Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 96a16cd10e6aaef11be08d8cd2559b1f6212b00e / . / ssl / ssl_test.cc
blob: 4c4f6d97f25e9437db3ff628f231296a0d230d19 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]24#include <openssl/base64.h>
25#include <openssl/bio.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]26#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]27#include <openssl/err.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]28#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]29#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/ssl.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]31#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]32
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]33#include "internal.h"
Adam Langleyd2b5af52016-07-12 08:03:59 -0700[diff] [blame]34#include "test/scoped_types.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]35#include "../crypto/test/test_util.h"
36
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]37#if defined(OPENSSL_WINDOWS)
38/* Windows defines struct timeval in winsock2.h. */
39OPENSSL_MSVC_PRAGMA(warning(push, 3))
40#include <winsock2.h>
41OPENSSL_MSVC_PRAGMA(warning(pop))
42#else
43#include <sys/time.h>
44#endif
45
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]46
47struct ExpectedCipher {
48 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]49 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]50};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]51
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]52struct CipherTest {
53 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]55 // The list of expected ciphers, in order.
56 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]58
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]59static const CipherTest kCipherTests[] = {
60 // Selecting individual ciphers should work.
61 {
62 "ECDHE-ECDSA-CHACHA20-POLY1305:"
63 "ECDHE-RSA-CHACHA20-POLY1305:"
64 "ECDHE-ECDSA-AES128-GCM-SHA256:"
65 "ECDHE-RSA-AES128-GCM-SHA256",
66 {
67 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
68 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
69 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
70 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
71 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
72 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
73 },
74 },
75 // + reorders selected ciphers to the end, keeping their relative order.
76 {
77 "ECDHE-ECDSA-CHACHA20-POLY1305:"
78 "ECDHE-RSA-CHACHA20-POLY1305:"
79 "ECDHE-ECDSA-AES128-GCM-SHA256:"
80 "ECDHE-RSA-AES128-GCM-SHA256:"
81 "+aRSA",
82 {
83 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
84 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
85 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
86 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
87 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
88 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
89 },
90 },
91 // ! banishes ciphers from future selections.
92 {
93 "!aRSA:"
94 "ECDHE-ECDSA-CHACHA20-POLY1305:"
95 "ECDHE-RSA-CHACHA20-POLY1305:"
96 "ECDHE-ECDSA-AES128-GCM-SHA256:"
97 "ECDHE-RSA-AES128-GCM-SHA256",
98 {
99 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
100 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
101 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
102 },
103 },
104 // Multiple masks can be ANDed in a single rule.
105 {
106 "kRSA+AESGCM+AES128",
107 {
108 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
109 },
110 },
111 // - removes selected ciphers, but preserves their order for future
112 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
113 // ECDHE_RSA.
114 {
115 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
116 "AESGCM+AES128+aRSA",
117 {
118 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
119 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
120 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
122 },
123 // Unknown selectors are no-ops.
124 {
125 "ECDHE-ECDSA-CHACHA20-POLY1305:"
126 "ECDHE-RSA-CHACHA20-POLY1305:"
127 "ECDHE-ECDSA-AES128-GCM-SHA256:"
128 "ECDHE-RSA-AES128-GCM-SHA256:"
129 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
130 {
131 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
132 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
133 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
134 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
135 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
136 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
137 },
138 },
139 // Square brackets specify equi-preference groups.
140 {
141 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
142 "[ECDHE-RSA-CHACHA20-POLY1305]:"
143 "ECDHE-RSA-AES128-GCM-SHA256",
144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
146 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1},
147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1},
149 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
150 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
151 },
152 },
153 // @STRENGTH performs a stable strength-sort of the selected ciphers and
154 // only the selected ciphers.
155 {
156 // To simplify things, banish all but {ECDHE_RSA,RSA} x
157 // {CHACHA20,AES_256_CBC,AES_128_CBC,RC4} x SHA1.
158 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
159 // Order some ciphers backwards by strength.
160 "ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:"
161 // Select ECDHE ones and sort them by strength. Ties should resolve
162 // based on the order above.
163 "kECDHE:@STRENGTH:-ALL:"
164 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
165 // by strength. Then RSA, backwards by strength.
166 "aRSA",
167 {
168 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
169 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
170 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
171 {TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0},
172 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
173 {SSL3_CK_RSA_RC4_128_SHA, 0},
174 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
175 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
176 },
177 },
178 // Exact ciphers may not be used in multi-part rules; they are treated
179 // as unknown aliases.
180 {
181 "ECDHE-ECDSA-AES128-GCM-SHA256:"
182 "ECDHE-RSA-AES128-GCM-SHA256:"
183 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
184 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
185 {
186 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
187 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
188 },
189 },
190 // SSLv3 matches everything that existed before TLS 1.2.
191 {
192 "AES128-SHA:AES128-SHA256:!SSLv3",
193 {
194 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
195 },
196 },
197 // TLSv1.2 matches everything added in TLS 1.2.
198 {
199 "AES128-SHA:AES128-SHA256:!TLSv1.2",
200 {
201 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
202 },
203 },
204 // The two directives have no intersection.
205 {
206 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
207 {
208 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
209 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
210 },
211 },
212 // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher
213 // name and not an alias. It may not be used in a multipart rule. (That the
214 // shared name works is covered by the standard tests.)
215 {
216 "ECDHE-ECDSA-CHACHA20-POLY1305:"
217 "ECDHE-RSA-CHACHA20-POLY1305:"
218 "!ECDHE-RSA-CHACHA20-POLY1305+RSA:"
219 "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305",
220 {
221 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
222 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
223 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
224 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
225 },
226 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]227};
228
229static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]230 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]231 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
232 "RSA]",
233 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]234 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]235 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]236 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]237 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]238 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]239 "",
240 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]241 // COMPLEMENTOFDEFAULT is empty.
242 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]243 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]244 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]245 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]246 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
247 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
248 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
249 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]250};
251
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]252static const char *kMustNotIncludeNull[] = {
253 "ALL",
254 "DEFAULT",
255 "ALL:!eNULL",
256 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]257 "MEDIUM",
258 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]259 "FIPS",
260 "SHA",
261 "SHA1",
262 "RSA",
263 "SSLv3",
264 "TLSv1",
265 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]266};
267
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]268static const char *kMustNotIncludeCECPQ1[] = {
269 "ALL",
270 "DEFAULT",
271 "MEDIUM",
272 "HIGH",
273 "FIPS",
274 "SHA",
275 "SHA1",
276 "SHA256",
277 "SHA384",
278 "RSA",
279 "SSLv3",
280 "TLSv1",
281 "TLSv1.2",
282 "aRSA",
283 "RSA",
284 "aECDSA",
285 "ECDSA",
286 "AES",
287 "AES128",
288 "AES256",
289 "AESGCM",
290 "CHACHA20",
291};
292
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]293static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
294 bool in_group = false;
295 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]296 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
297 if (!in_group && list->in_group_flags[i]) {
298 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]299 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]300 }
301 fprintf(stderr, "\t");
302 if (in_group) {
303 fprintf(stderr, " ");
304 }
305 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
306 if (in_group && !list->in_group_flags[i]) {
307 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]308 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]309 }
310 }
311}
312
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]313static bool TestCipherRule(const CipherTest &t) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]314 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
315 if (!ctx) {
316 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]317 }
318
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]319 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
320 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]321 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]322 }
323
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]324 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]325 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
326 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
327 PrintCipherPreferenceList(ctx->cipher_list);
328 return false;
329 }
330
331 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]332 const SSL_CIPHER *cipher =
333 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]334 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
335 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
336 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]337 PrintCipherPreferenceList(ctx->cipher_list);
338 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]339 }
340 }
341
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]342 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]343}
344
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]345static bool TestRuleDoesNotIncludeNull(const char *rule) {
346 ScopedSSL_CTX ctx(SSL_CTX_new(SSLv23_server_method()));
347 if (!ctx) {
348 return false;
349 }
350 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
351 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
352 return false;
353 }
354 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
355 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
356 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
357 return false;
358 }
359 }
360 return true;
361}
362
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]363static bool TestRuleDoesNotIncludeCECPQ1(const char *rule) {
364 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
365 if (!ctx) {
366 return false;
367 }
368 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
369 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
370 return false;
371 }
372 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
373 if (SSL_CIPHER_is_CECPQ1(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
374 fprintf(stderr, "Error: cipher rule '%s' includes CECPQ1\n",rule);
375 return false;
376 }
377 }
378 return true;
379}
380
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]381static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]382 for (const CipherTest &test : kCipherTests) {
383 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]384 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]385 }
386 }
387
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]388 for (const char *rule : kBadRules) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]389 ScopedSSL_CTX ctx(SSL_CTX_new(SSLv23_server_method()));
390 if (!ctx) {
391 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]392 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]393 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
394 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]395 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]396 }
397 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]398 }
399
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]400 for (const char *rule : kMustNotIncludeNull) {
401 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]402 return false;
403 }
404 }
405
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]406 for (const char *rule : kMustNotIncludeCECPQ1) {
407 if (!TestRuleDoesNotIncludeCECPQ1(rule)) {
408 return false;
409 }
410 }
411
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]412 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]413}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]414
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]415// kOpenSSLSession is a serialized SSL_SESSION generated from openssl
416// s_client -sess_out.
417static const char kOpenSSLSession[] =
418 "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
419 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
420 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
421 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
422 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
423 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
424 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
425 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
426 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
427 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
428 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
429 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
430 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
431 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
432 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
433 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
434 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
435 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
436 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
437 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
438 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
439 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
440 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
441 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
442 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
443 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
444 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
445 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
446 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
447 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
448 "i4gv7Y5oliyn";
449
450// kCustomSession is a custom serialized SSL_SESSION generated by
451// filling in missing fields from |kOpenSSLSession|. This includes
452// providing |peer_sha256|, so |peer| is not serialized.
453static const char kCustomSession[] =
454 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
455 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
456 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
457 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
458 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
459 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
460 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
461 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
462
463// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
464static const char kBoringSSLSession[] =
465 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
466 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
467 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
468 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
469 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
470 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
471 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
472 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
473 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
474 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
475 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
476 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
477 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
478 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
479 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
480 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
481 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
482 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
483 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
484 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
485 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
486 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
487 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
488 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
489 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
490 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
491 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
492 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
493 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
494 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
495 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
496 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
497 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
498 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
499 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
500 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
501 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
502 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
503 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
504 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
505 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
506 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
507 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
508 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
509 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
510 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
511 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
512 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
513 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
514 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
515 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
516 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
517 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
518 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
519 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
520 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
521 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
522 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
523 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
524 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
525 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
526 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
527 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
528 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
529 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
530 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
531 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
532 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
533 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
534 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
535 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
536 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
537 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
538 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
539 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
540 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
541 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
542 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
543 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
544 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
545 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
546 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
547 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
548 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
549 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
550 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
551 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
552 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
553 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
554 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
555 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
556 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
557 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
558 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
559 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
560
561// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
562// the final (optional) element of |kCustomSession| with tag number 30.
563static const char kBadSessionExtraField[] =
564 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
565 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
566 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
567 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
568 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
569 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
570 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
571 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
572
573// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
574// the version of |kCustomSession| with 2.
575static const char kBadSessionVersion[] =
576 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
577 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
578 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
579 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
580 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
581 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
582 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
583 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
584
585// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
586// appended.
587static const char kBadSessionTrailingData[] =
588 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
589 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
590 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
591 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
592 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
593 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
594 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
595 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
596
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]597static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]598 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]599 if (!EVP_DecodedLength(&len, strlen(in))) {
600 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]601 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]602 }
603
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]604 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]605 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]606 strlen(in))) {
607 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]608 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]609 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]610 out->resize(len);
611 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]612}
613
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]614static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]615 const uint8_t *cptr;
616 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]617
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]618 // Decode the input.
619 std::vector<uint8_t> input;
620 if (!DecodeBase64(&input, input_b64)) {
621 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]622 }
623
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]624 // Verify the SSL_SESSION decodes.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]625 ScopedSSL_SESSION session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]626 if (!session) {
627 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]628 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]629 }
630
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]631 // Verify the SSL_SESSION encoding round-trips.
632 size_t encoded_len;
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]633 ScopedOpenSSLBytes encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]634 uint8_t *encoded_raw;
635 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]636 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]637 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]638 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]639 encoded.reset(encoded_raw);
640 if (encoded_len != input.size() ||
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]641 memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]642 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]643 hexdump(stderr, "Before: ", input.data(), input.size());
644 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]645 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]646 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]647
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]648 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]649 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]650 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]651 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]652 fprintf(stderr, "d2i_SSL_SESSION failed\n");
653 return false;
654 }
655
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]656 // Verify the SSL_SESSION encoding round-trips via the legacy API.
657 int len = i2d_SSL_SESSION(session.get(), NULL);
658 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]659 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]660 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]661 }
662
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]663 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
664 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]665 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]666 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]667 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]668
669 ptr = encoded.get();
670 len = i2d_SSL_SESSION(session.get(), &ptr);
671 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]672 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]673 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]674 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]675 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]676 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]677 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]678 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]679 if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]680 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 }
683
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]684 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]685}
686
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]687static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
688 std::vector<uint8_t> input;
689 if (!DecodeBase64(&input, input_b64)) {
690 return false;
691 }
692
693 // Verify that the SSL_SESSION fails to decode.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]694 ScopedSSL_SESSION session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]695 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]696 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]697 return false;
698 }
699 ERR_clear_error();
700 return true;
701}
702
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]703static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]704 const SSL_METHOD *(*method)(void)) {
705 ScopedSSL_CTX ctx(SSL_CTX_new(method()));
706 if (!ctx) {
707 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]708 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]709 if (ctx->min_version != min_version || ctx->max_version != max_version) {
710 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
711 ctx->min_version, ctx->max_version, min_version, max_version);
712 return false;
713 }
714 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]715}
716
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]717static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]718 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
719 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]720 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]721 }
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]722 ScopedOpenSSLString rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]723 if (!rfc_name) {
724 return false;
725 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]726 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]727 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]728}
729
730typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]731 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]732 const char *rfc_name;
733} CIPHER_RFC_NAME_TEST;
734
735static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]736 { SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
737 { SSL3_CK_RSA_RC4_128_MD5, "TLS_RSA_WITH_RC4_MD5" },
738 { TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA" },
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]739 { TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
740 { TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
741 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" },
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]742 { TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
743 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" },
744 { TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
745 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" },
746 { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
747 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" },
748 { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
749 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" },
750 { TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
751 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" },
752 { TLS1_CK_PSK_WITH_RC4_128_SHA, "TLS_PSK_WITH_RC4_SHA" },
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]753 { TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
754 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" },
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]755 { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
756 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]757 // These names are non-standard:
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]758 { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]759 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]760 { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]761 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" },
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]762};
763
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]764static bool TestCipherGetRFCName(void) {
765 for (size_t i = 0;
766 i < sizeof(kCipherRFCNameTests) / sizeof(kCipherRFCNameTests[0]); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]767 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 std::string rfc_name;
769 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
770 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
771 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]772 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]773 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]774 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]775 rfc_name.c_str(), test->rfc_name);
776 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]777 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]778 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]779 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]780}
781
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]782// CreateSessionWithTicket returns a sample |SSL_SESSION| with the ticket
783// replaced for one of length |ticket_len| or nullptr on failure.
784static ScopedSSL_SESSION CreateSessionWithTicket(size_t ticket_len) {
785 std::vector<uint8_t> der;
786 if (!DecodeBase64(&der, kOpenSSLSession)) {
787 return nullptr;
788 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]789 ScopedSSL_SESSION session(SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]790 if (!session) {
791 return nullptr;
792 }
793
794 // Swap out the ticket for a garbage one.
795 OPENSSL_free(session->tlsext_tick);
796 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
797 if (session->tlsext_tick == nullptr) {
798 return nullptr;
799 }
800 memset(session->tlsext_tick, 'a', ticket_len);
801 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]802
803 // Fix up the timeout.
804 session->time = time(NULL);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]805 return session;
806}
807
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]808static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
809 ScopedBIO bio(BIO_new(BIO_s_mem()));
810 if (!bio) {
811 return false;
812 }
813 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame^]814 BIO_up_ref(bio.get());
815 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]816 int ret = SSL_connect(ssl);
817 if (ret > 0) {
818 // SSL_connect should fail without a BIO to write to.
819 return false;
820 }
821 ERR_clear_error();
822
823 const uint8_t *client_hello;
824 size_t client_hello_len;
825 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
826 return false;
827 }
828 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
829 return true;
830}
831
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]832// GetClientHelloLen creates a client SSL connection with a ticket of length
833// |ticket_len| and records the ClientHello. It returns the length of the
834// ClientHello, not including the record header, on success and zero on error.
835static size_t GetClientHelloLen(size_t ticket_len) {
836 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
837 ScopedSSL_SESSION session = CreateSessionWithTicket(ticket_len);
838 if (!ctx || !session) {
839 return 0;
840 }
841 ScopedSSL ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]842 if (!ssl || !SSL_set_session(ssl.get(), session.get())) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]843 return 0;
844 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]845 std::vector<uint8_t> client_hello;
846 if (!GetClientHello(ssl.get(), &client_hello) ||
847 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]848 return 0;
849 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]850 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]851}
852
853struct PaddingTest {
854 size_t input_len, padded_len;
855};
856
857static const PaddingTest kPaddingTests[] = {
858 // ClientHellos of length below 0x100 do not require padding.
859 {0xfe, 0xfe},
860 {0xff, 0xff},
861 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
862 {0x100, 0x200},
863 {0x123, 0x200},
864 {0x1fb, 0x200},
865 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
866 // padding extension takes a minimum of four bytes plus one required content
867 // byte. (To work around yet more server bugs, we avoid empty final
868 // extensions.)
869 {0x1fc, 0x201},
870 {0x1fd, 0x202},
871 {0x1fe, 0x203},
872 {0x1ff, 0x204},
873 // Finally, larger ClientHellos need no padding.
874 {0x200, 0x200},
875 {0x201, 0x201},
876};
877
878static bool TestPaddingExtension() {
879 // Sample a baseline length.
880 size_t base_len = GetClientHelloLen(1);
881 if (base_len == 0) {
882 return false;
883 }
884
885 for (const PaddingTest &test : kPaddingTests) {
886 if (base_len > test.input_len) {
887 fprintf(stderr, "Baseline ClientHello too long.\n");
888 return false;
889 }
890
891 size_t padded_len = GetClientHelloLen(1 + test.input_len - base_len);
892 if (padded_len != test.padded_len) {
893 fprintf(stderr, "%u-byte ClientHello padded to %u bytes, not %u.\n",
894 static_cast<unsigned>(test.input_len),
895 static_cast<unsigned>(padded_len),
896 static_cast<unsigned>(test.padded_len));
897 return false;
898 }
899 }
900 return true;
901}
902
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]903// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
904// before configuring as a server.
905static bool TestClientCAList() {
906 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
907 if (!ctx) {
908 return false;
909 }
910 ScopedSSL ssl(SSL_new(ctx.get()));
911 if (!ssl) {
912 return false;
913 }
914
915 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
916 if (stack == nullptr) {
917 return false;
918 }
919 // |SSL_set_client_CA_list| takes ownership.
920 SSL_set_client_CA_list(ssl.get(), stack);
921
922 return SSL_get_client_CA_list(ssl.get()) == stack;
923}
924
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]925static void AppendSession(SSL_SESSION *session, void *arg) {
926 std::vector<SSL_SESSION*> *out =
927 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
928 out->push_back(session);
929}
930
931// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
932// order.
933static bool ExpectCache(SSL_CTX *ctx,
934 const std::vector<SSL_SESSION*> &expected) {
935 // Check the linked list.
936 SSL_SESSION *ptr = ctx->session_cache_head;
937 for (SSL_SESSION *session : expected) {
938 if (ptr != session) {
939 return false;
940 }
941 // TODO(davidben): This is an absurd way to denote the end of the list.
942 if (ptr->next ==
943 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
944 ptr = nullptr;
945 } else {
946 ptr = ptr->next;
947 }
948 }
949 if (ptr != nullptr) {
950 return false;
951 }
952
953 // Check the hash table.
954 std::vector<SSL_SESSION*> actual, expected_copy;
955 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
956 expected_copy = expected;
957
958 std::sort(actual.begin(), actual.end());
959 std::sort(expected_copy.begin(), expected_copy.end());
960
961 return actual == expected_copy;
962}
963
964static ScopedSSL_SESSION CreateTestSession(uint32_t number) {
965 ScopedSSL_SESSION ret(SSL_SESSION_new());
966 if (!ret) {
967 return nullptr;
968 }
969
970 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
971 memset(ret->session_id, 0, ret->session_id_length);
972 memcpy(ret->session_id, &number, sizeof(number));
973 return ret;
974}
975
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]976// Test that the internal session cache behaves as expected.
977static bool TestInternalSessionCache() {
978 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
979 if (!ctx) {
980 return false;
981 }
982
983 // Prepare 10 test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]984 std::vector<ScopedSSL_SESSION> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]985 for (int i = 0; i < 10; i++) {
986 ScopedSSL_SESSION session = CreateTestSession(i);
987 if (!session) {
988 return false;
989 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]990 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]991 }
992
993 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
994
995 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]996 for (const auto &session : sessions) {
997 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]998 return false;
999 }
1000 }
1001
1002 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1003 std::vector<SSL_SESSION*> expected = {
1004 sessions[9].get(),
1005 sessions[8].get(),
1006 sessions[7].get(),
1007 sessions[6].get(),
1008 sessions[5].get(),
1009 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1010 if (!ExpectCache(ctx.get(), expected)) {
1011 return false;
1012 }
1013
1014 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1015 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1016 !ExpectCache(ctx.get(), expected)) {
1017 return false;
1018 }
1019
1020 // Although collisions should be impossible (256-bit session IDs), the cache
1021 // must handle them gracefully.
1022 ScopedSSL_SESSION collision(CreateTestSession(7));
1023 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1024 return false;
1025 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1026 expected = {
1027 collision.get(),
1028 sessions[9].get(),
1029 sessions[8].get(),
1030 sessions[6].get(),
1031 sessions[5].get(),
1032 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1033 if (!ExpectCache(ctx.get(), expected)) {
1034 return false;
1035 }
1036
1037 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1038 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1039 return false;
1040 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1041 expected = {
1042 collision.get(),
1043 sessions[9].get(),
1044 sessions[8].get(),
1045 sessions[5].get(),
1046 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1047 if (!ExpectCache(ctx.get(), expected)) {
1048 return false;
1049 }
1050
1051 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1052 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1053 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1054 !ExpectCache(ctx.get(), expected)) {
1055 return false;
1056 }
1057
1058 return true;
1059}
1060
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1061static uint16_t EpochFromSequence(uint64_t seq) {
1062 return static_cast<uint16_t>(seq >> 48);
1063}
1064
1065static ScopedX509 GetTestCertificate() {
1066 static const char kCertPEM[] =
1067 "-----BEGIN CERTIFICATE-----\n"
1068 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1069 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1070 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1071 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1072 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1073 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1074 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1075 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1076 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1077 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1078 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1079 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1080 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1081 "-----END CERTIFICATE-----\n";
Steven Valdezd8eea142016-02-24 14:00:22 -0500[diff] [blame]1082 ScopedBIO bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1083 return ScopedX509(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1084}
1085
1086static ScopedEVP_PKEY GetTestKey() {
1087 static const char kKeyPEM[] =
1088 "-----BEGIN RSA PRIVATE KEY-----\n"
1089 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1090 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1091 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1092 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1093 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1094 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1095 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1096 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1097 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1098 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1099 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1100 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1101 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1102 "-----END RSA PRIVATE KEY-----\n";
Steven Valdezd8eea142016-02-24 14:00:22 -0500[diff] [blame]1103 ScopedBIO bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1104 return ScopedEVP_PKEY(
1105 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1106}
1107
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1108static bool ConnectClientAndServer(ScopedSSL *out_client, ScopedSSL *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1109 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1110 SSL_SESSION *session) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1111 ScopedSSL client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1112 if (!client || !server) {
1113 return false;
1114 }
1115 SSL_set_connect_state(client.get());
1116 SSL_set_accept_state(server.get());
1117
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1118 SSL_set_session(client.get(), session);
1119
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1120 BIO *bio1, *bio2;
1121 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1122 return false;
1123 }
1124 // SSL_set_bio takes ownership.
1125 SSL_set_bio(client.get(), bio1, bio1);
1126 SSL_set_bio(server.get(), bio2, bio2);
1127
1128 // Drive both their handshakes to completion.
1129 for (;;) {
1130 int client_ret = SSL_do_handshake(client.get());
1131 int client_err = SSL_get_error(client.get(), client_ret);
1132 if (client_err != SSL_ERROR_NONE &&
1133 client_err != SSL_ERROR_WANT_READ &&
1134 client_err != SSL_ERROR_WANT_WRITE) {
1135 fprintf(stderr, "Client error: %d\n", client_err);
1136 return false;
1137 }
1138
1139 int server_ret = SSL_do_handshake(server.get());
1140 int server_err = SSL_get_error(server.get(), server_ret);
1141 if (server_err != SSL_ERROR_NONE &&
1142 server_err != SSL_ERROR_WANT_READ &&
1143 server_err != SSL_ERROR_WANT_WRITE) {
1144 fprintf(stderr, "Server error: %d\n", server_err);
1145 return false;
1146 }
1147
1148 if (client_ret == 1 && server_ret == 1) {
1149 break;
1150 }
1151 }
1152
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1153 *out_client = std::move(client);
1154 *out_server = std::move(server);
1155 return true;
1156}
1157
1158static bool TestSequenceNumber(bool dtls) {
1159 ScopedSSL_CTX client_ctx(SSL_CTX_new(dtls ? DTLS_method() : TLS_method()));
1160 ScopedSSL_CTX server_ctx(SSL_CTX_new(dtls ? DTLS_method() : TLS_method()));
1161 if (!client_ctx || !server_ctx) {
1162 return false;
1163 }
1164
1165 ScopedX509 cert = GetTestCertificate();
1166 ScopedEVP_PKEY key = GetTestKey();
1167 if (!cert || !key ||
1168 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1169 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1170 return false;
1171 }
1172
1173 ScopedSSL client, server;
1174 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1175 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1176 return false;
1177 }
1178
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1179 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1180 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1181 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1182 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
1183
1184 if (dtls) {
1185 // Both client and server must be at epoch 1.
1186 if (EpochFromSequence(client_read_seq) != 1 ||
1187 EpochFromSequence(client_write_seq) != 1 ||
1188 EpochFromSequence(server_read_seq) != 1 ||
1189 EpochFromSequence(server_write_seq) != 1) {
1190 fprintf(stderr, "Bad epochs.\n");
1191 return false;
1192 }
1193
1194 // The next record to be written should exceed the largest received.
1195 if (client_write_seq <= server_read_seq ||
1196 server_write_seq <= client_read_seq) {
1197 fprintf(stderr, "Inconsistent sequence numbers.\n");
1198 return false;
1199 }
1200 } else {
1201 // The next record to be written should equal the next to be received.
1202 if (client_write_seq != server_read_seq ||
1203 server_write_seq != client_write_seq) {
1204 fprintf(stderr, "Inconsistent sequence numbers.\n");
1205 return false;
1206 }
1207 }
1208
1209 // Send a record from client to server.
1210 uint8_t byte = 0;
1211 if (SSL_write(client.get(), &byte, 1) != 1 ||
1212 SSL_read(server.get(), &byte, 1) != 1) {
1213 fprintf(stderr, "Could not send byte.\n");
1214 return false;
1215 }
1216
1217 // The client write and server read sequence numbers should have incremented.
1218 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1219 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1220 fprintf(stderr, "Sequence numbers did not increment.\n");\
1221 return false;
1222 }
1223
1224 return true;
1225}
1226
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1227static bool TestOneSidedShutdown() {
1228 ScopedSSL_CTX client_ctx(SSL_CTX_new(TLS_method()));
1229 ScopedSSL_CTX server_ctx(SSL_CTX_new(TLS_method()));
1230 if (!client_ctx || !server_ctx) {
1231 return false;
1232 }
1233
1234 ScopedX509 cert = GetTestCertificate();
1235 ScopedEVP_PKEY key = GetTestKey();
1236 if (!cert || !key ||
1237 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1238 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1239 return false;
1240 }
1241
1242 ScopedSSL client, server;
1243 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1244 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1245 return false;
1246 }
1247
1248 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1249 // one side has shut down.
1250 if (SSL_shutdown(client.get()) != 0) {
1251 fprintf(stderr, "Could not shutdown.\n");
1252 return false;
1253 }
1254
1255 // Reading from the server should consume the EOF.
1256 uint8_t byte;
1257 if (SSL_read(server.get(), &byte, 1) != 0 ||
1258 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1259 fprintf(stderr, "Connection was not shut down cleanly.\n");
1260 return false;
1261 }
1262
1263 // However, the server may continue to write data and then shut down the
1264 // connection.
1265 byte = 42;
1266 if (SSL_write(server.get(), &byte, 1) != 1 ||
1267 SSL_read(client.get(), &byte, 1) != 1 ||
1268 byte != 42) {
1269 fprintf(stderr, "Could not send byte.\n");
1270 return false;
1271 }
1272
1273 // The server may then shutdown the connection.
1274 if (SSL_shutdown(server.get()) != 1 ||
1275 SSL_shutdown(client.get()) != 1) {
1276 fprintf(stderr, "Could not complete shutdown.\n");
1277 return false;
1278 }
1279
1280 return true;
1281}
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1282static bool TestSessionDuplication() {
1283 ScopedSSL_CTX client_ctx(SSL_CTX_new(TLS_method()));
1284 ScopedSSL_CTX server_ctx(SSL_CTX_new(TLS_method()));
1285 if (!client_ctx || !server_ctx) {
1286 return false;
1287 }
1288
1289 ScopedX509 cert = GetTestCertificate();
1290 ScopedEVP_PKEY key = GetTestKey();
1291 if (!cert || !key ||
1292 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1293 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1294 return false;
1295 }
1296
1297 ScopedSSL client, server;
1298 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1299 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1300 return false;
1301 }
1302
1303 SSL_SESSION *session0 = SSL_get_session(client.get());
1304 ScopedSSL_SESSION session1(SSL_SESSION_dup(session0, 1));
1305 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1306 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1307 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1308
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1309 uint8_t *s0_bytes, *s1_bytes;
1310 size_t s0_len, s1_len;
1311
1312 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1313 return false;
1314 }
1315 ScopedOpenSSLBytes free_s0(s0_bytes);
1316
1317 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1318 return false;
1319 }
1320 ScopedOpenSSLBytes free_s1(s1_bytes);
1321
1322 return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
1323}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1324
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1325static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1326 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1327 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1328 SSL_get_wfd(ssl), rfd, wfd);
1329 return false;
1330 }
1331
1332 // The wrapper BIOs are always equal when fds are equal, even if set
1333 // individually.
1334 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1335 fprintf(stderr, "rbio and wbio did not match.\n");
1336 return false;
1337 }
1338
1339 return true;
1340}
1341
1342static bool TestSetFD() {
1343 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1344 if (!ctx) {
1345 return false;
1346 }
1347
1348 // Test setting different read and write FDs.
1349 ScopedSSL ssl(SSL_new(ctx.get()));
1350 if (!ssl ||
1351 !SSL_set_rfd(ssl.get(), 1) ||
1352 !SSL_set_wfd(ssl.get(), 2) ||
1353 !ExpectFDs(ssl.get(), 1, 2)) {
1354 return false;
1355 }
1356
1357 // Test setting the same FD.
1358 ssl.reset(SSL_new(ctx.get()));
1359 if (!ssl ||
1360 !SSL_set_fd(ssl.get(), 1) ||
1361 !ExpectFDs(ssl.get(), 1, 1)) {
1362 return false;
1363 }
1364
1365 // Test setting the same FD one side at a time.
1366 ssl.reset(SSL_new(ctx.get()));
1367 if (!ssl ||
1368 !SSL_set_rfd(ssl.get(), 1) ||
1369 !SSL_set_wfd(ssl.get(), 1) ||
1370 !ExpectFDs(ssl.get(), 1, 1)) {
1371 return false;
1372 }
1373
1374 // Test setting the same FD in the other order.
1375 ssl.reset(SSL_new(ctx.get()));
1376 if (!ssl ||
1377 !SSL_set_wfd(ssl.get(), 1) ||
1378 !SSL_set_rfd(ssl.get(), 1) ||
1379 !ExpectFDs(ssl.get(), 1, 1)) {
1380 return false;
1381 }
1382
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1383 // Test changing the read FD partway through.
1384 ssl.reset(SSL_new(ctx.get()));
1385 if (!ssl ||
1386 !SSL_set_fd(ssl.get(), 1) ||
1387 !SSL_set_rfd(ssl.get(), 2) ||
1388 !ExpectFDs(ssl.get(), 2, 1)) {
1389 return false;
1390 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1391
1392 // Test changing the write FD partway through.
1393 ssl.reset(SSL_new(ctx.get()));
1394 if (!ssl ||
1395 !SSL_set_fd(ssl.get(), 1) ||
1396 !SSL_set_wfd(ssl.get(), 2) ||
1397 !ExpectFDs(ssl.get(), 1, 2)) {
1398 return false;
1399 }
1400
1401 // Test a no-op change to the read FD partway through.
1402 ssl.reset(SSL_new(ctx.get()));
1403 if (!ssl ||
1404 !SSL_set_fd(ssl.get(), 1) ||
1405 !SSL_set_rfd(ssl.get(), 1) ||
1406 !ExpectFDs(ssl.get(), 1, 1)) {
1407 return false;
1408 }
1409
1410 // Test a no-op change to the write FD partway through.
1411 ssl.reset(SSL_new(ctx.get()));
1412 if (!ssl ||
1413 !SSL_set_fd(ssl.get(), 1) ||
1414 !SSL_set_wfd(ssl.get(), 1) ||
1415 !ExpectFDs(ssl.get(), 1, 1)) {
1416 return false;
1417 }
1418
1419 // ASan builds will implicitly test that the internal |BIO| reference-counting
1420 // is correct.
1421
1422 return true;
1423}
1424
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1425static bool TestSetBIO() {
1426 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1427 if (!ctx) {
1428 return false;
1429 }
1430
1431 ScopedSSL ssl(SSL_new(ctx.get()));
1432 ScopedBIO bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
1433 bio3(BIO_new(BIO_s_mem()));
1434 if (!ssl || !bio1 || !bio2 || !bio3) {
1435 return false;
1436 }
1437
1438 // SSL_set_bio takes one reference when the parameters are the same.
1439 BIO_up_ref(bio1.get());
1440 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1441
1442 // Repeating the call does nothing.
1443 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1444
1445 // It takes one reference each when the parameters are different.
1446 BIO_up_ref(bio2.get());
1447 BIO_up_ref(bio3.get());
1448 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1449
1450 // Repeating the call does nothing.
1451 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1452
1453 // It takes one reference when changing only wbio.
1454 BIO_up_ref(bio1.get());
1455 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1456
1457 // It takes one reference when changing only rbio and the two are different.
1458 BIO_up_ref(bio3.get());
1459 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1460
1461 // If setting wbio to rbio, it takes no additional references.
1462 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1463
1464 // From there, wbio may be switched to something else.
1465 BIO_up_ref(bio1.get());
1466 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1467
1468 // If setting rbio to wbio, it takes no additional references.
1469 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1470
1471 // From there, rbio may be switched to something else, but, for historical
1472 // reasons, it takes a reference to both parameters.
1473 BIO_up_ref(bio1.get());
1474 BIO_up_ref(bio2.get());
1475 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1476
1477 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1478 // is correct.
1479 return true;
1480}
1481
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1482static uint16_t kVersions[] = {
1483 SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION,
1484};
1485
1486static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1487
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1488static bool TestGetPeerCertificate() {
1489 ScopedX509 cert = GetTestCertificate();
1490 ScopedEVP_PKEY key = GetTestKey();
1491 if (!cert || !key) {
1492 return false;
1493 }
1494
1495 for (uint16_t version : kVersions) {
1496 // Configure both client and server to accept any certificate.
1497 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1498 if (!ctx ||
1499 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1500 !SSL_CTX_use_PrivateKey(ctx.get(), key.get())) {
1501 return false;
1502 }
1503 SSL_CTX_set_min_version(ctx.get(), version);
1504 SSL_CTX_set_max_version(ctx.get(), version);
1505 SSL_CTX_set_verify(
1506 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1507 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1508
1509 ScopedSSL client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1510 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1511 nullptr /* no session */)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1512 return false;
1513 }
1514
1515 // Client and server should both see the leaf certificate.
1516 ScopedX509 peer(SSL_get_peer_certificate(server.get()));
1517 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1518 fprintf(stderr, "%x: Server peer certificate did not match.\n", version);
1519 return false;
1520 }
1521
1522 peer.reset(SSL_get_peer_certificate(client.get()));
1523 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1524 fprintf(stderr, "%x: Client peer certificate did not match.\n", version);
1525 return false;
1526 }
1527
1528 // However, for historical reasons, the chain includes the leaf on the
1529 // client, but does not on the server.
1530 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1531 fprintf(stderr, "%x: Client peer chain was incorrect.\n", version);
1532 return false;
1533 }
1534
1535 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1536 fprintf(stderr, "%x: Server peer chain was incorrect.\n", version);
1537 return false;
1538 }
1539 }
1540
1541 return true;
1542}
1543
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1544static bool TestRetainOnlySHA256OfCerts() {
1545 ScopedX509 cert = GetTestCertificate();
1546 ScopedEVP_PKEY key = GetTestKey();
1547 if (!cert || !key) {
1548 return false;
1549 }
1550
1551 uint8_t *cert_der = NULL;
1552 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1553 if (cert_der_len < 0) {
1554 return false;
1555 }
1556 ScopedOpenSSLBytes free_cert_der(cert_der);
1557
1558 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1559 SHA256(cert_der, cert_der_len, cert_sha256);
1560
1561 for (uint16_t version : kVersions) {
1562 // Configure both client and server to accept any certificate, but the
1563 // server must retain only the SHA-256 of the peer.
1564 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1565 if (!ctx ||
1566 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1567 !SSL_CTX_use_PrivateKey(ctx.get(), key.get())) {
1568 return false;
1569 }
1570 SSL_CTX_set_min_version(ctx.get(), version);
1571 SSL_CTX_set_max_version(ctx.get(), version);
1572 SSL_CTX_set_verify(
1573 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1574 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1575 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
1576
1577 ScopedSSL client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1578 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1579 nullptr /* no session */)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1580 return false;
1581 }
1582
1583 // The peer certificate has been dropped.
1584 ScopedX509 peer(SSL_get_peer_certificate(server.get()));
1585 if (peer) {
1586 fprintf(stderr, "%x: Peer certificate was retained.\n", version);
1587 return false;
1588 }
1589
1590 SSL_SESSION *session = SSL_get_session(server.get());
1591 if (!session->peer_sha256_valid) {
1592 fprintf(stderr, "%x: peer_sha256_valid was not set.\n", version);
1593 return false;
1594 }
1595
1596 if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
1597 fprintf(stderr, "%x: peer_sha256 did not match.\n", version);
1598 return false;
1599 }
1600 }
1601
1602 return true;
1603}
1604
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1605static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1606 size_t expected_len) {
1607 ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method()));
1608 if (!ctx) {
1609 return false;
1610 }
1611 SSL_CTX_set_max_version(ctx.get(), version);
1612 // Our default cipher list varies by CPU capabilities, so manually place the
1613 // ChaCha20 ciphers in front.
1614 if (!SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
1615 return false;
1616 }
1617 ScopedSSL ssl(SSL_new(ctx.get()));
1618 if (!ssl) {
1619 return false;
1620 }
1621 std::vector<uint8_t> client_hello;
1622 if (!GetClientHello(ssl.get(), &client_hello)) {
1623 return false;
1624 }
1625
1626 // Zero the client_random.
1627 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1628 1 + 3 + // handshake message header
1629 2; // client_version
1630 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1631 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1632 return false;
1633 }
1634 memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
1635
1636 if (client_hello.size() != expected_len ||
1637 memcmp(client_hello.data(), expected, expected_len) != 0) {
1638 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1639 fprintf(stderr, "Got:\n\t");
1640 for (size_t i = 0; i < client_hello.size(); i++) {
1641 fprintf(stderr, "0x%02x, ", client_hello[i]);
1642 }
1643 fprintf(stderr, "\nWanted:\n\t");
1644 for (size_t i = 0; i < expected_len; i++) {
1645 fprintf(stderr, "0x%02x, ", expected[i]);
1646 }
1647 fprintf(stderr, "\n");
1648 return false;
1649 }
1650
1651 return true;
1652}
1653
1654// Tests that our ClientHellos do not change unexpectedly.
1655static bool TestClientHello() {
1656 static const uint8_t kSSL3ClientHello[] = {
1657 0x16, 0x03, 0x00, 0x00, 0x47, 0x01, 0x00, 0x00, 0x43, 0x03, 0x00,
1658 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1659 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1660 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1661 0x00, 0x1c, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0,
1662 0x14, 0x00, 0x39, 0xc0, 0x07, 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35,
1663 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x00, 0xff, 0x01, 0x00,
1664 };
1665 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1666 sizeof(kSSL3ClientHello))) {
1667 return false;
1668 }
1669
1670 static const uint8_t kTLS1ClientHello[] = {
1671 0x16, 0x03, 0x01, 0x00, 0x66, 0x01, 0x00, 0x00, 0x62, 0x03, 0x01, 0x00,
1672 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1673 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1674 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0xc0, 0x09,
1675 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x39, 0xc0, 0x07,
1676 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04,
1677 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1678 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1679 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1680 };
1681 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1682 sizeof(kTLS1ClientHello))) {
1683 return false;
1684 }
1685
1686 static const uint8_t kTLS11ClientHello[] = {
1687 0x16, 0x03, 0x01, 0x00, 0x66, 0x01, 0x00, 0x00, 0x62, 0x03, 0x02, 0x00,
1688 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1689 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1690 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0xc0, 0x09,
1691 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x39, 0xc0, 0x07,
1692 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04,
1693 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1694 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1695 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1696 };
1697 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1698 sizeof(kTLS11ClientHello))) {
1699 return false;
1700 }
1701
1702 static const uint8_t kTLS12ClientHello[] = {
1703 0x16, 0x03, 0x01, 0x00, 0xa4, 0x01, 0x00, 0x00, 0xa0, 0x03, 0x03, 0x00,
1704 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1705 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1706 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0xcc, 0xa9,
1707 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
1708 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13,
1709 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1710 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0xc0, 0x07, 0xc0, 0x11, 0x00, 0x9c,
1711 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a,
1712 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x35, 0xff, 0x01, 0x00, 0x01,
1713 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1714 0x12, 0x00, 0x10, 0x06, 0x01, 0x06, 0x03, 0x05, 0x01, 0x05, 0x03, 0x04,
1715 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x0b, 0x00, 0x02, 0x01,
1716 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00,
1717 0x18,
1718 };
1719 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1720 sizeof(kTLS12ClientHello))) {
1721 return false;
1722 }
1723
1724 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1725 // implementation has settled enough that it won't change.
1726
1727 return true;
1728}
1729
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1730static ScopedSSL_SESSION g_last_session;
1731
1732static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1733 // Save the most recent session.
1734 g_last_session.reset(session);
1735 return 1;
1736}
1737
1738static ScopedSSL_SESSION CreateClientSession(SSL_CTX *client_ctx,
1739 SSL_CTX *server_ctx) {
1740 g_last_session = nullptr;
1741 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1742
1743 // Connect client and server to get a session.
1744 ScopedSSL client, server;
1745 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1746 nullptr /* no session */)) {
1747 fprintf(stderr, "Failed to connect client and server.\n");
1748 return nullptr;
1749 }
1750
1751 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1752 SSL_read(client.get(), nullptr, 0);
1753
1754 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1755
1756 if (!g_last_session) {
1757 fprintf(stderr, "Client did not receive a session.\n");
1758 return nullptr;
1759 }
1760 return std::move(g_last_session);
1761}
1762
1763static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1764 SSL_SESSION *session,
1765 bool reused) {
1766 ScopedSSL client, server;
1767 if (!ConnectClientAndServer(&client, &server, client_ctx,
1768 server_ctx, session)) {
1769 fprintf(stderr, "Failed to connect client and server.\n");
1770 return false;
1771 }
1772
1773 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1774 fprintf(stderr, "Client and server were inconsistent.\n");
1775 return false;
1776 }
1777
1778 bool was_reused = !!SSL_session_reused(client.get());
1779 if (was_reused != reused) {
1780 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1781 was_reused ? "" : " not");
1782 return false;
1783 }
1784
1785 return true;
1786}
1787
1788static bool TestSessionIDContext() {
1789 ScopedX509 cert = GetTestCertificate();
1790 ScopedEVP_PKEY key = GetTestKey();
1791 if (!cert || !key) {
1792 return false;
1793 }
1794
1795 static const uint8_t kContext1[] = {1};
1796 static const uint8_t kContext2[] = {2};
1797
1798 for (uint16_t version : kVersions) {
1799 // TODO(davidben): Enable this when TLS 1.3 resumption is implemented.
1800 if (version == TLS1_3_VERSION) {
1801 continue;
1802 }
1803
1804 ScopedSSL_CTX server_ctx(SSL_CTX_new(TLS_method()));
1805 ScopedSSL_CTX client_ctx(SSL_CTX_new(TLS_method()));
1806 if (!server_ctx || !client_ctx ||
1807 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1808 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
1809 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
1810 sizeof(kContext1))) {
1811 return false;
1812 }
1813
1814 SSL_CTX_set_min_version(client_ctx.get(), version);
1815 SSL_CTX_set_max_version(client_ctx.get(), version);
1816 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
1817
1818 SSL_CTX_set_min_version(server_ctx.get(), version);
1819 SSL_CTX_set_max_version(server_ctx.get(), version);
1820 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
1821
1822 ScopedSSL_SESSION session =
1823 CreateClientSession(client_ctx.get(), server_ctx.get());
1824 if (!session) {
1825 fprintf(stderr, "Error getting session (version = %04x).\n", version);
1826 return false;
1827 }
1828
1829 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1830 true /* expect session reused */)) {
1831 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1832 return false;
1833 }
1834
1835 // Change the session ID context.
1836 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
1837 sizeof(kContext2))) {
1838 return false;
1839 }
1840
1841 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1842 false /* expect session not reused */)) {
1843 fprintf(stderr,
1844 "Error connection with different context (version = %04x).\n",
1845 version);
1846 return false;
1847 }
1848 }
1849
1850 return true;
1851}
1852
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1853static timeval g_current_time;
1854
1855static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
1856 *out_clock = g_current_time;
1857}
1858
1859static bool TestSessionTimeout() {
1860 ScopedX509 cert = GetTestCertificate();
1861 ScopedEVP_PKEY key = GetTestKey();
1862 if (!cert || !key) {
1863 return false;
1864 }
1865
1866 for (uint16_t version : kVersions) {
1867 // TODO(davidben): Enable this when TLS 1.3 resumption is implemented.
1868 if (version == TLS1_3_VERSION) {
1869 continue;
1870 }
1871
1872 ScopedSSL_CTX server_ctx(SSL_CTX_new(TLS_method()));
1873 ScopedSSL_CTX client_ctx(SSL_CTX_new(TLS_method()));
1874 if (!server_ctx || !client_ctx ||
1875 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1876 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1877 return false;
1878 }
1879
1880 SSL_CTX_set_min_version(client_ctx.get(), version);
1881 SSL_CTX_set_max_version(client_ctx.get(), version);
1882 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
1883
1884 SSL_CTX_set_min_version(server_ctx.get(), version);
1885 SSL_CTX_set_max_version(server_ctx.get(), version);
1886 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
1887 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
1888
1889 ScopedSSL_SESSION session =
1890 CreateClientSession(client_ctx.get(), server_ctx.get());
1891 if (!session) {
1892 fprintf(stderr, "Error getting session (version = %04x).\n", version);
1893 return false;
1894 }
1895
1896 // Advance the clock just behind the timeout.
1897 g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT;
1898
1899 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1900 true /* expect session reused */)) {
1901 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1902 return false;
1903 }
1904
1905 // Advance the clock one more second.
1906 g_current_time.tv_sec++;
1907
1908 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
1909 false /* expect session not reused */)) {
1910 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
1911 return false;
1912 }
1913 }
1914
1915 return true;
1916}
1917
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1918int main() {
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]1919 CRYPTO_library_init();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]1920
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]1921 if (!TestCipherRules() ||
1922 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
1923 !TestSSL_SESSIONEncoding(kCustomSession) ||
1924 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
1925 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
1926 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
1927 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]1928 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]1929 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
1930 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
1931 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
1932 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
1933 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
1934 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
1935 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
1936 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
1937 !TestCipherGetRFCName() ||
1938 !TestPaddingExtension() ||
1939 !TestClientCAList() ||
1940 !TestInternalSessionCache() ||
1941 !TestSequenceNumber(false /* TLS */) ||
1942 !TestSequenceNumber(true /* DTLS */) ||
1943 !TestOneSidedShutdown() ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1944 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1945 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1946 !TestSetBIO() ||
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1947 !TestGetPeerCertificate() ||
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1948 !TestRetainOnlySHA256OfCerts() ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1949 !TestClientHello() ||
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]1950 !TestSessionIDContext() ||
1951 !TestSessionTimeout()) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]1952 ERR_print_errors_fp(stderr);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]1953 return 1;
1954 }
1955
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1956 printf("PASS\n");
1957 return 0;
1958}