Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 9b63f2964d4fd0c3c5063040497c6b8f1fec71e8 / . / ssl / ssl_test.cc
blob: 38ae4fed1d7e6118eae480b2acca9096404efc2c [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]24#include <openssl/base64.h>
25#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]26#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]27#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]28#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]29#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]30#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]31#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]32#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]33#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]34#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]35
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]36#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]37#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]38#include "../crypto/test/test_util.h"
39
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]40#if defined(OPENSSL_WINDOWS)
41/* Windows defines struct timeval in winsock2.h. */
42OPENSSL_MSVC_PRAGMA(warning(push, 3))
43#include <winsock2.h>
44OPENSSL_MSVC_PRAGMA(warning(pop))
45#else
46#include <sys/time.h>
47#endif
48
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]49
50struct ExpectedCipher {
51 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]52 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]53};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55struct CipherTest {
56 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]57 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]58 // The list of expected ciphers, in order.
59 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]60};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]61
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]62struct CurveTest {
63 // The rule string to apply.
64 const char *rule;
65 // The list of expected curves, in order.
66 std::vector<uint16_t> expected;
67};
68
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]69static const CipherTest kCipherTests[] = {
70 // Selecting individual ciphers should work.
71 {
72 "ECDHE-ECDSA-CHACHA20-POLY1305:"
73 "ECDHE-RSA-CHACHA20-POLY1305:"
74 "ECDHE-ECDSA-AES128-GCM-SHA256:"
75 "ECDHE-RSA-AES128-GCM-SHA256",
76 {
77 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
78 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
79 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
80 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
94 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
95 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
96 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
97 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
99 },
100 },
101 // ! banishes ciphers from future selections.
102 {
103 "!aRSA:"
104 "ECDHE-ECDSA-CHACHA20-POLY1305:"
105 "ECDHE-RSA-CHACHA20-POLY1305:"
106 "ECDHE-ECDSA-AES128-GCM-SHA256:"
107 "ECDHE-RSA-AES128-GCM-SHA256",
108 {
109 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
110 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
111 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
112 },
113 },
114 // Multiple masks can be ANDed in a single rule.
115 {
116 "kRSA+AESGCM+AES128",
117 {
118 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
119 },
120 },
121 // - removes selected ciphers, but preserves their order for future
122 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
123 // ECDHE_RSA.
124 {
125 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
126 "AESGCM+AES128+aRSA",
127 {
128 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
129 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
130 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
131 },
132 },
133 // Unknown selectors are no-ops.
134 {
135 "ECDHE-ECDSA-CHACHA20-POLY1305:"
136 "ECDHE-RSA-CHACHA20-POLY1305:"
137 "ECDHE-ECDSA-AES128-GCM-SHA256:"
138 "ECDHE-RSA-AES128-GCM-SHA256:"
139 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
140 {
141 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
142 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
143 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
144 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
145 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
146 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
147 },
148 },
149 // Square brackets specify equi-preference groups.
150 {
151 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
152 "[ECDHE-RSA-CHACHA20-POLY1305]:"
153 "ECDHE-RSA-AES128-GCM-SHA256",
154 {
155 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
156 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1},
157 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
158 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1},
159 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
160 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
161 },
162 },
163 // @STRENGTH performs a stable strength-sort of the selected ciphers and
164 // only the selected ciphers.
165 {
166 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]167 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]168 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
169 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]170 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]171 // Select ECDHE ones and sort them by strength. Ties should resolve
172 // based on the order above.
173 "kECDHE:@STRENGTH:-ALL:"
174 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
175 // by strength. Then RSA, backwards by strength.
176 "aRSA",
177 {
178 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
179 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
180 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]181 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]182 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
183 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
184 },
185 },
186 // Exact ciphers may not be used in multi-part rules; they are treated
187 // as unknown aliases.
188 {
189 "ECDHE-ECDSA-AES128-GCM-SHA256:"
190 "ECDHE-RSA-AES128-GCM-SHA256:"
191 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
192 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
193 {
194 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
195 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
196 },
197 },
198 // SSLv3 matches everything that existed before TLS 1.2.
199 {
200 "AES128-SHA:AES128-SHA256:!SSLv3",
201 {
202 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
203 },
204 },
205 // TLSv1.2 matches everything added in TLS 1.2.
206 {
207 "AES128-SHA:AES128-SHA256:!TLSv1.2",
208 {
209 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
210 },
211 },
212 // The two directives have no intersection.
213 {
214 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
215 {
216 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
217 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
218 },
219 },
220 // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher
221 // name and not an alias. It may not be used in a multipart rule. (That the
222 // shared name works is covered by the standard tests.)
223 {
224 "ECDHE-ECDSA-CHACHA20-POLY1305:"
225 "ECDHE-RSA-CHACHA20-POLY1305:"
226 "!ECDHE-RSA-CHACHA20-POLY1305+RSA:"
227 "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305",
228 {
229 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
230 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
231 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
232 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
233 },
234 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]235};
236
237static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]238 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]239 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
240 "RSA]",
241 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]242 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]243 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]244 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]245 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]246 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]247 "",
248 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]249 // COMPLEMENTOFDEFAULT is empty.
250 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]251 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]252 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]253 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]254 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
255 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
256 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
257 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]258 // Opcode supplied, but missing selector.
259 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]260};
261
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]262static const char *kMustNotIncludeNull[] = {
263 "ALL",
264 "DEFAULT",
265 "ALL:!eNULL",
266 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]267 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]268 "FIPS",
269 "SHA",
270 "SHA1",
271 "RSA",
272 "SSLv3",
273 "TLSv1",
274 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]275};
276
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]277static const char *kMustNotIncludeCECPQ1[] = {
278 "ALL",
279 "DEFAULT",
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]280 "HIGH",
281 "FIPS",
282 "SHA",
283 "SHA1",
284 "SHA256",
285 "SHA384",
286 "RSA",
287 "SSLv3",
288 "TLSv1",
289 "TLSv1.2",
290 "aRSA",
291 "RSA",
292 "aECDSA",
293 "ECDSA",
294 "AES",
295 "AES128",
296 "AES256",
297 "AESGCM",
298 "CHACHA20",
299};
300
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]301static const CurveTest kCurveTests[] = {
302 {
303 "P-256",
304 { SSL_CURVE_SECP256R1 },
305 },
306 {
307 "P-256:P-384:P-521:X25519",
308 {
309 SSL_CURVE_SECP256R1,
310 SSL_CURVE_SECP384R1,
311 SSL_CURVE_SECP521R1,
312 SSL_CURVE_X25519,
313 },
314 },
315};
316
317static const char *kBadCurvesLists[] = {
318 "",
319 ":",
320 "::",
321 "P-256::X25519",
322 "RSA:P-256",
323 "P-256:RSA",
324 "X25519:P-256:",
325 ":X25519:P-256",
326};
327
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]328static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
329 bool in_group = false;
330 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
332 if (!in_group && list->in_group_flags[i]) {
333 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]334 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]335 }
336 fprintf(stderr, "\t");
337 if (in_group) {
338 fprintf(stderr, " ");
339 }
340 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
341 if (in_group && !list->in_group_flags[i]) {
342 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]343 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]344 }
345 }
346}
347
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]348static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]349 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]350 if (!ctx) {
351 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]352 }
353
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]354 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
355 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]356 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]357 }
358
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]359 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]360 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
361 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
362 PrintCipherPreferenceList(ctx->cipher_list);
363 return false;
364 }
365
366 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]367 const SSL_CIPHER *cipher =
368 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]369 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
370 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
371 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]372 PrintCipherPreferenceList(ctx->cipher_list);
373 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]374 }
375 }
376
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]377 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]378}
379
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]380static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]381 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]382 if (!ctx) {
383 return false;
384 }
385 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
386 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
387 return false;
388 }
389 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
390 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
391 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
392 return false;
393 }
394 }
395 return true;
396}
397
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]398static bool TestRuleDoesNotIncludeCECPQ1(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]399 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]400 if (!ctx) {
401 return false;
402 }
403 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
404 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
405 return false;
406 }
407 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
408 if (SSL_CIPHER_is_CECPQ1(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
409 fprintf(stderr, "Error: cipher rule '%s' includes CECPQ1\n",rule);
410 return false;
411 }
412 }
413 return true;
414}
415
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]416static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]417 for (const CipherTest &test : kCipherTests) {
418 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]419 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]420 }
421 }
422
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]423 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]424 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]425 if (!ctx) {
426 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]427 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]428 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
429 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]430 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]431 }
432 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]433 }
434
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]435 for (const char *rule : kMustNotIncludeNull) {
436 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]437 return false;
438 }
439 }
440
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]441 for (const char *rule : kMustNotIncludeCECPQ1) {
442 if (!TestRuleDoesNotIncludeCECPQ1(rule)) {
443 return false;
444 }
445 }
446
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]447 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]448}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]449
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]450static bool TestCurveRule(const CurveTest &t) {
451 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
452 if (!ctx) {
453 return false;
454 }
455
456 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
457 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
458 return false;
459 }
460
461 // Compare the two lists.
462 if (ctx->supported_group_list_len != t.expected.size()) {
463 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
464 return false;
465 }
466
467 for (size_t i = 0; i < t.expected.size(); i++) {
468 if (t.expected[i] != ctx->supported_group_list[i]) {
469 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
470 return false;
471 }
472 }
473
474 return true;
475}
476
477static bool TestCurveRules() {
478 for (const CurveTest &test : kCurveTests) {
479 if (!TestCurveRule(test)) {
480 return false;
481 }
482 }
483
484 for (const char *rule : kBadCurvesLists) {
485 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
486 if (!ctx) {
487 return false;
488 }
489 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
490 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
491 return false;
492 }
493 ERR_clear_error();
494 }
495
496 return true;
497}
498
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]499// kOpenSSLSession is a serialized SSL_SESSION generated from openssl
500// s_client -sess_out.
501static const char kOpenSSLSession[] =
502 "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
503 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
504 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
505 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
506 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
507 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
508 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
509 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
510 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
511 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
512 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
513 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
514 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
515 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
516 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
517 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
518 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
519 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
520 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
521 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
522 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
523 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
524 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
525 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
526 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
527 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
528 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
529 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
530 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
531 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
532 "i4gv7Y5oliyn";
533
534// kCustomSession is a custom serialized SSL_SESSION generated by
535// filling in missing fields from |kOpenSSLSession|. This includes
536// providing |peer_sha256|, so |peer| is not serialized.
537static const char kCustomSession[] =
538 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
539 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
540 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
541 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
542 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
543 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
544 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
545 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
546
547// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
548static const char kBoringSSLSession[] =
549 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
550 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
551 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
552 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
553 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
554 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
555 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
556 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
557 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
558 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
559 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
560 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
561 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
562 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
563 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
564 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
565 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
566 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
567 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
568 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
569 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
570 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
571 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
572 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
573 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
574 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
575 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
576 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
577 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
578 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
579 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
580 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
581 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
582 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
583 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
584 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
585 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
586 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
587 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
588 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
589 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
590 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
591 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
592 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
593 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
594 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
595 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
596 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
597 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
598 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
599 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
600 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
601 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
602 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
603 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
604 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
605 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
606 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
607 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
608 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
609 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
610 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
611 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
612 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
613 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
614 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
615 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
616 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
617 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
618 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
619 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
620 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
621 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
622 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
623 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
624 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
625 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
626 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
627 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
628 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
629 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
630 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
631 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
632 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
633 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
634 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
635 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
636 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
637 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
638 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
639 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
640 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
641 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
642 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
643 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
644
645// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
646// the final (optional) element of |kCustomSession| with tag number 30.
647static const char kBadSessionExtraField[] =
648 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
649 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
650 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
651 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
652 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
653 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
654 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
655 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
656
657// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
658// the version of |kCustomSession| with 2.
659static const char kBadSessionVersion[] =
660 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
661 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
662 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
663 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
664 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
665 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
666 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
667 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
668
669// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
670// appended.
671static const char kBadSessionTrailingData[] =
672 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
673 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
674 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
675 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
676 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
677 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
678 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
679 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
680
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]683 if (!EVP_DecodedLength(&len, strlen(in))) {
684 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]686 }
687
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]688 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]689 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 strlen(in))) {
691 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]693 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694 out->resize(len);
695 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]696}
697
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 const uint8_t *cptr;
700 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]701
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]702 // Decode the input.
703 std::vector<uint8_t> input;
704 if (!DecodeBase64(&input, input_b64)) {
705 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 }
707
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]708 // Verify the SSL_SESSION decodes.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]709 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]710 if (!session) {
711 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]712 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]713 }
714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Verify the SSL_SESSION encoding round-trips.
716 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]717 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 uint8_t *encoded_raw;
719 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]720 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]722 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]723 encoded.reset(encoded_raw);
724 if (encoded_len != input.size() ||
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]725 memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]726 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]727 hexdump(stderr, "Before: ", input.data(), input.size());
728 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]729 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]730 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]731
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]732 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]733 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]734 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]735 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]736 fprintf(stderr, "d2i_SSL_SESSION failed\n");
737 return false;
738 }
739
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]740 // Verify the SSL_SESSION encoding round-trips via the legacy API.
741 int len = i2d_SSL_SESSION(session.get(), NULL);
742 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]743 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]744 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]745 }
746
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
748 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]749 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]750 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]751 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]752
753 ptr = encoded.get();
754 len = i2d_SSL_SESSION(session.get(), &ptr);
755 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]756 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]757 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]758 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]759 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]760 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]761 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]762 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]763 if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]764 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]765 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]766 }
767
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769}
770
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]771static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
772 std::vector<uint8_t> input;
773 if (!DecodeBase64(&input, input_b64)) {
774 return false;
775 }
776
777 // Verify that the SSL_SESSION fails to decode.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]778 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]779 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]780 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]781 return false;
782 }
783 ERR_clear_error();
784 return true;
785}
786
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]787static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]788 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]789 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]790 if (!ctx) {
791 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]792 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]793 if (ctx->min_version != min_version || ctx->max_version != max_version) {
794 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
795 ctx->min_version, ctx->max_version, min_version, max_version);
796 return false;
797 }
798 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]799}
800
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]801static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]802 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
803 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]804 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]805 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]806 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]807 if (!rfc_name) {
808 return false;
809 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]810 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]811 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]812}
813
814typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]815 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]816 const char *rfc_name;
817} CIPHER_RFC_NAME_TEST;
818
819static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]820 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
821 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
822 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
823 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
824 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
825 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
826 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
827 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
828 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
829 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
830 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
831 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
832 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
833 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
834 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
835 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
836 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
837 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
838 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
839 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
840 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
841 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
842
843 // These names are non-standard:
844 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
845 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
846 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
847 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]848};
849
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]850static bool TestCipherGetRFCName(void) {
851 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]852 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]853 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]854 std::string rfc_name;
855 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
856 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
857 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]858 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]859 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]860 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]861 rfc_name.c_str(), test->rfc_name);
862 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]863 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]864 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]865 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]866}
867
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]868// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
869// version and ticket length or nullptr on failure.
870static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
871 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]872 std::vector<uint8_t> der;
873 if (!DecodeBase64(&der, kOpenSSLSession)) {
874 return nullptr;
875 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]876 bssl::UniquePtr<SSL_SESSION> session(
877 SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]878 if (!session) {
879 return nullptr;
880 }
881
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]882 session->ssl_version = version;
883
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]884 // Swap out the ticket for a garbage one.
885 OPENSSL_free(session->tlsext_tick);
886 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
887 if (session->tlsext_tick == nullptr) {
888 return nullptr;
889 }
890 memset(session->tlsext_tick, 'a', ticket_len);
891 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]892
893 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame^]894#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
895 session->time = 1234;
896#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]897 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame^]898#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]899 return session;
900}
901
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]902static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]903 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]904 if (!bio) {
905 return false;
906 }
907 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]908 BIO_up_ref(bio.get());
909 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]910 int ret = SSL_connect(ssl);
911 if (ret > 0) {
912 // SSL_connect should fail without a BIO to write to.
913 return false;
914 }
915 ERR_clear_error();
916
917 const uint8_t *client_hello;
918 size_t client_hello_len;
919 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
920 return false;
921 }
922 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
923 return true;
924}
925
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]926// GetClientHelloLen creates a client SSL connection with the specified version
927// and ticket length. It returns the length of the ClientHello, not including
928// the record header, on success and zero on error.
929static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
930 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]931 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]932 bssl::UniquePtr<SSL_SESSION> session =
933 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]934 if (!ctx || !session) {
935 return 0;
936 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]937
938 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]939 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]940 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]941 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
942 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]943 return 0;
944 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]945
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]946 std::vector<uint8_t> client_hello;
947 if (!GetClientHello(ssl.get(), &client_hello) ||
948 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]949 return 0;
950 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]951
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]952 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]953}
954
955struct PaddingTest {
956 size_t input_len, padded_len;
957};
958
959static const PaddingTest kPaddingTests[] = {
960 // ClientHellos of length below 0x100 do not require padding.
961 {0xfe, 0xfe},
962 {0xff, 0xff},
963 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
964 {0x100, 0x200},
965 {0x123, 0x200},
966 {0x1fb, 0x200},
967 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
968 // padding extension takes a minimum of four bytes plus one required content
969 // byte. (To work around yet more server bugs, we avoid empty final
970 // extensions.)
971 {0x1fc, 0x201},
972 {0x1fd, 0x202},
973 {0x1fe, 0x203},
974 {0x1ff, 0x204},
975 // Finally, larger ClientHellos need no padding.
976 {0x200, 0x200},
977 {0x201, 0x201},
978};
979
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]980static bool TestPaddingExtension(uint16_t max_version,
981 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]982 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]983 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]984 if (base_len == 0) {
985 return false;
986 }
987
988 for (const PaddingTest &test : kPaddingTests) {
989 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]990 fprintf(stderr,
991 "Baseline ClientHello too long (max_version = %04x, "
992 "session_version = %04x).\n",
993 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]994 return false;
995 }
996
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]997 size_t padded_len = GetClientHelloLen(max_version, session_version,
998 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]999 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1000 fprintf(stderr,
1001 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1002 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1003 static_cast<unsigned>(test.input_len),
1004 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1005 static_cast<unsigned>(test.padded_len), max_version,
1006 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1007 return false;
1008 }
1009 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1010
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1011 return true;
1012}
1013
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1014// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1015// before configuring as a server.
1016static bool TestClientCAList() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1018 if (!ctx) {
1019 return false;
1020 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1021 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1022 if (!ssl) {
1023 return false;
1024 }
1025
1026 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
1027 if (stack == nullptr) {
1028 return false;
1029 }
1030 // |SSL_set_client_CA_list| takes ownership.
1031 SSL_set_client_CA_list(ssl.get(), stack);
1032
1033 return SSL_get_client_CA_list(ssl.get()) == stack;
1034}
1035
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1036static void AppendSession(SSL_SESSION *session, void *arg) {
1037 std::vector<SSL_SESSION*> *out =
1038 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1039 out->push_back(session);
1040}
1041
1042// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
1043// order.
1044static bool ExpectCache(SSL_CTX *ctx,
1045 const std::vector<SSL_SESSION*> &expected) {
1046 // Check the linked list.
1047 SSL_SESSION *ptr = ctx->session_cache_head;
1048 for (SSL_SESSION *session : expected) {
1049 if (ptr != session) {
1050 return false;
1051 }
1052 // TODO(davidben): This is an absurd way to denote the end of the list.
1053 if (ptr->next ==
1054 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1055 ptr = nullptr;
1056 } else {
1057 ptr = ptr->next;
1058 }
1059 }
1060 if (ptr != nullptr) {
1061 return false;
1062 }
1063
1064 // Check the hash table.
1065 std::vector<SSL_SESSION*> actual, expected_copy;
1066 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1067 expected_copy = expected;
1068
1069 std::sort(actual.begin(), actual.end());
1070 std::sort(expected_copy.begin(), expected_copy.end());
1071
1072 return actual == expected_copy;
1073}
1074
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1075static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
1076 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new());
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1077 if (!ret) {
1078 return nullptr;
1079 }
1080
1081 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
1082 memset(ret->session_id, 0, ret->session_id_length);
1083 memcpy(ret->session_id, &number, sizeof(number));
1084 return ret;
1085}
1086
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1087// Test that the internal session cache behaves as expected.
1088static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1089 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1090 if (!ctx) {
1091 return false;
1092 }
1093
1094 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1095 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1096 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1097 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1098 if (!session) {
1099 return false;
1100 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1101 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1102 }
1103
1104 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1105
1106 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1107 for (const auto &session : sessions) {
1108 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1109 return false;
1110 }
1111 }
1112
1113 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1114 std::vector<SSL_SESSION*> expected = {
1115 sessions[9].get(),
1116 sessions[8].get(),
1117 sessions[7].get(),
1118 sessions[6].get(),
1119 sessions[5].get(),
1120 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1121 if (!ExpectCache(ctx.get(), expected)) {
1122 return false;
1123 }
1124
1125 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1126 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1127 !ExpectCache(ctx.get(), expected)) {
1128 return false;
1129 }
1130
1131 // Although collisions should be impossible (256-bit session IDs), the cache
1132 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1133 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1134 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1135 return false;
1136 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1137 expected = {
1138 collision.get(),
1139 sessions[9].get(),
1140 sessions[8].get(),
1141 sessions[6].get(),
1142 sessions[5].get(),
1143 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1144 if (!ExpectCache(ctx.get(), expected)) {
1145 return false;
1146 }
1147
1148 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1149 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1150 return false;
1151 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1152 expected = {
1153 collision.get(),
1154 sessions[9].get(),
1155 sessions[8].get(),
1156 sessions[5].get(),
1157 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1158 if (!ExpectCache(ctx.get(), expected)) {
1159 return false;
1160 }
1161
1162 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1163 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1164 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1165 !ExpectCache(ctx.get(), expected)) {
1166 return false;
1167 }
1168
1169 return true;
1170}
1171
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1172static uint16_t EpochFromSequence(uint64_t seq) {
1173 return static_cast<uint16_t>(seq >> 48);
1174}
1175
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1176static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1177 static const char kCertPEM[] =
1178 "-----BEGIN CERTIFICATE-----\n"
1179 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1180 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1181 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1182 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1183 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1184 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1185 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1186 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1187 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1188 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1189 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1190 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1191 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1192 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1193 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1194 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1195}
1196
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1198 static const char kKeyPEM[] =
1199 "-----BEGIN RSA PRIVATE KEY-----\n"
1200 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1201 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1202 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1203 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1204 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1205 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1206 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1207 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1208 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1209 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1210 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1211 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1212 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1213 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1214 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1215 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1216 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1217}
1218
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1219static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1220 static const char kCertPEM[] =
1221 "-----BEGIN CERTIFICATE-----\n"
1222 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1223 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1224 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1225 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1226 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1227 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1228 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1229 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1230 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1231 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1232 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1233 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1234 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1235}
1236
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1237static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1238 static const char kKeyPEM[] =
1239 "-----BEGIN PRIVATE KEY-----\n"
1240 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1241 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1242 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1243 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1244 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1245 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1246 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1247}
1248
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1249static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1250 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1251 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1252 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1253 if (!client || !server) {
1254 return false;
1255 }
1256 SSL_set_connect_state(client.get());
1257 SSL_set_accept_state(server.get());
1258
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1259 SSL_set_session(client.get(), session);
1260
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1261 BIO *bio1, *bio2;
1262 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1263 return false;
1264 }
1265 // SSL_set_bio takes ownership.
1266 SSL_set_bio(client.get(), bio1, bio1);
1267 SSL_set_bio(server.get(), bio2, bio2);
1268
1269 // Drive both their handshakes to completion.
1270 for (;;) {
1271 int client_ret = SSL_do_handshake(client.get());
1272 int client_err = SSL_get_error(client.get(), client_ret);
1273 if (client_err != SSL_ERROR_NONE &&
1274 client_err != SSL_ERROR_WANT_READ &&
1275 client_err != SSL_ERROR_WANT_WRITE) {
1276 fprintf(stderr, "Client error: %d\n", client_err);
1277 return false;
1278 }
1279
1280 int server_ret = SSL_do_handshake(server.get());
1281 int server_err = SSL_get_error(server.get(), server_ret);
1282 if (server_err != SSL_ERROR_NONE &&
1283 server_err != SSL_ERROR_WANT_READ &&
1284 server_err != SSL_ERROR_WANT_WRITE) {
1285 fprintf(stderr, "Server error: %d\n", server_err);
1286 return false;
1287 }
1288
1289 if (client_ret == 1 && server_ret == 1) {
1290 break;
1291 }
1292 }
1293
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1294 *out_client = std::move(client);
1295 *out_server = std::move(server);
1296 return true;
1297}
1298
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1299static uint16_t kTLSVersions[] = {
1300 SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION,
1301};
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1302
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1303static uint16_t kDTLSVersions[] = {
1304 DTLS1_VERSION, DTLS1_2_VERSION,
1305};
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1306
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1307static bool TestSequenceNumber() {
1308 for (bool is_dtls : std::vector<bool>{false, true}) {
1309 const SSL_METHOD *method = is_dtls ? DTLS_method() : TLS_method();
1310 const uint16_t *versions = is_dtls ? kDTLSVersions : kTLSVersions;
1311 size_t num_versions = is_dtls ? OPENSSL_ARRAY_SIZE(kDTLSVersions)
1312 : OPENSSL_ARRAY_SIZE(kTLSVersions);
1313 for (size_t i = 0; i < num_versions; i++) {
1314 uint16_t version = versions[i];
1315 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1316 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1317 if (!server_ctx || !client_ctx ||
1318 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1319 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1320 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1321 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1322 return false;
1323 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1324
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1325 bssl::UniquePtr<X509> cert = GetTestCertificate();
1326 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1327 if (!cert || !key ||
1328 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1329 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1330 return false;
1331 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1332
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1333 bssl::UniquePtr<SSL> client, server;
1334 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1335 server_ctx.get(), nullptr /* no session */)) {
1336 return false;
1337 }
1338
1339 // Drain any post-handshake messages to ensure there are no unread records
1340 // on either end.
1341 uint8_t byte = 0;
1342 if (SSL_read(client.get(), &byte, 1) > 0 ||
1343 SSL_read(server.get(), &byte, 1) > 0) {
1344 fprintf(stderr, "Received unexpected data.\n");
1345 return false;
1346 }
1347
1348 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1349 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1350 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1351 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
1352
1353 if (is_dtls) {
1354 // Both client and server must be at epoch 1.
1355 if (EpochFromSequence(client_read_seq) != 1 ||
1356 EpochFromSequence(client_write_seq) != 1 ||
1357 EpochFromSequence(server_read_seq) != 1 ||
1358 EpochFromSequence(server_write_seq) != 1) {
1359 fprintf(stderr, "Bad epochs.\n");
1360 return false;
1361 }
1362
1363 // The next record to be written should exceed the largest received.
1364 if (client_write_seq <= server_read_seq ||
1365 server_write_seq <= client_read_seq) {
1366 fprintf(stderr, "Inconsistent sequence numbers.\n");
1367 return false;
1368 }
1369 } else {
1370 // The next record to be written should equal the next to be received.
1371 if (client_write_seq != server_read_seq ||
1372 server_write_seq != client_read_seq) {
1373 fprintf(stderr, "Inconsistent sequence numbers.\n");
1374 return false;
1375 }
1376 }
1377
1378 // Send a record from client to server.
1379 if (SSL_write(client.get(), &byte, 1) != 1 ||
1380 SSL_read(server.get(), &byte, 1) != 1) {
1381 fprintf(stderr, "Could not send byte.\n");
1382 return false;
1383 }
1384
1385 // The client write and server read sequence numbers should have
1386 // incremented.
1387 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1388 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1389 fprintf(stderr, "Sequence numbers did not increment.\n");
1390 return false;
1391 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1392 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1393 }
1394
1395 return true;
1396}
1397
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1398static bool TestOneSidedShutdown() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1399 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1400 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1401 if (!client_ctx || !server_ctx) {
1402 return false;
1403 }
1404
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1405 bssl::UniquePtr<X509> cert = GetTestCertificate();
1406 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1407 if (!cert || !key ||
1408 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1409 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1410 return false;
1411 }
1412
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1413 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1414 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1415 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1416 return false;
1417 }
1418
1419 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1420 // one side has shut down.
1421 if (SSL_shutdown(client.get()) != 0) {
1422 fprintf(stderr, "Could not shutdown.\n");
1423 return false;
1424 }
1425
1426 // Reading from the server should consume the EOF.
1427 uint8_t byte;
1428 if (SSL_read(server.get(), &byte, 1) != 0 ||
1429 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1430 fprintf(stderr, "Connection was not shut down cleanly.\n");
1431 return false;
1432 }
1433
1434 // However, the server may continue to write data and then shut down the
1435 // connection.
1436 byte = 42;
1437 if (SSL_write(server.get(), &byte, 1) != 1 ||
1438 SSL_read(client.get(), &byte, 1) != 1 ||
1439 byte != 42) {
1440 fprintf(stderr, "Could not send byte.\n");
1441 return false;
1442 }
1443
1444 // The server may then shutdown the connection.
1445 if (SSL_shutdown(server.get()) != 1 ||
1446 SSL_shutdown(client.get()) != 1) {
1447 fprintf(stderr, "Could not complete shutdown.\n");
1448 return false;
1449 }
1450
1451 return true;
1452}
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1453static bool TestSessionDuplication() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1454 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1455 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1456 if (!client_ctx || !server_ctx) {
1457 return false;
1458 }
1459
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1460 bssl::UniquePtr<X509> cert = GetTestCertificate();
1461 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1462 if (!cert || !key ||
1463 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1464 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1465 return false;
1466 }
1467
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1468 bssl::UniquePtr<SSL> client, server;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1469 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1470 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1471 return false;
1472 }
1473
1474 SSL_SESSION *session0 = SSL_get_session(client.get());
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1475 bssl::UniquePtr<SSL_SESSION> session1(SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1476 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1477 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1478 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1479
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1480 session1->not_resumable = 0;
1481
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1482 uint8_t *s0_bytes, *s1_bytes;
1483 size_t s0_len, s1_len;
1484
1485 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1486 return false;
1487 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1488 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1489
1490 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1491 return false;
1492 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1493 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1494
1495 return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
1496}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1497
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1498static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1499 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1500 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1501 SSL_get_wfd(ssl), rfd, wfd);
1502 return false;
1503 }
1504
1505 // The wrapper BIOs are always equal when fds are equal, even if set
1506 // individually.
1507 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1508 fprintf(stderr, "rbio and wbio did not match.\n");
1509 return false;
1510 }
1511
1512 return true;
1513}
1514
1515static bool TestSetFD() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1516 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1517 if (!ctx) {
1518 return false;
1519 }
1520
1521 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1522 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1523 if (!ssl ||
1524 !SSL_set_rfd(ssl.get(), 1) ||
1525 !SSL_set_wfd(ssl.get(), 2) ||
1526 !ExpectFDs(ssl.get(), 1, 2)) {
1527 return false;
1528 }
1529
1530 // Test setting the same FD.
1531 ssl.reset(SSL_new(ctx.get()));
1532 if (!ssl ||
1533 !SSL_set_fd(ssl.get(), 1) ||
1534 !ExpectFDs(ssl.get(), 1, 1)) {
1535 return false;
1536 }
1537
1538 // Test setting the same FD one side at a time.
1539 ssl.reset(SSL_new(ctx.get()));
1540 if (!ssl ||
1541 !SSL_set_rfd(ssl.get(), 1) ||
1542 !SSL_set_wfd(ssl.get(), 1) ||
1543 !ExpectFDs(ssl.get(), 1, 1)) {
1544 return false;
1545 }
1546
1547 // Test setting the same FD in the other order.
1548 ssl.reset(SSL_new(ctx.get()));
1549 if (!ssl ||
1550 !SSL_set_wfd(ssl.get(), 1) ||
1551 !SSL_set_rfd(ssl.get(), 1) ||
1552 !ExpectFDs(ssl.get(), 1, 1)) {
1553 return false;
1554 }
1555
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1556 // Test changing the read FD partway through.
1557 ssl.reset(SSL_new(ctx.get()));
1558 if (!ssl ||
1559 !SSL_set_fd(ssl.get(), 1) ||
1560 !SSL_set_rfd(ssl.get(), 2) ||
1561 !ExpectFDs(ssl.get(), 2, 1)) {
1562 return false;
1563 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1564
1565 // Test changing the write FD partway through.
1566 ssl.reset(SSL_new(ctx.get()));
1567 if (!ssl ||
1568 !SSL_set_fd(ssl.get(), 1) ||
1569 !SSL_set_wfd(ssl.get(), 2) ||
1570 !ExpectFDs(ssl.get(), 1, 2)) {
1571 return false;
1572 }
1573
1574 // Test a no-op change to the read FD partway through.
1575 ssl.reset(SSL_new(ctx.get()));
1576 if (!ssl ||
1577 !SSL_set_fd(ssl.get(), 1) ||
1578 !SSL_set_rfd(ssl.get(), 1) ||
1579 !ExpectFDs(ssl.get(), 1, 1)) {
1580 return false;
1581 }
1582
1583 // Test a no-op change to the write FD partway through.
1584 ssl.reset(SSL_new(ctx.get()));
1585 if (!ssl ||
1586 !SSL_set_fd(ssl.get(), 1) ||
1587 !SSL_set_wfd(ssl.get(), 1) ||
1588 !ExpectFDs(ssl.get(), 1, 1)) {
1589 return false;
1590 }
1591
1592 // ASan builds will implicitly test that the internal |BIO| reference-counting
1593 // is correct.
1594
1595 return true;
1596}
1597
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1598static bool TestSetBIO() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1599 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1600 if (!ctx) {
1601 return false;
1602 }
1603
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1604 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1605 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1606 bio3(BIO_new(BIO_s_mem()));
1607 if (!ssl || !bio1 || !bio2 || !bio3) {
1608 return false;
1609 }
1610
1611 // SSL_set_bio takes one reference when the parameters are the same.
1612 BIO_up_ref(bio1.get());
1613 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1614
1615 // Repeating the call does nothing.
1616 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1617
1618 // It takes one reference each when the parameters are different.
1619 BIO_up_ref(bio2.get());
1620 BIO_up_ref(bio3.get());
1621 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1622
1623 // Repeating the call does nothing.
1624 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1625
1626 // It takes one reference when changing only wbio.
1627 BIO_up_ref(bio1.get());
1628 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1629
1630 // It takes one reference when changing only rbio and the two are different.
1631 BIO_up_ref(bio3.get());
1632 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1633
1634 // If setting wbio to rbio, it takes no additional references.
1635 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1636
1637 // From there, wbio may be switched to something else.
1638 BIO_up_ref(bio1.get());
1639 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1640
1641 // If setting rbio to wbio, it takes no additional references.
1642 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1643
1644 // From there, rbio may be switched to something else, but, for historical
1645 // reasons, it takes a reference to both parameters.
1646 BIO_up_ref(bio1.get());
1647 BIO_up_ref(bio2.get());
1648 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1649
1650 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1651 // is correct.
1652 return true;
1653}
1654
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1655static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1656
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1657static bool TestGetPeerCertificate() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1658 bssl::UniquePtr<X509> cert = GetTestCertificate();
1659 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1660 if (!cert || !key) {
1661 return false;
1662 }
1663
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]1664 for (uint16_t version : kTLSVersions) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1665 // Configure both client and server to accept any certificate.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1666 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1667 if (!ctx ||
1668 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1669 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1670 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1671 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1672 return false;
1673 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1674 SSL_CTX_set_verify(
1675 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1676 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1677
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1678 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1679 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1680 nullptr /* no session */)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1681 return false;
1682 }
1683
1684 // Client and server should both see the leaf certificate.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1685 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1686 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1687 fprintf(stderr, "%x: Server peer certificate did not match.\n", version);
1688 return false;
1689 }
1690
1691 peer.reset(SSL_get_peer_certificate(client.get()));
1692 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1693 fprintf(stderr, "%x: Client peer certificate did not match.\n", version);
1694 return false;
1695 }
1696
1697 // However, for historical reasons, the chain includes the leaf on the
1698 // client, but does not on the server.
1699 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1700 fprintf(stderr, "%x: Client peer chain was incorrect.\n", version);
1701 return false;
1702 }
1703
1704 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1705 fprintf(stderr, "%x: Server peer chain was incorrect.\n", version);
1706 return false;
1707 }
1708 }
1709
1710 return true;
1711}
1712
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1713static bool TestRetainOnlySHA256OfCerts() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1714 bssl::UniquePtr<X509> cert = GetTestCertificate();
1715 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1716 if (!cert || !key) {
1717 return false;
1718 }
1719
1720 uint8_t *cert_der = NULL;
1721 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1722 if (cert_der_len < 0) {
1723 return false;
1724 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1725 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1726
1727 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1728 SHA256(cert_der, cert_der_len, cert_sha256);
1729
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]1730 for (uint16_t version : kTLSVersions) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1731 // Configure both client and server to accept any certificate, but the
1732 // server must retain only the SHA-256 of the peer.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1733 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1734 if (!ctx ||
1735 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1736 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1737 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1738 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1739 return false;
1740 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1741 SSL_CTX_set_verify(
1742 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1743 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1744 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
1745
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1746 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1747 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1748 nullptr /* no session */)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1749 return false;
1750 }
1751
1752 // The peer certificate has been dropped.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1753 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1754 if (peer) {
1755 fprintf(stderr, "%x: Peer certificate was retained.\n", version);
1756 return false;
1757 }
1758
1759 SSL_SESSION *session = SSL_get_session(server.get());
1760 if (!session->peer_sha256_valid) {
1761 fprintf(stderr, "%x: peer_sha256_valid was not set.\n", version);
1762 return false;
1763 }
1764
1765 if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
1766 fprintf(stderr, "%x: peer_sha256 did not match.\n", version);
1767 return false;
1768 }
1769 }
1770
1771 return true;
1772}
1773
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1774static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1775 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1776 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1777 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1778 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1779 // Our default cipher list varies by CPU capabilities, so manually place
1780 // the ChaCha20 ciphers in front.
1781 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1782 return false;
1783 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1784
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1785 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1786 if (!ssl) {
1787 return false;
1788 }
1789 std::vector<uint8_t> client_hello;
1790 if (!GetClientHello(ssl.get(), &client_hello)) {
1791 return false;
1792 }
1793
1794 // Zero the client_random.
1795 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1796 1 + 3 + // handshake message header
1797 2; // client_version
1798 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1799 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1800 return false;
1801 }
1802 memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
1803
1804 if (client_hello.size() != expected_len ||
1805 memcmp(client_hello.data(), expected, expected_len) != 0) {
1806 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1807 fprintf(stderr, "Got:\n\t");
1808 for (size_t i = 0; i < client_hello.size(); i++) {
1809 fprintf(stderr, "0x%02x, ", client_hello[i]);
1810 }
1811 fprintf(stderr, "\nWanted:\n\t");
1812 for (size_t i = 0; i < expected_len; i++) {
1813 fprintf(stderr, "0x%02x, ", expected[i]);
1814 }
1815 fprintf(stderr, "\n");
1816 return false;
1817 }
1818
1819 return true;
1820}
1821
1822// Tests that our ClientHellos do not change unexpectedly.
1823static bool TestClientHello() {
1824 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1825 0x16,
1826 0x03, 0x00,
1827 0x00, 0x3f,
1828 0x01,
1829 0x00, 0x00, 0x3b,
1830 0x03, 0x00,
1831 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1832 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1833 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1834 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1835 0x00,
1836 0x00, 0x14,
1837 0xc0, 0x09,
1838 0xc0, 0x13,
1839 0x00, 0x33,
1840 0xc0, 0x0a,
1841 0xc0, 0x14,
1842 0x00, 0x39,
1843 0x00, 0x2f,
1844 0x00, 0x35,
1845 0x00, 0x0a,
1846 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1847 };
1848 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1849 sizeof(kSSL3ClientHello))) {
1850 return false;
1851 }
1852
1853 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1854 0x16,
1855 0x03, 0x01,
1856 0x00, 0x5e,
1857 0x01,
1858 0x00, 0x00, 0x5a,
1859 0x03, 0x01,
1860 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1861 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1862 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1863 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1864 0x00,
1865 0x00, 0x12,
1866 0xc0, 0x09,
1867 0xc0, 0x13,
1868 0x00, 0x33,
1869 0xc0, 0x0a,
1870 0xc0, 0x14,
1871 0x00, 0x39,
1872 0x00, 0x2f,
1873 0x00, 0x35,
1874 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1875 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1876 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1877 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1878 };
1879 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1880 sizeof(kTLS1ClientHello))) {
1881 return false;
1882 }
1883
1884 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1885 0x16,
1886 0x03, 0x01,
1887 0x00, 0x5e,
1888 0x01,
1889 0x00, 0x00, 0x5a,
1890 0x03, 0x02,
1891 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1892 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1893 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1894 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1895 0x00,
1896 0x00, 0x12,
1897 0xc0, 0x09,
1898 0xc0, 0x13,
1899 0x00, 0x33,
1900 0xc0, 0x0a,
1901 0xc0, 0x14,
1902 0x00, 0x39,
1903 0x00, 0x2f,
1904 0x00, 0x35,
1905 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1906 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1907 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1908 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1909 };
1910 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1911 sizeof(kTLS11ClientHello))) {
1912 return false;
1913 }
1914
1915 static const uint8_t kTLS12ClientHello[] = {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1916 0x16, 0x03, 0x01, 0x00, 0x9e, 0x01, 0x00, 0x00, 0x9a, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1917 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1918 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1919 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0xcc, 0xa9,
1920 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
1921 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13,
1922 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1923 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1924 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1925 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00,
David Benjamin3a322f52016-10-26 12:45:35 -0400[diff] [blame]1926 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04,
1927 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1928 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
1929 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1930 };
1931 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1932 sizeof(kTLS12ClientHello))) {
1933 return false;
1934 }
1935
1936 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1937 // implementation has settled enough that it won't change.
1938
1939 return true;
1940}
1941
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1942static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1943
1944static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1945 // Save the most recent session.
1946 g_last_session.reset(session);
1947 return 1;
1948}
1949
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1950static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1951 SSL_CTX *server_ctx) {
1952 g_last_session = nullptr;
1953 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1954
1955 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1956 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1957 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1958 nullptr /* no session */)) {
1959 fprintf(stderr, "Failed to connect client and server.\n");
1960 return nullptr;
1961 }
1962
1963 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1964 SSL_read(client.get(), nullptr, 0);
1965
1966 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1967
1968 if (!g_last_session) {
1969 fprintf(stderr, "Client did not receive a session.\n");
1970 return nullptr;
1971 }
1972 return std::move(g_last_session);
1973}
1974
1975static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1976 SSL_SESSION *session,
1977 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1978 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1979 if (!ConnectClientAndServer(&client, &server, client_ctx,
1980 server_ctx, session)) {
1981 fprintf(stderr, "Failed to connect client and server.\n");
1982 return false;
1983 }
1984
1985 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1986 fprintf(stderr, "Client and server were inconsistent.\n");
1987 return false;
1988 }
1989
1990 bool was_reused = !!SSL_session_reused(client.get());
1991 if (was_reused != reused) {
1992 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1993 was_reused ? "" : " not");
1994 return false;
1995 }
1996
1997 return true;
1998}
1999
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2000static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2001 SSL_CTX *server_ctx,
2002 SSL_SESSION *session) {
2003 g_last_session = nullptr;
2004 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2005
2006 bssl::UniquePtr<SSL> client, server;
2007 if (!ConnectClientAndServer(&client, &server, client_ctx,
2008 server_ctx, session)) {
2009 fprintf(stderr, "Failed to connect client and server.\n");
2010 return nullptr;
2011 }
2012
2013 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2014 fprintf(stderr, "Client and server were inconsistent.\n");
2015 return nullptr;
2016 }
2017
2018 if (!SSL_session_reused(client.get())) {
2019 fprintf(stderr, "Session was not reused.\n");
2020 return nullptr;
2021 }
2022
2023 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2024 SSL_read(client.get(), nullptr, 0);
2025
2026 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2027
2028 if (!g_last_session) {
2029 fprintf(stderr, "Client did not receive a renewed session.\n");
2030 return nullptr;
2031 }
2032 return std::move(g_last_session);
2033}
2034
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2035static bool TestSessionIDContext() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2036 bssl::UniquePtr<X509> cert = GetTestCertificate();
2037 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2038 if (!cert || !key) {
2039 return false;
2040 }
2041
2042 static const uint8_t kContext1[] = {1};
2043 static const uint8_t kContext2[] = {2};
2044
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2045 for (uint16_t version : kTLSVersions) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2046 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2047 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2048 if (!server_ctx || !client_ctx ||
2049 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2050 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2051 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2052 sizeof(kContext1)) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2053 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2054 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2055 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2056 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2057 return false;
2058 }
2059
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2060 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2061 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2062
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2063 bssl::UniquePtr<SSL_SESSION> session =
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2064 CreateClientSession(client_ctx.get(), server_ctx.get());
2065 if (!session) {
2066 fprintf(stderr, "Error getting session (version = %04x).\n", version);
2067 return false;
2068 }
2069
2070 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2071 true /* expect session reused */)) {
2072 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2073 return false;
2074 }
2075
2076 // Change the session ID context.
2077 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2078 sizeof(kContext2))) {
2079 return false;
2080 }
2081
2082 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2083 false /* expect session not reused */)) {
2084 fprintf(stderr,
2085 "Error connection with different context (version = %04x).\n",
2086 version);
2087 return false;
2088 }
2089 }
2090
2091 return true;
2092}
2093
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2094static timeval g_current_time;
2095
2096static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2097 *out_clock = g_current_time;
2098}
2099
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2100static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2101 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2102 int encrypt) {
2103 static const uint8_t kZeros[16] = {0};
2104
2105 if (encrypt) {
2106 memcpy(key_name, kZeros, sizeof(kZeros));
2107 RAND_bytes(iv, 16);
2108 } else if (memcmp(key_name, kZeros, 16) != 0) {
2109 return 0;
2110 }
2111
2112 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2113 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2114 return -1;
2115 }
2116
2117 // Returning two from the callback in decrypt mode renews the
2118 // session in TLS 1.2 and below.
2119 return encrypt ? 1 : 2;
2120}
2121
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2122static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2123 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2124 return false;
2125 }
2126
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2127 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2128 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2129 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2130
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame^]2131#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2132 // Fuzzer-mode tickets are unencrypted.
2133 memcpy(plaintext.get(), ciphertext, len);
2134#else
2135 static const uint8_t kZeros[16] = {0};
2136 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2137 bssl::ScopedEVP_CIPHER_CTX ctx;
2138 int len1, len2;
2139 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2140 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2141 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2142 return false;
2143 }
2144
2145 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame^]2146#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2147
2148 bssl::UniquePtr<SSL_SESSION> server_session(
2149 SSL_SESSION_from_bytes(plaintext.get(), len));
2150 if (!server_session) {
2151 return false;
2152 }
2153
2154 *out = server_session->time;
2155 return true;
2156}
2157
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2158static bool TestSessionTimeout() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2159 bssl::UniquePtr<X509> cert = GetTestCertificate();
2160 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2161 if (!cert || !key) {
2162 return false;
2163 }
2164
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2165 for (uint16_t version : kTLSVersions) {
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2166 for (bool server_test : std::vector<bool>{false, true}) {
2167 static const int kStartTime = 1000;
2168 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2169
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2170 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2171 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
2172 if (!server_ctx || !client_ctx ||
2173 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2174 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2175 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2176 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2177 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2178 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2179 return false;
2180 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2181
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2182 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2183 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2184
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2185 // Both client and server must enforce session timeouts.
2186 if (server_test) {
2187 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2188 } else {
2189 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
2190 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2191
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2192 // Configure a ticket callback which renews tickets.
2193 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2194
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2195 bssl::UniquePtr<SSL_SESSION> session =
2196 CreateClientSession(client_ctx.get(), server_ctx.get());
2197 if (!session) {
2198 fprintf(stderr, "Error getting session (version = %04x).\n", version);
2199 return false;
2200 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2201
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2202 // Advance the clock just behind the timeout.
David Benjamin8e816eb2016-11-02 23:24:29 -0400[diff] [blame]2203 g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT - 1;
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2204
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2205 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2206 session.get(),
2207 true /* expect session reused */)) {
2208 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2209 return false;
2210 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2211
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2212 // Advance the clock one more second.
2213 g_current_time.tv_sec++;
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2214
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2215 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2216 session.get(),
2217 false /* expect session not reused */)) {
2218 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2219 return false;
2220 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2221
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2222 // Rewind the clock to before the session was minted.
2223 g_current_time.tv_sec = kStartTime - 1;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2224
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2225 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2226 session.get(),
2227 false /* expect session not reused */)) {
2228 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2229 return false;
2230 }
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2231
2232 // SSL 3.0 cannot renew sessions.
2233 if (version == SSL3_VERSION) {
2234 continue;
2235 }
2236
2237 // Renew the session 10 seconds before expiration.
2238 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 10;
2239 bssl::UniquePtr<SSL_SESSION> new_session = ExpectSessionRenewed(
2240 client_ctx.get(), server_ctx.get(), session.get());
2241 if (!new_session) {
2242 fprintf(stderr, "Error renewing session (version = %04x).\n", version);
2243 return false;
2244 }
2245
2246 // This new session is not the same object as before.
2247 if (session.get() == new_session.get()) {
2248 fprintf(stderr, "New and old sessions alias (version = %04x).\n",
2249 version);
2250 return false;
2251 }
2252
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2253 // Check the sessions have timestamps measured from issuance.
2254 long session_time = 0;
2255 if (server_test) {
2256 if (!GetServerTicketTime(&session_time, new_session.get())) {
2257 fprintf(stderr, "Failed to decode session ticket (version = %04x).\n",
2258 version);
2259 return false;
2260 }
2261 } else {
2262 session_time = new_session->time;
2263 }
2264
2265 if (session_time != g_current_time.tv_sec) {
2266 fprintf(stderr,
2267 "New session is not measured from issuance (version = %04x).\n",
2268 version);
2269 return false;
2270 }
2271
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2272 // The new session is usable just before the old expiration.
2273 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 1;
2274 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2275 new_session.get(),
2276 true /* expect session reused */)) {
2277 fprintf(stderr, "Error resuming renewed session (version = %04x).\n",
2278 version);
2279 return false;
2280 }
2281
2282 // Renewal does not extend the lifetime, so it is not usable beyond the
2283 // old expiration.
2284 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT + 1;
2285 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2286 new_session.get(),
2287 false /* expect session not reused */)) {
2288 fprintf(stderr,
2289 "Renewed session's lifetime is too long (version = %04x).\n",
2290 version);
2291 return false;
2292 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2293 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2294 }
2295
2296 return true;
2297}
2298
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2299static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2300 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2301 SSL_set_SSL_CTX(ssl, ctx);
2302 return SSL_TLSEXT_ERR_OK;
2303}
2304
2305static bool TestSNICallback() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2306 bssl::UniquePtr<X509> cert = GetTestCertificate();
2307 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2308 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2309 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2310 if (!cert || !key || !cert2 || !key2) {
2311 return false;
2312 }
2313
2314 // At each version, test that switching the |SSL_CTX| at the SNI callback
2315 // behaves correctly.
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2316 for (uint16_t version : kTLSVersions) {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2317 if (version == SSL3_VERSION) {
2318 continue;
2319 }
2320
2321 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
2322
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2323 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2324 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(TLS_method()));
2325 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2326 if (!server_ctx || !server_ctx2 || !client_ctx ||
2327 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2328 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2329 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2330 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2331 // Historically signing preferences would be lost in some cases with the
2332 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2333 // this doesn't happen when |version| is TLS 1.2, configure the private
2334 // key to only sign SHA-256.
2335 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2336 &kECDSAWithSHA256, 1) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2337 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2338 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2339 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2340 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2341 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2342 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2343 return false;
2344 }
2345
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2346 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2347 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
2348
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2349 bssl::UniquePtr<SSL> client, server;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2350 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2351 server_ctx.get(), nullptr)) {
2352 fprintf(stderr, "Handshake failed at version %04x.\n", version);
2353 return false;
2354 }
2355
2356 // The client should have received |cert2|.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2357 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2358 if (!peer ||
2359 X509_cmp(peer.get(), cert2.get()) != 0) {
2360 fprintf(stderr, "Incorrect certificate received at version %04x.\n",
2361 version);
2362 return false;
2363 }
2364 }
2365
2366 return true;
2367}
2368
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2369static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) {
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2370 if (!SSL_set_max_proto_version(ctx->ssl, TLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2371 return -1;
2372 }
2373
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2374 return 1;
2375}
2376
2377// TestEarlyCallbackVersionSwitch tests that the early callback can swap the
2378// maximum version.
2379static bool TestEarlyCallbackVersionSwitch() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2380 bssl::UniquePtr<X509> cert = GetTestCertificate();
2381 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2382 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2383 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2384 if (!cert || !key || !server_ctx || !client_ctx ||
2385 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2386 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2387 !SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION) ||
2388 !SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)) {
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2389 return false;
2390 }
2391
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2392 SSL_CTX_set_select_certificate_cb(server_ctx.get(), SetMaxVersion);
2393
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2394 bssl::UniquePtr<SSL> client, server;
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2395 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2396 server_ctx.get(), nullptr)) {
2397 return false;
2398 }
2399
2400 if (SSL_version(client.get()) != TLS1_2_VERSION) {
2401 fprintf(stderr, "Early callback failed to switch the maximum version.\n");
2402 return false;
2403 }
2404
2405 return true;
2406}
2407
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2408static bool TestSetVersion() {
2409 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2410 if (!ctx) {
2411 return false;
2412 }
2413
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2414 if (!SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2415 !SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION) ||
2416 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2417 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2418 fprintf(stderr, "Could not set valid TLS version.\n");
2419 return false;
2420 }
2421
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2422 if (SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2423 SSL_CTX_set_max_proto_version(ctx.get(), 0x0200) ||
2424 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2425 SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2426 SSL_CTX_set_min_proto_version(ctx.get(), 0x0200) ||
2427 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2428 fprintf(stderr, "Unexpectedly set invalid TLS version.\n");
2429 return false;
2430 }
2431
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2432 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2433 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2434 fprintf(stderr, "Could not set default TLS version.\n");
2435 return false;
2436 }
2437
2438 if (ctx->min_version != SSL3_VERSION ||
2439 ctx->max_version != TLS1_2_VERSION) {
2440 fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n",
2441 ctx->min_version, ctx->max_version);
2442 return false;
2443 }
2444
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2445 ctx.reset(SSL_CTX_new(DTLS_method()));
2446 if (!ctx) {
2447 return false;
2448 }
2449
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2450 if (!SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2451 !SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION) ||
2452 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2453 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2454 fprintf(stderr, "Could not set valid DTLS version.\n");
2455 return false;
2456 }
2457
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2458 if (SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2459 SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2460 SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2461 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2462 SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2463 SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2464 SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2465 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2466 fprintf(stderr, "Unexpectedly set invalid DTLS version.\n");
2467 return false;
2468 }
2469
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2470 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2471 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2472 fprintf(stderr, "Could not set default DTLS version.\n");
2473 return false;
2474 }
2475
2476 if (ctx->min_version != TLS1_1_VERSION ||
2477 ctx->max_version != TLS1_2_VERSION) {
2478 fprintf(stderr, "Default DTLS versions were incorrect (%04x and %04x).\n",
2479 ctx->min_version, ctx->max_version);
2480 return false;
2481 }
2482
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2483 return true;
2484}
2485
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2486static bool TestVersions() {
2487 bssl::UniquePtr<X509> cert = GetTestCertificate();
2488 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2489 if (!cert || !key) {
2490 return false;
2491 }
2492
2493 for (bool is_dtls : std::vector<bool>{false, true}) {
2494 const SSL_METHOD *method = is_dtls ? DTLS_method() : TLS_method();
2495 const char *name = is_dtls ? "DTLS" : "TLS";
2496 const uint16_t *versions = is_dtls ? kDTLSVersions : kTLSVersions;
2497 size_t num_versions = is_dtls ? OPENSSL_ARRAY_SIZE(kDTLSVersions)
2498 : OPENSSL_ARRAY_SIZE(kTLSVersions);
2499 for (size_t i = 0; i < num_versions; i++) {
2500 uint16_t version = versions[i];
2501 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2502 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2503 bssl::UniquePtr<SSL> client, server;
2504 if (!server_ctx || !client_ctx ||
2505 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2506 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2507 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2508 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2509 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2510 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2511 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2512 server_ctx.get(), nullptr /* no session */)) {
2513 fprintf(stderr, "Failed to connect %s at version %04x.\n", name,
2514 version);
2515 return false;
2516 }
2517
2518 if (SSL_version(client.get()) != version ||
2519 SSL_version(server.get()) != version) {
2520 fprintf(stderr,
2521 "%s version mismatch. Got %04x and %04x, wanted %04x.\n", name,
2522 SSL_version(client.get()), SSL_version(server.get()), version);
2523 return false;
2524 }
2525 }
2526 }
2527
2528 return true;
2529}
2530
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2531// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2532// selection callback.
2533static bool TestALPNCipherAvailable() {
2534 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2535
2536 bssl::UniquePtr<X509> cert = GetTestCertificate();
2537 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2538 if (!cert || !key) {
2539 return false;
2540 }
2541
2542 for (uint16_t version : kTLSVersions) {
2543 // SSL 3.0 lacks extensions.
2544 if (version == SSL3_VERSION) {
2545 continue;
2546 }
2547
2548 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2549 if (!ctx ||
2550 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2551 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2552 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2553 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2554 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2555 0) {
2556 return false;
2557 }
2558
2559 // The ALPN callback does not fail the handshake on error, so have the
2560 // callback write a boolean.
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2561 std::pair<uint16_t, bool> callback_state(version, false);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2562 SSL_CTX_set_alpn_select_cb(
2563 ctx.get(),
2564 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2565 unsigned in_len, void *arg) -> int {
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2566 auto state = reinterpret_cast<std::pair<uint16_t, bool>*>(arg);
2567 if (SSL_get_pending_cipher(ssl) != nullptr &&
2568 SSL_version(ssl) == state->first) {
2569 state->second = true;
2570 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2571 return SSL_TLSEXT_ERR_NOACK;
2572 },
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2573 &callback_state);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2574
2575 bssl::UniquePtr<SSL> client, server;
2576 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2577 nullptr /* no session */)) {
2578 return false;
2579 }
2580
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2581 if (!callback_state.second) {
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2582 fprintf(stderr,
2583 "%x: The pending cipher was not known in the ALPN callback.\n",
2584 version);
2585 return false;
2586 }
2587 }
2588
2589 return true;
2590}
2591
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]2592int main() {
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]2593 CRYPTO_library_init();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2594
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2595 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]2596 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2597 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
2598 !TestSSL_SESSIONEncoding(kCustomSession) ||
2599 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
2600 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
2601 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
2602 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]2603 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2604 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
2605 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
2606 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
2607 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
2608 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
2609 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
2610 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
2611 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
2612 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]2613 // Test the padding extension at TLS 1.2.
2614 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
2615 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
2616 // will be no PSK binder after the padding extension.
2617 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
2618 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
2619 // will be a PSK binder after the padding extension.
2620 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2621 !TestClientCAList() ||
2622 !TestInternalSessionCache() ||
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]2623 !TestSequenceNumber() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2624 !TestOneSidedShutdown() ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]2625 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]2626 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]2627 !TestSetBIO() ||
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]2628 !TestGetPeerCertificate() ||
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2629 !TestRetainOnlySHA256OfCerts() ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2630 !TestClientHello() ||
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2631 !TestSessionIDContext() ||
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2632 !TestSessionTimeout() ||
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2633 !TestSNICallback() ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2634 !TestEarlyCallbackVersionSwitch() ||
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2635 !TestSetVersion() ||
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2636 !TestVersions() ||
2637 !TestALPNCipherAvailable()) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]2638 ERR_print_errors_fp(stderr);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2639 return 1;
2640 }
2641
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]2642 printf("PASS\n");
2643 return 0;
2644}