /* no session */)) {
2805 return false;
2806 }
2807
2808 if (SSL_session_reused(client.get()) ||
2809 SSL_session_reused(server.get())) {
2810 fprintf(stderr, "Session unexpectedly reused.\n");
2811 return false;
2812 }
2813
2814 // Reset everything.
2815 if (!SSL_clear(client.get()) ||
2816 !SSL_clear(server.get())) {
2817 fprintf(stderr, "SSL_clear failed.\n");
2818 return false;
2819 }
2820
2821 // Attempt to connect a second time.
2822 if (!CompleteHandshakes(client.get(), server.get())) {
2823 fprintf(stderr, "Could not reuse SSL objects.\n");
2824 return false;
2825 }
2826
2827 // |SSL_clear| should implicitly offer the previous session to the server.
2828 if (!SSL_session_reused(client.get()) ||
2829 !SSL_session_reused(server.get())) {
2830 fprintf(stderr, "Session was not reused in second try.\n");
2831 return false;
2832 }
2833
2834 return true;
2835}
2836
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2837static bool ChainsEqual(STACK_OF(X509) *chain,
2838 const std::vector<X509 *> &expected) {
2839 if (sk_X509_num(chain) != expected.size()) {
2840 return false;
2841 }
2842
2843 for (size_t i = 0; i < expected.size(); i++) {
2844 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2845 return false;
2846 }
2847 }
2848
2849 return true;
2850}
2851
2852static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2853 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2854 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2855 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2856 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2857 if (!cert || !intermediate || !key) {
2858 return false;
2859 }
2860
2861 // Configure both client and server to accept any certificate. Add
2862 // |intermediate| to the cert store.
2863 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2864 if (!ctx ||
2865 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2866 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2867 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2868 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2869 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2870 intermediate.get())) {
2871 return false;
2872 }
2873 SSL_CTX_set_verify(
2874 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2875 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2876
2877 // By default, the client and server should each only send the leaf.
2878 bssl::UniquePtr<SSL> client, server;
2879 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2880 nullptr /* no session */)) {
2881 return false;
2882 }
2883
2884 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2885 fprintf(stderr, "Client-received chain did not match.\n");
2886 return false;
2887 }
2888
2889 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2890 fprintf(stderr, "Server-received chain did not match.\n");
2891 return false;
2892 }
2893
2894 // If auto-chaining is enabled, then the intermediate is sent.
2895 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2896 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2897 nullptr /* no session */)) {
2898 return false;
2899 }
2900
2901 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2902 {cert.get(), intermediate.get()})) {
2903 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
2904 return false;
2905 }
2906
2907 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2908 {cert.get(), intermediate.get()})) {
2909 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
2910 return false;
2911 }
2912
2913 // Auto-chaining does not override explicitly-configured intermediates.
2914 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
2915 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2916 nullptr /* no session */)) {
2917 return false;
2918 }
2919
2920 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2921 {cert.get(), cert.get()})) {
2922 fprintf(stderr,
2923 "Client-received chain did not match (auto-chaining, explicit "
2924 "intermediate).\n");
2925 return false;
2926 }
2927
2928 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2929 {cert.get(), cert.get()})) {
2930 fprintf(stderr,
2931 "Server-received chain did not match (auto-chaining, explicit "
2932 "intermediate).\n");
2933 return false;
2934 }
2935
2936 return true;
2937}
2938
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2939static bool ExpectBadWriteRetry() {
2940 int err = ERR_get_error();
2941 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2942 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2943 char buf[ERR_ERROR_STRING_BUF_LEN];
2944 ERR_error_string_n(err, buf, sizeof(buf));
2945 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2946 return false;
2947 }
2948
2949 if (ERR_peek_error() != 0) {
2950 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2951 return false;
2952 }
2953
2954 return true;
2955}
2956
2957static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
2958 uint16_t version) {
2959 if (is_dtls) {
2960 return true;
2961 }
2962
2963 for (bool enable_partial_write : std::vector<bool>{false, true}) {
2964 // Connect a client and server.
2965 bssl::UniquePtr<X509> cert = GetTestCertificate();
2966 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2967 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2968 bssl::UniquePtr<SSL> client, server;
2969 if (!cert || !key || !ctx ||
2970 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2971 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2972 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2973 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2974 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2975 nullptr /* no session */)) {
2976 return false;
2977 }
2978
2979 if (enable_partial_write) {
2980 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
2981 }
2982
2983 // Write without reading until the buffer is full and we have an unfinished
2984 // write. Keep a count so we may reread it again later. "hello!" will be
2985 // written in two chunks, "hello" and "!".
2986 char data[] = "hello!";
2987 static const int kChunkLen = 5; // The length of "hello".
2988 unsigned count = 0;
2989 for (;;) {
2990 int ret = SSL_write(client.get(), data, kChunkLen);
2991 if (ret <= 0) {
2992 int err = SSL_get_error(client.get(), ret);
2993 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
2994 break;
2995 }
2996 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
2997 return false;
2998 }
2999
3000 if (ret != 5) {
3001 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
3002 return false;
3003 }
3004
3005 count++;
3006 }
3007
3008 // Retrying with the same parameters is legal.
3009 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
3010 SSL_ERROR_WANT_WRITE) {
3011 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3012 return false;
3013 }
3014
3015 // Retrying with the same buffer but shorter length is not legal.
3016 if (SSL_get_error(client.get(),
3017 SSL_write(client.get(), data, kChunkLen - 1)) !=
3018 SSL_ERROR_SSL ||
3019 !ExpectBadWriteRetry()) {
3020 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3021 return false;
3022 }
3023
3024 // Retrying with a different buffer pointer is not legal.
3025 char data2[] = "hello";
3026 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
3027 kChunkLen)) != SSL_ERROR_SSL ||
3028 !ExpectBadWriteRetry()) {
3029 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3030 return false;
3031 }
3032
3033 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
3034 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
3035 if (SSL_get_error(client.get(),
3036 SSL_write(client.get(), data2, kChunkLen)) !=
3037 SSL_ERROR_WANT_WRITE) {
3038 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3039 return false;
3040 }
3041
3042 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
3043 if (SSL_get_error(client.get(),
3044 SSL_write(client.get(), data2, kChunkLen - 1)) !=
3045 SSL_ERROR_SSL ||
3046 !ExpectBadWriteRetry()) {
3047 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3048 return false;
3049 }
3050
3051 // Retrying with a larger buffer is legal.
3052 if (SSL_get_error(client.get(),
3053 SSL_write(client.get(), data, kChunkLen + 1)) !=
3054 SSL_ERROR_WANT_WRITE) {
3055 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3056 return false;
3057 }
3058
3059 // Drain the buffer.
3060 char buf[20];
3061 for (unsigned i = 0; i < count; i++) {
3062 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3063 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
3064 fprintf(stderr, "Failed to read initial records.\n");
3065 return false;
3066 }
3067 }
3068
3069 // Now that there is space, a retry with a larger buffer should flush the
3070 // pending record, skip over that many bytes of input (on assumption they
3071 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
3072 // is set, this will complete in two steps.
3073 char data3[] = "_____!";
3074 if (enable_partial_write) {
3075 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
3076 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
3077 fprintf(stderr, "SSL_write retry failed.\n");
3078 return false;
3079 }
3080 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3081 fprintf(stderr, "SSL_write retry failed.\n");
3082 return false;
3083 }
3084
3085 // Check the last write was correct. The data will be spread over two
3086 // records, so SSL_read returns twice.
3087 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3088 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3089 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3090 buf[0] != '!') {
3091 fprintf(stderr, "Failed to read write retry.\n");
3092 return false;
3093 }
3094 }
3095
3096 return true;
3097}
3098
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3099static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3100 const SSL_METHOD *method,
3101 uint16_t version)) {
3102 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]3103 SSL3_VERSION,
3104 TLS1_VERSION,
3105 TLS1_1_VERSION,
3106 TLS1_2_VERSION,
3107// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3108#if !defined(BORINGSSL_ANDROID_SYSTEM)
3109 TLS1_3_VERSION,
3110#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3111 };
3112
3113 static uint16_t kDTLSVersions[] = {
3114 DTLS1_VERSION, DTLS1_2_VERSION,
3115 };
3116
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3117 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3118 if (!test_func(false, TLS_method(), version)) {
3119 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3120 return false;
3121 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3122 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3123
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3124 for (uint16_t version : kDTLSVersions) {
3125 if (!test_func(true, DTLS_method(), version)) {
3126 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3127 return false;
3128 }
3129 }
3130
3131 return true;
3132}
3133
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3134TEST(SSLTest, AddChainCertHack) {
3135 // Ensure that we don't accidently break the hack that we have in place to
3136 // keep curl and serf happy when they use an |X509| even after transfering
3137 // ownership.
3138
3139 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3140 ASSERT_TRUE(ctx);
3141 X509 *cert = GetTestCertificate().release();
3142 ASSERT_TRUE(cert);
3143 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3144
3145 // This should not trigger a use-after-free.
3146 X509_cmp(cert, cert);
3147}
3148
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3149TEST(SSLTest, GetCertificate) {
3150 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3151 ASSERT_TRUE(ctx);
3152 bssl::UniquePtr<X509> cert = GetTestCertificate();
3153 ASSERT_TRUE(cert);
3154 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3155 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3156 ASSERT_TRUE(ssl);
3157
3158 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3159 ASSERT_TRUE(cert2);
3160 X509 *cert3 = SSL_get_certificate(ssl.get());
3161 ASSERT_TRUE(cert3);
3162
3163 // The old and new certificates must be identical.
3164 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3165 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3166
3167 uint8_t *der = nullptr;
3168 long der_len = i2d_X509(cert.get(), &der);
3169 ASSERT_LT(0, der_len);
3170 bssl::UniquePtr<uint8_t> free_der(der);
3171
3172 uint8_t *der2 = nullptr;
3173 long der2_len = i2d_X509(cert2, &der2);
3174 ASSERT_LT(0, der2_len);
3175 bssl::UniquePtr<uint8_t> free_der2(der2);
3176
3177 uint8_t *der3 = nullptr;
3178 long der3_len = i2d_X509(cert3, &der3);
3179 ASSERT_LT(0, der3_len);
3180 bssl::UniquePtr<uint8_t> free_der3(der3);
3181
3182 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3183 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3184 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3185}
3186
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3187TEST(SSLTest, SetChainAndKeyMismatch) {
3188 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3189 ASSERT_TRUE(ctx);
3190
3191 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3192 ASSERT_TRUE(key);
3193 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3194 ASSERT_TRUE(leaf);
3195 std::vector<CRYPTO_BUFFER*> chain = {
3196 leaf.get(),
3197 };
3198
3199 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3200 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3201 key.get(), nullptr));
3202 ERR_clear_error();
3203}
3204
3205TEST(SSLTest, SetChainAndKey) {
3206 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3207 ASSERT_TRUE(client_ctx);
3208 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3209 ASSERT_TRUE(server_ctx);
3210
3211 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3212 ASSERT_TRUE(key);
3213 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3214 ASSERT_TRUE(leaf);
3215 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3216 GetChainTestIntermediateBuffer();
3217 ASSERT_TRUE(intermediate);
3218 std::vector<CRYPTO_BUFFER*> chain = {
3219 leaf.get(), intermediate.get(),
3220 };
3221 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3222 chain.size(), key.get(), nullptr));
3223
3224 SSL_CTX_i_promise_to_verify_certs_after_the_handshake(client_ctx.get());
3225
3226 bssl::UniquePtr<SSL> client, server;
3227 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3228 server_ctx.get(),
3229 nullptr /* no session */));
3230}
3231
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame^]3232// Configuring the empty cipher list, though an error, should still modify the
3233// configuration.
3234TEST(SSLTest, EmptyCipherList) {
3235 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3236 ASSERT_TRUE(ctx);
3237
3238 // Initially, the cipher list is not empty.
3239 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3240
3241 // Configuring the empty cipher list fails.
3242 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3243 ERR_clear_error();
3244
3245 // But the cipher list is still updated to empty.
3246 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3247}
3248
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3249// TODO(davidben): Convert this file to GTest properly.
3250TEST(SSLTest, AllTests) {
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3251 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]3252 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3253 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
3254 !TestSSL_SESSIONEncoding(kCustomSession) ||
3255 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3256 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3257 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3258 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]3259 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3260 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
3261 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
3262 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
3263 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
3264 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
3265 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
3266 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
3267 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
3268 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3269 // Test the padding extension at TLS 1.2.
3270 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3271 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3272 // will be no PSK binder after the padding extension.
3273 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3274 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3275 // will be a PSK binder after the padding extension.
3276 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3277 !TestInternalSessionCache() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3278 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3279 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3280 !ForEachVersion(TestGetPeerCertificate) ||
3281 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3282 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3283 !ForEachVersion(TestSessionIDContext) ||
3284 !ForEachVersion(TestSessionTimeout) ||
3285 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3286 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3287 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3288 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3289 !ForEachVersion(TestAutoChain) ||
3290 !ForEachVersion(TestSSLWriteRetry)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3291 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3292 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3293}