Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / a833c357edae4eb7f47b9808bf744bd9bb0df18d / . / ssl / ssl_test.cc
blob: ac86baa7e8e3e339e9c229e81fe64a6896d0be87 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]24#include <openssl/base64.h>
25#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]26#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]27#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]28#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]29#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]30#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]31#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]32#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]33#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]34#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]35
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]36#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]37#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]38#include "../crypto/test/test_util.h"
39
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]40#if defined(OPENSSL_WINDOWS)
41/* Windows defines struct timeval in winsock2.h. */
42OPENSSL_MSVC_PRAGMA(warning(push, 3))
43#include <winsock2.h>
44OPENSSL_MSVC_PRAGMA(warning(pop))
45#else
46#include <sys/time.h>
47#endif
48
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]49
50struct ExpectedCipher {
51 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]52 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]53};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55struct CipherTest {
56 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]57 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]58 // The list of expected ciphers, in order.
59 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]60};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]61
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]62struct CurveTest {
63 // The rule string to apply.
64 const char *rule;
65 // The list of expected curves, in order.
66 std::vector<uint16_t> expected;
67};
68
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]69static const CipherTest kCipherTests[] = {
70 // Selecting individual ciphers should work.
71 {
72 "ECDHE-ECDSA-CHACHA20-POLY1305:"
73 "ECDHE-RSA-CHACHA20-POLY1305:"
74 "ECDHE-ECDSA-AES128-GCM-SHA256:"
75 "ECDHE-RSA-AES128-GCM-SHA256",
76 {
77 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
78 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
79 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
80 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
94 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
95 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
96 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
97 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
99 },
100 },
101 // ! banishes ciphers from future selections.
102 {
103 "!aRSA:"
104 "ECDHE-ECDSA-CHACHA20-POLY1305:"
105 "ECDHE-RSA-CHACHA20-POLY1305:"
106 "ECDHE-ECDSA-AES128-GCM-SHA256:"
107 "ECDHE-RSA-AES128-GCM-SHA256",
108 {
109 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
110 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
111 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
112 },
113 },
114 // Multiple masks can be ANDed in a single rule.
115 {
116 "kRSA+AESGCM+AES128",
117 {
118 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
119 },
120 },
121 // - removes selected ciphers, but preserves their order for future
122 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
123 // ECDHE_RSA.
124 {
125 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
126 "AESGCM+AES128+aRSA",
127 {
128 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
129 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
130 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
131 },
132 },
133 // Unknown selectors are no-ops.
134 {
135 "ECDHE-ECDSA-CHACHA20-POLY1305:"
136 "ECDHE-RSA-CHACHA20-POLY1305:"
137 "ECDHE-ECDSA-AES128-GCM-SHA256:"
138 "ECDHE-RSA-AES128-GCM-SHA256:"
139 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
140 {
141 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
142 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
143 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
144 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
145 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
146 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
147 },
148 },
149 // Square brackets specify equi-preference groups.
150 {
151 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
152 "[ECDHE-RSA-CHACHA20-POLY1305]:"
153 "ECDHE-RSA-AES128-GCM-SHA256",
154 {
155 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
156 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1},
157 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
158 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1},
159 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
160 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
161 },
162 },
163 // @STRENGTH performs a stable strength-sort of the selected ciphers and
164 // only the selected ciphers.
165 {
166 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]167 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]168 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
169 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]170 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]171 // Select ECDHE ones and sort them by strength. Ties should resolve
172 // based on the order above.
173 "kECDHE:@STRENGTH:-ALL:"
174 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
175 // by strength. Then RSA, backwards by strength.
176 "aRSA",
177 {
178 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
179 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
180 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]181 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]182 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
183 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
184 },
185 },
186 // Exact ciphers may not be used in multi-part rules; they are treated
187 // as unknown aliases.
188 {
189 "ECDHE-ECDSA-AES128-GCM-SHA256:"
190 "ECDHE-RSA-AES128-GCM-SHA256:"
191 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
192 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
193 {
194 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
195 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
196 },
197 },
198 // SSLv3 matches everything that existed before TLS 1.2.
199 {
200 "AES128-SHA:AES128-SHA256:!SSLv3",
201 {
202 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
203 },
204 },
205 // TLSv1.2 matches everything added in TLS 1.2.
206 {
207 "AES128-SHA:AES128-SHA256:!TLSv1.2",
208 {
209 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
210 },
211 },
212 // The two directives have no intersection.
213 {
214 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
215 {
216 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
217 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
218 },
219 },
220 // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher
221 // name and not an alias. It may not be used in a multipart rule. (That the
222 // shared name works is covered by the standard tests.)
223 {
224 "ECDHE-ECDSA-CHACHA20-POLY1305:"
225 "ECDHE-RSA-CHACHA20-POLY1305:"
226 "!ECDHE-RSA-CHACHA20-POLY1305+RSA:"
227 "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305",
228 {
229 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
230 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
231 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
232 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
233 },
234 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]235};
236
237static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]238 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]239 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
240 "RSA]",
241 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]242 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]243 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]244 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]245 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]246 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]247 "",
248 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]249 // COMPLEMENTOFDEFAULT is empty.
250 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]251 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]252 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]253 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]254 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
255 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
256 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
257 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]258 // Opcode supplied, but missing selector.
259 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]260};
261
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]262static const char *kMustNotIncludeNull[] = {
263 "ALL",
264 "DEFAULT",
265 "ALL:!eNULL",
266 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]267 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]268 "FIPS",
269 "SHA",
270 "SHA1",
271 "RSA",
272 "SSLv3",
273 "TLSv1",
274 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]275};
276
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]277static const char *kMustNotIncludeCECPQ1[] = {
278 "ALL",
279 "DEFAULT",
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]280 "HIGH",
281 "FIPS",
282 "SHA",
283 "SHA1",
284 "SHA256",
285 "SHA384",
286 "RSA",
287 "SSLv3",
288 "TLSv1",
289 "TLSv1.2",
290 "aRSA",
291 "RSA",
292 "aECDSA",
293 "ECDSA",
294 "AES",
295 "AES128",
296 "AES256",
297 "AESGCM",
298 "CHACHA20",
299};
300
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]301static const CurveTest kCurveTests[] = {
302 {
303 "P-256",
304 { SSL_CURVE_SECP256R1 },
305 },
306 {
307 "P-256:P-384:P-521:X25519",
308 {
309 SSL_CURVE_SECP256R1,
310 SSL_CURVE_SECP384R1,
311 SSL_CURVE_SECP521R1,
312 SSL_CURVE_X25519,
313 },
314 },
315};
316
317static const char *kBadCurvesLists[] = {
318 "",
319 ":",
320 "::",
321 "P-256::X25519",
322 "RSA:P-256",
323 "P-256:RSA",
324 "X25519:P-256:",
325 ":X25519:P-256",
326};
327
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]328static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
329 bool in_group = false;
330 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
332 if (!in_group && list->in_group_flags[i]) {
333 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]334 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]335 }
336 fprintf(stderr, "\t");
337 if (in_group) {
338 fprintf(stderr, " ");
339 }
340 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
341 if (in_group && !list->in_group_flags[i]) {
342 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]343 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]344 }
345 }
346}
347
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]348static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]349 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]350 if (!ctx) {
351 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]352 }
353
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]354 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
355 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]356 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]357 }
358
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]359 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]360 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
361 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
362 PrintCipherPreferenceList(ctx->cipher_list);
363 return false;
364 }
365
366 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]367 const SSL_CIPHER *cipher =
368 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]369 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
370 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
371 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]372 PrintCipherPreferenceList(ctx->cipher_list);
373 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]374 }
375 }
376
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]377 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]378}
379
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]380static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]381 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]382 if (!ctx) {
383 return false;
384 }
385 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
386 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
387 return false;
388 }
389 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
390 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
391 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
392 return false;
393 }
394 }
395 return true;
396}
397
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]398static bool TestRuleDoesNotIncludeCECPQ1(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]399 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]400 if (!ctx) {
401 return false;
402 }
403 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
404 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
405 return false;
406 }
407 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
408 if (SSL_CIPHER_is_CECPQ1(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
409 fprintf(stderr, "Error: cipher rule '%s' includes CECPQ1\n",rule);
410 return false;
411 }
412 }
413 return true;
414}
415
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]416static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]417 for (const CipherTest &test : kCipherTests) {
418 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]419 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]420 }
421 }
422
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]423 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]424 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]425 if (!ctx) {
426 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]427 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]428 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
429 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]430 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]431 }
432 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]433 }
434
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]435 for (const char *rule : kMustNotIncludeNull) {
436 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]437 return false;
438 }
439 }
440
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]441 for (const char *rule : kMustNotIncludeCECPQ1) {
442 if (!TestRuleDoesNotIncludeCECPQ1(rule)) {
443 return false;
444 }
445 }
446
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]447 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]448}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]449
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]450static bool TestCurveRule(const CurveTest &t) {
451 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
452 if (!ctx) {
453 return false;
454 }
455
456 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
457 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
458 return false;
459 }
460
461 // Compare the two lists.
462 if (ctx->supported_group_list_len != t.expected.size()) {
463 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
464 return false;
465 }
466
467 for (size_t i = 0; i < t.expected.size(); i++) {
468 if (t.expected[i] != ctx->supported_group_list[i]) {
469 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
470 return false;
471 }
472 }
473
474 return true;
475}
476
477static bool TestCurveRules() {
478 for (const CurveTest &test : kCurveTests) {
479 if (!TestCurveRule(test)) {
480 return false;
481 }
482 }
483
484 for (const char *rule : kBadCurvesLists) {
485 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
486 if (!ctx) {
487 return false;
488 }
489 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
490 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
491 return false;
492 }
493 ERR_clear_error();
494 }
495
496 return true;
497}
498
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]499// kOpenSSLSession is a serialized SSL_SESSION generated from openssl
500// s_client -sess_out.
501static const char kOpenSSLSession[] =
502 "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
503 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
504 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
505 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
506 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
507 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
508 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
509 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
510 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
511 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
512 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
513 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
514 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
515 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
516 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
517 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
518 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
519 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
520 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
521 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
522 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
523 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
524 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
525 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
526 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
527 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
528 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
529 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
530 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
531 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
532 "i4gv7Y5oliyn";
533
534// kCustomSession is a custom serialized SSL_SESSION generated by
535// filling in missing fields from |kOpenSSLSession|. This includes
536// providing |peer_sha256|, so |peer| is not serialized.
537static const char kCustomSession[] =
538 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
539 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
540 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
541 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
542 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
543 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
544 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
545 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
546
547// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
548static const char kBoringSSLSession[] =
549 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
550 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
551 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
552 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
553 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
554 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
555 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
556 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
557 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
558 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
559 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
560 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
561 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
562 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
563 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
564 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
565 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
566 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
567 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
568 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
569 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
570 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
571 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
572 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
573 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
574 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
575 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
576 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
577 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
578 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
579 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
580 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
581 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
582 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
583 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
584 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
585 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
586 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
587 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
588 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
589 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
590 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
591 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
592 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
593 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
594 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
595 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
596 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
597 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
598 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
599 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
600 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
601 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
602 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
603 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
604 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
605 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
606 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
607 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
608 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
609 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
610 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
611 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
612 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
613 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
614 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
615 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
616 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
617 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
618 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
619 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
620 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
621 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
622 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
623 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
624 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
625 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
626 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
627 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
628 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
629 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
630 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
631 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
632 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
633 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
634 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
635 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
636 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
637 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
638 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
639 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
640 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
641 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
642 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
643 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
644
645// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
646// the final (optional) element of |kCustomSession| with tag number 30.
647static const char kBadSessionExtraField[] =
648 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
649 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
650 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
651 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
652 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
653 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
654 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
655 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
656
657// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
658// the version of |kCustomSession| with 2.
659static const char kBadSessionVersion[] =
660 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
661 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
662 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
663 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
664 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
665 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
666 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
667 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
668
669// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
670// appended.
671static const char kBadSessionTrailingData[] =
672 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
673 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
674 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
675 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
676 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
677 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
678 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
679 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
680
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]683 if (!EVP_DecodedLength(&len, strlen(in))) {
684 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]686 }
687
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]688 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]689 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 strlen(in))) {
691 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]693 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694 out->resize(len);
695 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]696}
697
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 const uint8_t *cptr;
700 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]701
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]702 // Decode the input.
703 std::vector<uint8_t> input;
704 if (!DecodeBase64(&input, input_b64)) {
705 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 }
707
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]708 // Verify the SSL_SESSION decodes.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]709 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]710 if (!session) {
711 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]712 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]713 }
714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Verify the SSL_SESSION encoding round-trips.
716 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]717 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 uint8_t *encoded_raw;
719 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]720 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]722 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]723 encoded.reset(encoded_raw);
724 if (encoded_len != input.size() ||
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]725 memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]726 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]727 hexdump(stderr, "Before: ", input.data(), input.size());
728 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]729 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]730 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]731
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]732 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]733 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]734 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]735 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]736 fprintf(stderr, "d2i_SSL_SESSION failed\n");
737 return false;
738 }
739
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]740 // Verify the SSL_SESSION encoding round-trips via the legacy API.
741 int len = i2d_SSL_SESSION(session.get(), NULL);
742 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]743 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]744 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]745 }
746
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
748 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]749 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]750 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]751 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]752
753 ptr = encoded.get();
754 len = i2d_SSL_SESSION(session.get(), &ptr);
755 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]756 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]757 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]758 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]759 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]760 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]761 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]762 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]763 if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]764 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]765 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]766 }
767
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769}
770
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]771static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
772 std::vector<uint8_t> input;
773 if (!DecodeBase64(&input, input_b64)) {
774 return false;
775 }
776
777 // Verify that the SSL_SESSION fails to decode.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]778 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]779 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]780 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]781 return false;
782 }
783 ERR_clear_error();
784 return true;
785}
786
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]787static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]788 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]789 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]790 if (!ctx) {
791 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]792 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]793 if (ctx->min_version != min_version || ctx->max_version != max_version) {
794 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
795 ctx->min_version, ctx->max_version, min_version, max_version);
796 return false;
797 }
798 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]799}
800
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]801static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]802 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
803 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]804 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]805 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]806 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]807 if (!rfc_name) {
808 return false;
809 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]810 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]811 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]812}
813
814typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]815 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]816 const char *rfc_name;
817} CIPHER_RFC_NAME_TEST;
818
819static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]820 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
821 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
822 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
823 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
824 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
825 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
826 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
827 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
828 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
829 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
830 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
831 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
832 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
833 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
834 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
835 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
836 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
837 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
838 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
839 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
840 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
841 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
842
843 // These names are non-standard:
844 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
845 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
846 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
847 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]848};
849
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]850static bool TestCipherGetRFCName(void) {
851 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]852 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]853 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]854 std::string rfc_name;
855 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
856 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
857 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]858 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]859 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]860 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]861 rfc_name.c_str(), test->rfc_name);
862 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]863 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]864 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]865 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]866}
867
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]868// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
869// version and ticket length or nullptr on failure.
870static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
871 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]872 std::vector<uint8_t> der;
873 if (!DecodeBase64(&der, kOpenSSLSession)) {
874 return nullptr;
875 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]876 bssl::UniquePtr<SSL_SESSION> session(
877 SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]878 if (!session) {
879 return nullptr;
880 }
881
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]882 session->ssl_version = version;
883
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]884 // Swap out the ticket for a garbage one.
885 OPENSSL_free(session->tlsext_tick);
886 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
887 if (session->tlsext_tick == nullptr) {
888 return nullptr;
889 }
890 memset(session->tlsext_tick, 'a', ticket_len);
891 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]892
893 // Fix up the timeout.
894 session->time = time(NULL);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]895 return session;
896}
897
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]898static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]899 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]900 if (!bio) {
901 return false;
902 }
903 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]904 BIO_up_ref(bio.get());
905 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]906 int ret = SSL_connect(ssl);
907 if (ret > 0) {
908 // SSL_connect should fail without a BIO to write to.
909 return false;
910 }
911 ERR_clear_error();
912
913 const uint8_t *client_hello;
914 size_t client_hello_len;
915 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
916 return false;
917 }
918 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
919 return true;
920}
921
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]922// GetClientHelloLen creates a client SSL connection with the specified version
923// and ticket length. It returns the length of the ClientHello, not including
924// the record header, on success and zero on error.
925static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
926 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]927 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]928 bssl::UniquePtr<SSL_SESSION> session =
929 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]930 if (!ctx || !session) {
931 return 0;
932 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]933
934 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]935 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]936 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]937 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
938 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]939 return 0;
940 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]941
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]942 std::vector<uint8_t> client_hello;
943 if (!GetClientHello(ssl.get(), &client_hello) ||
944 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]945 return 0;
946 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]947
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]948 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]949}
950
951struct PaddingTest {
952 size_t input_len, padded_len;
953};
954
955static const PaddingTest kPaddingTests[] = {
956 // ClientHellos of length below 0x100 do not require padding.
957 {0xfe, 0xfe},
958 {0xff, 0xff},
959 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
960 {0x100, 0x200},
961 {0x123, 0x200},
962 {0x1fb, 0x200},
963 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
964 // padding extension takes a minimum of four bytes plus one required content
965 // byte. (To work around yet more server bugs, we avoid empty final
966 // extensions.)
967 {0x1fc, 0x201},
968 {0x1fd, 0x202},
969 {0x1fe, 0x203},
970 {0x1ff, 0x204},
971 // Finally, larger ClientHellos need no padding.
972 {0x200, 0x200},
973 {0x201, 0x201},
974};
975
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]976static bool TestPaddingExtension(uint16_t max_version,
977 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]978 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]979 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]980 if (base_len == 0) {
981 return false;
982 }
983
984 for (const PaddingTest &test : kPaddingTests) {
985 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]986 fprintf(stderr,
987 "Baseline ClientHello too long (max_version = %04x, "
988 "session_version = %04x).\n",
989 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]990 return false;
991 }
992
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]993 size_t padded_len = GetClientHelloLen(max_version, session_version,
994 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]995 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]996 fprintf(stderr,
997 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
998 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]999 static_cast<unsigned>(test.input_len),
1000 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]1001 static_cast<unsigned>(test.padded_len), max_version,
1002 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1003 return false;
1004 }
1005 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]1006
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1007 return true;
1008}
1009
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1010// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1011// before configuring as a server.
1012static bool TestClientCAList() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1013 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1014 if (!ctx) {
1015 return false;
1016 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1018 if (!ssl) {
1019 return false;
1020 }
1021
1022 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
1023 if (stack == nullptr) {
1024 return false;
1025 }
1026 // |SSL_set_client_CA_list| takes ownership.
1027 SSL_set_client_CA_list(ssl.get(), stack);
1028
1029 return SSL_get_client_CA_list(ssl.get()) == stack;
1030}
1031
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1032static void AppendSession(SSL_SESSION *session, void *arg) {
1033 std::vector<SSL_SESSION*> *out =
1034 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1035 out->push_back(session);
1036}
1037
1038// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
1039// order.
1040static bool ExpectCache(SSL_CTX *ctx,
1041 const std::vector<SSL_SESSION*> &expected) {
1042 // Check the linked list.
1043 SSL_SESSION *ptr = ctx->session_cache_head;
1044 for (SSL_SESSION *session : expected) {
1045 if (ptr != session) {
1046 return false;
1047 }
1048 // TODO(davidben): This is an absurd way to denote the end of the list.
1049 if (ptr->next ==
1050 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1051 ptr = nullptr;
1052 } else {
1053 ptr = ptr->next;
1054 }
1055 }
1056 if (ptr != nullptr) {
1057 return false;
1058 }
1059
1060 // Check the hash table.
1061 std::vector<SSL_SESSION*> actual, expected_copy;
1062 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1063 expected_copy = expected;
1064
1065 std::sort(actual.begin(), actual.end());
1066 std::sort(expected_copy.begin(), expected_copy.end());
1067
1068 return actual == expected_copy;
1069}
1070
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1071static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
1072 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new());
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1073 if (!ret) {
1074 return nullptr;
1075 }
1076
1077 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
1078 memset(ret->session_id, 0, ret->session_id_length);
1079 memcpy(ret->session_id, &number, sizeof(number));
1080 return ret;
1081}
1082
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1083// Test that the internal session cache behaves as expected.
1084static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1085 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1086 if (!ctx) {
1087 return false;
1088 }
1089
1090 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1091 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1092 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1093 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1094 if (!session) {
1095 return false;
1096 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1097 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1098 }
1099
1100 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1101
1102 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1103 for (const auto &session : sessions) {
1104 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1105 return false;
1106 }
1107 }
1108
1109 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1110 std::vector<SSL_SESSION*> expected = {
1111 sessions[9].get(),
1112 sessions[8].get(),
1113 sessions[7].get(),
1114 sessions[6].get(),
1115 sessions[5].get(),
1116 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1117 if (!ExpectCache(ctx.get(), expected)) {
1118 return false;
1119 }
1120
1121 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1122 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1123 !ExpectCache(ctx.get(), expected)) {
1124 return false;
1125 }
1126
1127 // Although collisions should be impossible (256-bit session IDs), the cache
1128 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1129 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1130 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1131 return false;
1132 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1133 expected = {
1134 collision.get(),
1135 sessions[9].get(),
1136 sessions[8].get(),
1137 sessions[6].get(),
1138 sessions[5].get(),
1139 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1140 if (!ExpectCache(ctx.get(), expected)) {
1141 return false;
1142 }
1143
1144 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1145 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1146 return false;
1147 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1148 expected = {
1149 collision.get(),
1150 sessions[9].get(),
1151 sessions[8].get(),
1152 sessions[5].get(),
1153 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1154 if (!ExpectCache(ctx.get(), expected)) {
1155 return false;
1156 }
1157
1158 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1159 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1160 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1161 !ExpectCache(ctx.get(), expected)) {
1162 return false;
1163 }
1164
1165 return true;
1166}
1167
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1168static uint16_t EpochFromSequence(uint64_t seq) {
1169 return static_cast<uint16_t>(seq >> 48);
1170}
1171
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1172static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1173 static const char kCertPEM[] =
1174 "-----BEGIN CERTIFICATE-----\n"
1175 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1176 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1177 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1178 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1179 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1180 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1181 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1182 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1183 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1184 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1185 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1186 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1187 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1188 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1189 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1190 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1191}
1192
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1193static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1194 static const char kKeyPEM[] =
1195 "-----BEGIN RSA PRIVATE KEY-----\n"
1196 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1197 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1198 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1199 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1200 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1201 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1202 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1203 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1204 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1205 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1206 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1207 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1208 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1209 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1210 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1211 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1212 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1213}
1214
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1215static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1216 static const char kCertPEM[] =
1217 "-----BEGIN CERTIFICATE-----\n"
1218 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1219 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1220 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1221 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1222 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1223 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1224 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1225 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1226 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1227 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1228 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1229 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1230 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1231}
1232
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1233static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1234 static const char kKeyPEM[] =
1235 "-----BEGIN PRIVATE KEY-----\n"
1236 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1237 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1238 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1239 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1240 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1241 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1242 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1243}
1244
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1245static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1246 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1247 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1248 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1249 if (!client || !server) {
1250 return false;
1251 }
1252 SSL_set_connect_state(client.get());
1253 SSL_set_accept_state(server.get());
1254
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1255 SSL_set_session(client.get(), session);
1256
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1257 BIO *bio1, *bio2;
1258 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1259 return false;
1260 }
1261 // SSL_set_bio takes ownership.
1262 SSL_set_bio(client.get(), bio1, bio1);
1263 SSL_set_bio(server.get(), bio2, bio2);
1264
1265 // Drive both their handshakes to completion.
1266 for (;;) {
1267 int client_ret = SSL_do_handshake(client.get());
1268 int client_err = SSL_get_error(client.get(), client_ret);
1269 if (client_err != SSL_ERROR_NONE &&
1270 client_err != SSL_ERROR_WANT_READ &&
1271 client_err != SSL_ERROR_WANT_WRITE) {
1272 fprintf(stderr, "Client error: %d\n", client_err);
1273 return false;
1274 }
1275
1276 int server_ret = SSL_do_handshake(server.get());
1277 int server_err = SSL_get_error(server.get(), server_ret);
1278 if (server_err != SSL_ERROR_NONE &&
1279 server_err != SSL_ERROR_WANT_READ &&
1280 server_err != SSL_ERROR_WANT_WRITE) {
1281 fprintf(stderr, "Server error: %d\n", server_err);
1282 return false;
1283 }
1284
1285 if (client_ret == 1 && server_ret == 1) {
1286 break;
1287 }
1288 }
1289
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1290 *out_client = std::move(client);
1291 *out_server = std::move(server);
1292 return true;
1293}
1294
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1295static uint16_t kTLSVersions[] = {
1296 SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION,
1297};
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1298
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1299static uint16_t kDTLSVersions[] = {
1300 DTLS1_VERSION, DTLS1_2_VERSION,
1301};
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1302
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1303static bool TestSequenceNumber() {
1304 for (bool is_dtls : std::vector<bool>{false, true}) {
1305 const SSL_METHOD *method = is_dtls ? DTLS_method() : TLS_method();
1306 const uint16_t *versions = is_dtls ? kDTLSVersions : kTLSVersions;
1307 size_t num_versions = is_dtls ? OPENSSL_ARRAY_SIZE(kDTLSVersions)
1308 : OPENSSL_ARRAY_SIZE(kTLSVersions);
1309 for (size_t i = 0; i < num_versions; i++) {
1310 uint16_t version = versions[i];
1311 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1312 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1313 if (!server_ctx || !client_ctx ||
1314 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1315 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1316 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1317 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1318 return false;
1319 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1320
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1321 bssl::UniquePtr<X509> cert = GetTestCertificate();
1322 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1323 if (!cert || !key ||
1324 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1325 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1326 return false;
1327 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1328
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1329 bssl::UniquePtr<SSL> client, server;
1330 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1331 server_ctx.get(), nullptr /* no session */)) {
1332 return false;
1333 }
1334
1335 // Drain any post-handshake messages to ensure there are no unread records
1336 // on either end.
1337 uint8_t byte = 0;
1338 if (SSL_read(client.get(), &byte, 1) > 0 ||
1339 SSL_read(server.get(), &byte, 1) > 0) {
1340 fprintf(stderr, "Received unexpected data.\n");
1341 return false;
1342 }
1343
1344 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1345 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1346 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1347 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
1348
1349 if (is_dtls) {
1350 // Both client and server must be at epoch 1.
1351 if (EpochFromSequence(client_read_seq) != 1 ||
1352 EpochFromSequence(client_write_seq) != 1 ||
1353 EpochFromSequence(server_read_seq) != 1 ||
1354 EpochFromSequence(server_write_seq) != 1) {
1355 fprintf(stderr, "Bad epochs.\n");
1356 return false;
1357 }
1358
1359 // The next record to be written should exceed the largest received.
1360 if (client_write_seq <= server_read_seq ||
1361 server_write_seq <= client_read_seq) {
1362 fprintf(stderr, "Inconsistent sequence numbers.\n");
1363 return false;
1364 }
1365 } else {
1366 // The next record to be written should equal the next to be received.
1367 if (client_write_seq != server_read_seq ||
1368 server_write_seq != client_read_seq) {
1369 fprintf(stderr, "Inconsistent sequence numbers.\n");
1370 return false;
1371 }
1372 }
1373
1374 // Send a record from client to server.
1375 if (SSL_write(client.get(), &byte, 1) != 1 ||
1376 SSL_read(server.get(), &byte, 1) != 1) {
1377 fprintf(stderr, "Could not send byte.\n");
1378 return false;
1379 }
1380
1381 // The client write and server read sequence numbers should have
1382 // incremented.
1383 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1384 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1385 fprintf(stderr, "Sequence numbers did not increment.\n");
1386 return false;
1387 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1388 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1389 }
1390
1391 return true;
1392}
1393
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1394static bool TestOneSidedShutdown() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1395 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1396 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1397 if (!client_ctx || !server_ctx) {
1398 return false;
1399 }
1400
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1401 bssl::UniquePtr<X509> cert = GetTestCertificate();
1402 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1403 if (!cert || !key ||
1404 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1405 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1406 return false;
1407 }
1408
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1409 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1410 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1411 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1412 return false;
1413 }
1414
1415 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1416 // one side has shut down.
1417 if (SSL_shutdown(client.get()) != 0) {
1418 fprintf(stderr, "Could not shutdown.\n");
1419 return false;
1420 }
1421
1422 // Reading from the server should consume the EOF.
1423 uint8_t byte;
1424 if (SSL_read(server.get(), &byte, 1) != 0 ||
1425 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1426 fprintf(stderr, "Connection was not shut down cleanly.\n");
1427 return false;
1428 }
1429
1430 // However, the server may continue to write data and then shut down the
1431 // connection.
1432 byte = 42;
1433 if (SSL_write(server.get(), &byte, 1) != 1 ||
1434 SSL_read(client.get(), &byte, 1) != 1 ||
1435 byte != 42) {
1436 fprintf(stderr, "Could not send byte.\n");
1437 return false;
1438 }
1439
1440 // The server may then shutdown the connection.
1441 if (SSL_shutdown(server.get()) != 1 ||
1442 SSL_shutdown(client.get()) != 1) {
1443 fprintf(stderr, "Could not complete shutdown.\n");
1444 return false;
1445 }
1446
1447 return true;
1448}
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1449static bool TestSessionDuplication() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1450 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1451 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1452 if (!client_ctx || !server_ctx) {
1453 return false;
1454 }
1455
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1456 bssl::UniquePtr<X509> cert = GetTestCertificate();
1457 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1458 if (!cert || !key ||
1459 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1460 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1461 return false;
1462 }
1463
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1464 bssl::UniquePtr<SSL> client, server;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1465 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1466 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1467 return false;
1468 }
1469
1470 SSL_SESSION *session0 = SSL_get_session(client.get());
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1471 bssl::UniquePtr<SSL_SESSION> session1(SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1472 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1473 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1474 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1475
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1476 session1->not_resumable = 0;
1477
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1478 uint8_t *s0_bytes, *s1_bytes;
1479 size_t s0_len, s1_len;
1480
1481 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1482 return false;
1483 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1484 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1485
1486 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1487 return false;
1488 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1489 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1490
1491 return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
1492}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1493
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1494static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1495 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1496 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1497 SSL_get_wfd(ssl), rfd, wfd);
1498 return false;
1499 }
1500
1501 // The wrapper BIOs are always equal when fds are equal, even if set
1502 // individually.
1503 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1504 fprintf(stderr, "rbio and wbio did not match.\n");
1505 return false;
1506 }
1507
1508 return true;
1509}
1510
1511static bool TestSetFD() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1512 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1513 if (!ctx) {
1514 return false;
1515 }
1516
1517 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1518 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1519 if (!ssl ||
1520 !SSL_set_rfd(ssl.get(), 1) ||
1521 !SSL_set_wfd(ssl.get(), 2) ||
1522 !ExpectFDs(ssl.get(), 1, 2)) {
1523 return false;
1524 }
1525
1526 // Test setting the same FD.
1527 ssl.reset(SSL_new(ctx.get()));
1528 if (!ssl ||
1529 !SSL_set_fd(ssl.get(), 1) ||
1530 !ExpectFDs(ssl.get(), 1, 1)) {
1531 return false;
1532 }
1533
1534 // Test setting the same FD one side at a time.
1535 ssl.reset(SSL_new(ctx.get()));
1536 if (!ssl ||
1537 !SSL_set_rfd(ssl.get(), 1) ||
1538 !SSL_set_wfd(ssl.get(), 1) ||
1539 !ExpectFDs(ssl.get(), 1, 1)) {
1540 return false;
1541 }
1542
1543 // Test setting the same FD in the other order.
1544 ssl.reset(SSL_new(ctx.get()));
1545 if (!ssl ||
1546 !SSL_set_wfd(ssl.get(), 1) ||
1547 !SSL_set_rfd(ssl.get(), 1) ||
1548 !ExpectFDs(ssl.get(), 1, 1)) {
1549 return false;
1550 }
1551
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1552 // Test changing the read FD partway through.
1553 ssl.reset(SSL_new(ctx.get()));
1554 if (!ssl ||
1555 !SSL_set_fd(ssl.get(), 1) ||
1556 !SSL_set_rfd(ssl.get(), 2) ||
1557 !ExpectFDs(ssl.get(), 2, 1)) {
1558 return false;
1559 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1560
1561 // Test changing the write FD partway through.
1562 ssl.reset(SSL_new(ctx.get()));
1563 if (!ssl ||
1564 !SSL_set_fd(ssl.get(), 1) ||
1565 !SSL_set_wfd(ssl.get(), 2) ||
1566 !ExpectFDs(ssl.get(), 1, 2)) {
1567 return false;
1568 }
1569
1570 // Test a no-op change to the read FD partway through.
1571 ssl.reset(SSL_new(ctx.get()));
1572 if (!ssl ||
1573 !SSL_set_fd(ssl.get(), 1) ||
1574 !SSL_set_rfd(ssl.get(), 1) ||
1575 !ExpectFDs(ssl.get(), 1, 1)) {
1576 return false;
1577 }
1578
1579 // Test a no-op change to the write FD partway through.
1580 ssl.reset(SSL_new(ctx.get()));
1581 if (!ssl ||
1582 !SSL_set_fd(ssl.get(), 1) ||
1583 !SSL_set_wfd(ssl.get(), 1) ||
1584 !ExpectFDs(ssl.get(), 1, 1)) {
1585 return false;
1586 }
1587
1588 // ASan builds will implicitly test that the internal |BIO| reference-counting
1589 // is correct.
1590
1591 return true;
1592}
1593
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1594static bool TestSetBIO() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1595 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1596 if (!ctx) {
1597 return false;
1598 }
1599
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1600 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1601 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1602 bio3(BIO_new(BIO_s_mem()));
1603 if (!ssl || !bio1 || !bio2 || !bio3) {
1604 return false;
1605 }
1606
1607 // SSL_set_bio takes one reference when the parameters are the same.
1608 BIO_up_ref(bio1.get());
1609 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1610
1611 // Repeating the call does nothing.
1612 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1613
1614 // It takes one reference each when the parameters are different.
1615 BIO_up_ref(bio2.get());
1616 BIO_up_ref(bio3.get());
1617 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1618
1619 // Repeating the call does nothing.
1620 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1621
1622 // It takes one reference when changing only wbio.
1623 BIO_up_ref(bio1.get());
1624 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1625
1626 // It takes one reference when changing only rbio and the two are different.
1627 BIO_up_ref(bio3.get());
1628 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1629
1630 // If setting wbio to rbio, it takes no additional references.
1631 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1632
1633 // From there, wbio may be switched to something else.
1634 BIO_up_ref(bio1.get());
1635 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1636
1637 // If setting rbio to wbio, it takes no additional references.
1638 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1639
1640 // From there, rbio may be switched to something else, but, for historical
1641 // reasons, it takes a reference to both parameters.
1642 BIO_up_ref(bio1.get());
1643 BIO_up_ref(bio2.get());
1644 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1645
1646 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1647 // is correct.
1648 return true;
1649}
1650
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1651static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1652
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1653static bool TestGetPeerCertificate() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1654 bssl::UniquePtr<X509> cert = GetTestCertificate();
1655 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1656 if (!cert || !key) {
1657 return false;
1658 }
1659
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]1660 for (uint16_t version : kTLSVersions) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1661 // Configure both client and server to accept any certificate.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1662 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1663 if (!ctx ||
1664 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1665 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1666 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1667 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1668 return false;
1669 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1670 SSL_CTX_set_verify(
1671 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1672 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1673
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1674 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1675 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1676 nullptr /* no session */)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1677 return false;
1678 }
1679
1680 // Client and server should both see the leaf certificate.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1681 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1682 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1683 fprintf(stderr, "%x: Server peer certificate did not match.\n", version);
1684 return false;
1685 }
1686
1687 peer.reset(SSL_get_peer_certificate(client.get()));
1688 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1689 fprintf(stderr, "%x: Client peer certificate did not match.\n", version);
1690 return false;
1691 }
1692
1693 // However, for historical reasons, the chain includes the leaf on the
1694 // client, but does not on the server.
1695 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1696 fprintf(stderr, "%x: Client peer chain was incorrect.\n", version);
1697 return false;
1698 }
1699
1700 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1701 fprintf(stderr, "%x: Server peer chain was incorrect.\n", version);
1702 return false;
1703 }
1704 }
1705
1706 return true;
1707}
1708
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1709static bool TestRetainOnlySHA256OfCerts() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1710 bssl::UniquePtr<X509> cert = GetTestCertificate();
1711 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1712 if (!cert || !key) {
1713 return false;
1714 }
1715
1716 uint8_t *cert_der = NULL;
1717 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1718 if (cert_der_len < 0) {
1719 return false;
1720 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1721 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1722
1723 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1724 SHA256(cert_der, cert_der_len, cert_sha256);
1725
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]1726 for (uint16_t version : kTLSVersions) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1727 // Configure both client and server to accept any certificate, but the
1728 // server must retain only the SHA-256 of the peer.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1729 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1730 if (!ctx ||
1731 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1732 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1733 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1734 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1735 return false;
1736 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1737 SSL_CTX_set_verify(
1738 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1739 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1740 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
1741
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1742 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1743 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1744 nullptr /* no session */)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1745 return false;
1746 }
1747
1748 // The peer certificate has been dropped.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1749 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1750 if (peer) {
1751 fprintf(stderr, "%x: Peer certificate was retained.\n", version);
1752 return false;
1753 }
1754
1755 SSL_SESSION *session = SSL_get_session(server.get());
1756 if (!session->peer_sha256_valid) {
1757 fprintf(stderr, "%x: peer_sha256_valid was not set.\n", version);
1758 return false;
1759 }
1760
1761 if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
1762 fprintf(stderr, "%x: peer_sha256 did not match.\n", version);
1763 return false;
1764 }
1765 }
1766
1767 return true;
1768}
1769
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1770static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1771 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1772 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1773 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1774 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1775 // Our default cipher list varies by CPU capabilities, so manually place
1776 // the ChaCha20 ciphers in front.
1777 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1778 return false;
1779 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1780
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1781 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1782 if (!ssl) {
1783 return false;
1784 }
1785 std::vector<uint8_t> client_hello;
1786 if (!GetClientHello(ssl.get(), &client_hello)) {
1787 return false;
1788 }
1789
1790 // Zero the client_random.
1791 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1792 1 + 3 + // handshake message header
1793 2; // client_version
1794 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1795 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1796 return false;
1797 }
1798 memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
1799
1800 if (client_hello.size() != expected_len ||
1801 memcmp(client_hello.data(), expected, expected_len) != 0) {
1802 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1803 fprintf(stderr, "Got:\n\t");
1804 for (size_t i = 0; i < client_hello.size(); i++) {
1805 fprintf(stderr, "0x%02x, ", client_hello[i]);
1806 }
1807 fprintf(stderr, "\nWanted:\n\t");
1808 for (size_t i = 0; i < expected_len; i++) {
1809 fprintf(stderr, "0x%02x, ", expected[i]);
1810 }
1811 fprintf(stderr, "\n");
1812 return false;
1813 }
1814
1815 return true;
1816}
1817
1818// Tests that our ClientHellos do not change unexpectedly.
1819static bool TestClientHello() {
1820 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1821 0x16,
1822 0x03, 0x00,
1823 0x00, 0x3f,
1824 0x01,
1825 0x00, 0x00, 0x3b,
1826 0x03, 0x00,
1827 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1828 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1829 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1830 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1831 0x00,
1832 0x00, 0x14,
1833 0xc0, 0x09,
1834 0xc0, 0x13,
1835 0x00, 0x33,
1836 0xc0, 0x0a,
1837 0xc0, 0x14,
1838 0x00, 0x39,
1839 0x00, 0x2f,
1840 0x00, 0x35,
1841 0x00, 0x0a,
1842 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1843 };
1844 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1845 sizeof(kSSL3ClientHello))) {
1846 return false;
1847 }
1848
1849 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1850 0x16,
1851 0x03, 0x01,
1852 0x00, 0x5e,
1853 0x01,
1854 0x00, 0x00, 0x5a,
1855 0x03, 0x01,
1856 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1857 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1858 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1859 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1860 0x00,
1861 0x00, 0x12,
1862 0xc0, 0x09,
1863 0xc0, 0x13,
1864 0x00, 0x33,
1865 0xc0, 0x0a,
1866 0xc0, 0x14,
1867 0x00, 0x39,
1868 0x00, 0x2f,
1869 0x00, 0x35,
1870 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1871 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1872 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1873 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1874 };
1875 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1876 sizeof(kTLS1ClientHello))) {
1877 return false;
1878 }
1879
1880 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1881 0x16,
1882 0x03, 0x01,
1883 0x00, 0x5e,
1884 0x01,
1885 0x00, 0x00, 0x5a,
1886 0x03, 0x02,
1887 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1888 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1889 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1890 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1891 0x00,
1892 0x00, 0x12,
1893 0xc0, 0x09,
1894 0xc0, 0x13,
1895 0x00, 0x33,
1896 0xc0, 0x0a,
1897 0xc0, 0x14,
1898 0x00, 0x39,
1899 0x00, 0x2f,
1900 0x00, 0x35,
1901 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1902 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1903 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1904 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1905 };
1906 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1907 sizeof(kTLS11ClientHello))) {
1908 return false;
1909 }
1910
1911 static const uint8_t kTLS12ClientHello[] = {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1912 0x16, 0x03, 0x01, 0x00, 0x9e, 0x01, 0x00, 0x00, 0x9a, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1913 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1914 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1915 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0xcc, 0xa9,
1916 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
1917 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13,
1918 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1919 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1920 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1921 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00,
David Benjamin3a322f52016-10-26 12:45:35 -0400[diff] [blame]1922 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04,
1923 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1924 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
1925 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1926 };
1927 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1928 sizeof(kTLS12ClientHello))) {
1929 return false;
1930 }
1931
1932 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1933 // implementation has settled enough that it won't change.
1934
1935 return true;
1936}
1937
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1938static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1939
1940static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1941 // Save the most recent session.
1942 g_last_session.reset(session);
1943 return 1;
1944}
1945
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1946static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1947 SSL_CTX *server_ctx) {
1948 g_last_session = nullptr;
1949 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1950
1951 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1952 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1953 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1954 nullptr /* no session */)) {
1955 fprintf(stderr, "Failed to connect client and server.\n");
1956 return nullptr;
1957 }
1958
1959 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1960 SSL_read(client.get(), nullptr, 0);
1961
1962 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1963
1964 if (!g_last_session) {
1965 fprintf(stderr, "Client did not receive a session.\n");
1966 return nullptr;
1967 }
1968 return std::move(g_last_session);
1969}
1970
1971static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1972 SSL_SESSION *session,
1973 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1974 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1975 if (!ConnectClientAndServer(&client, &server, client_ctx,
1976 server_ctx, session)) {
1977 fprintf(stderr, "Failed to connect client and server.\n");
1978 return false;
1979 }
1980
1981 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1982 fprintf(stderr, "Client and server were inconsistent.\n");
1983 return false;
1984 }
1985
1986 bool was_reused = !!SSL_session_reused(client.get());
1987 if (was_reused != reused) {
1988 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1989 was_reused ? "" : " not");
1990 return false;
1991 }
1992
1993 return true;
1994}
1995
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]1996static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
1997 SSL_CTX *server_ctx,
1998 SSL_SESSION *session) {
1999 g_last_session = nullptr;
2000 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2001
2002 bssl::UniquePtr<SSL> client, server;
2003 if (!ConnectClientAndServer(&client, &server, client_ctx,
2004 server_ctx, session)) {
2005 fprintf(stderr, "Failed to connect client and server.\n");
2006 return nullptr;
2007 }
2008
2009 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2010 fprintf(stderr, "Client and server were inconsistent.\n");
2011 return nullptr;
2012 }
2013
2014 if (!SSL_session_reused(client.get())) {
2015 fprintf(stderr, "Session was not reused.\n");
2016 return nullptr;
2017 }
2018
2019 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2020 SSL_read(client.get(), nullptr, 0);
2021
2022 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2023
2024 if (!g_last_session) {
2025 fprintf(stderr, "Client did not receive a renewed session.\n");
2026 return nullptr;
2027 }
2028 return std::move(g_last_session);
2029}
2030
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2031static bool TestSessionIDContext() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2032 bssl::UniquePtr<X509> cert = GetTestCertificate();
2033 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2034 if (!cert || !key) {
2035 return false;
2036 }
2037
2038 static const uint8_t kContext1[] = {1};
2039 static const uint8_t kContext2[] = {2};
2040
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2041 for (uint16_t version : kTLSVersions) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2042 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2043 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2044 if (!server_ctx || !client_ctx ||
2045 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2046 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2047 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2048 sizeof(kContext1)) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2049 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2050 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2051 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2052 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2053 return false;
2054 }
2055
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2056 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2057 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2058
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2059 bssl::UniquePtr<SSL_SESSION> session =
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2060 CreateClientSession(client_ctx.get(), server_ctx.get());
2061 if (!session) {
2062 fprintf(stderr, "Error getting session (version = %04x).\n", version);
2063 return false;
2064 }
2065
2066 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2067 true /* expect session reused */)) {
2068 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2069 return false;
2070 }
2071
2072 // Change the session ID context.
2073 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2074 sizeof(kContext2))) {
2075 return false;
2076 }
2077
2078 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2079 false /* expect session not reused */)) {
2080 fprintf(stderr,
2081 "Error connection with different context (version = %04x).\n",
2082 version);
2083 return false;
2084 }
2085 }
2086
2087 return true;
2088}
2089
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2090static timeval g_current_time;
2091
2092static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2093 *out_clock = g_current_time;
2094}
2095
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2096static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2097 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2098 int encrypt) {
2099 static const uint8_t kZeros[16] = {0};
2100
2101 if (encrypt) {
2102 memcpy(key_name, kZeros, sizeof(kZeros));
2103 RAND_bytes(iv, 16);
2104 } else if (memcmp(key_name, kZeros, 16) != 0) {
2105 return 0;
2106 }
2107
2108 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2109 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2110 return -1;
2111 }
2112
2113 // Returning two from the callback in decrypt mode renews the
2114 // session in TLS 1.2 and below.
2115 return encrypt ? 1 : 2;
2116}
2117
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2118static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
2119 static const uint8_t kZeros[16] = {0};
2120
2121 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2122 return false;
2123 }
2124
2125 const uint8_t *iv = session->tlsext_tick + 16;
2126 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2127 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2128 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2129
2130 bssl::ScopedEVP_CIPHER_CTX ctx;
2131 int len1, len2;
2132 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2133 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2134 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2135 return false;
2136 }
2137
2138 len = static_cast<size_t>(len1 + len2);
2139
2140 bssl::UniquePtr<SSL_SESSION> server_session(
2141 SSL_SESSION_from_bytes(plaintext.get(), len));
2142 if (!server_session) {
2143 return false;
2144 }
2145
2146 *out = server_session->time;
2147 return true;
2148}
2149
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2150static bool TestSessionTimeout() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2151 bssl::UniquePtr<X509> cert = GetTestCertificate();
2152 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2153 if (!cert || !key) {
2154 return false;
2155 }
2156
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2157 for (uint16_t version : kTLSVersions) {
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2158 for (bool server_test : std::vector<bool>{false, true}) {
2159 static const int kStartTime = 1000;
2160 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2161
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2162 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2163 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
2164 if (!server_ctx || !client_ctx ||
2165 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2166 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2167 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2168 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2169 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2170 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2171 return false;
2172 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2173
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2174 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2175 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2176
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2177 // Both client and server must enforce session timeouts.
2178 if (server_test) {
2179 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2180 } else {
2181 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
2182 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2183
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2184 // Configure a ticket callback which renews tickets.
2185 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2186
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2187 bssl::UniquePtr<SSL_SESSION> session =
2188 CreateClientSession(client_ctx.get(), server_ctx.get());
2189 if (!session) {
2190 fprintf(stderr, "Error getting session (version = %04x).\n", version);
2191 return false;
2192 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2193
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2194 // Advance the clock just behind the timeout.
David Benjamin8e816eb2016-11-02 23:24:29 -0400[diff] [blame]2195 g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT - 1;
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2196
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2197 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2198 session.get(),
2199 true /* expect session reused */)) {
2200 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2201 return false;
2202 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2203
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2204 // Advance the clock one more second.
2205 g_current_time.tv_sec++;
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2206
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2207 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2208 session.get(),
2209 false /* expect session not reused */)) {
2210 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2211 return false;
2212 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2213
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2214 // Rewind the clock to before the session was minted.
2215 g_current_time.tv_sec = kStartTime - 1;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2216
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2217 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2218 session.get(),
2219 false /* expect session not reused */)) {
2220 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2221 return false;
2222 }
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2223
2224 // SSL 3.0 cannot renew sessions.
2225 if (version == SSL3_VERSION) {
2226 continue;
2227 }
2228
2229 // Renew the session 10 seconds before expiration.
2230 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 10;
2231 bssl::UniquePtr<SSL_SESSION> new_session = ExpectSessionRenewed(
2232 client_ctx.get(), server_ctx.get(), session.get());
2233 if (!new_session) {
2234 fprintf(stderr, "Error renewing session (version = %04x).\n", version);
2235 return false;
2236 }
2237
2238 // This new session is not the same object as before.
2239 if (session.get() == new_session.get()) {
2240 fprintf(stderr, "New and old sessions alias (version = %04x).\n",
2241 version);
2242 return false;
2243 }
2244
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2245 // Check the sessions have timestamps measured from issuance.
2246 long session_time = 0;
2247 if (server_test) {
2248 if (!GetServerTicketTime(&session_time, new_session.get())) {
2249 fprintf(stderr, "Failed to decode session ticket (version = %04x).\n",
2250 version);
2251 return false;
2252 }
2253 } else {
2254 session_time = new_session->time;
2255 }
2256
2257 if (session_time != g_current_time.tv_sec) {
2258 fprintf(stderr,
2259 "New session is not measured from issuance (version = %04x).\n",
2260 version);
2261 return false;
2262 }
2263
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2264 // The new session is usable just before the old expiration.
2265 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 1;
2266 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2267 new_session.get(),
2268 true /* expect session reused */)) {
2269 fprintf(stderr, "Error resuming renewed session (version = %04x).\n",
2270 version);
2271 return false;
2272 }
2273
2274 // Renewal does not extend the lifetime, so it is not usable beyond the
2275 // old expiration.
2276 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT + 1;
2277 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2278 new_session.get(),
2279 false /* expect session not reused */)) {
2280 fprintf(stderr,
2281 "Renewed session's lifetime is too long (version = %04x).\n",
2282 version);
2283 return false;
2284 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2285 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2286 }
2287
2288 return true;
2289}
2290
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2291static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2292 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2293 SSL_set_SSL_CTX(ssl, ctx);
2294 return SSL_TLSEXT_ERR_OK;
2295}
2296
2297static bool TestSNICallback() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2298 bssl::UniquePtr<X509> cert = GetTestCertificate();
2299 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2300 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2301 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2302 if (!cert || !key || !cert2 || !key2) {
2303 return false;
2304 }
2305
2306 // At each version, test that switching the |SSL_CTX| at the SNI callback
2307 // behaves correctly.
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2308 for (uint16_t version : kTLSVersions) {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2309 if (version == SSL3_VERSION) {
2310 continue;
2311 }
2312
2313 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
2314
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2315 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2316 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(TLS_method()));
2317 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2318 if (!server_ctx || !server_ctx2 || !client_ctx ||
2319 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2320 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2321 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2322 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2323 // Historically signing preferences would be lost in some cases with the
2324 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2325 // this doesn't happen when |version| is TLS 1.2, configure the private
2326 // key to only sign SHA-256.
2327 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2328 &kECDSAWithSHA256, 1) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2329 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2330 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2331 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2332 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2333 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2334 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2335 return false;
2336 }
2337
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2338 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2339 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
2340
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2341 bssl::UniquePtr<SSL> client, server;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2342 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2343 server_ctx.get(), nullptr)) {
2344 fprintf(stderr, "Handshake failed at version %04x.\n", version);
2345 return false;
2346 }
2347
2348 // The client should have received |cert2|.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2349 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2350 if (!peer ||
2351 X509_cmp(peer.get(), cert2.get()) != 0) {
2352 fprintf(stderr, "Incorrect certificate received at version %04x.\n",
2353 version);
2354 return false;
2355 }
2356 }
2357
2358 return true;
2359}
2360
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2361static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) {
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2362 if (!SSL_set_max_proto_version(ctx->ssl, TLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2363 return -1;
2364 }
2365
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2366 return 1;
2367}
2368
2369// TestEarlyCallbackVersionSwitch tests that the early callback can swap the
2370// maximum version.
2371static bool TestEarlyCallbackVersionSwitch() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2372 bssl::UniquePtr<X509> cert = GetTestCertificate();
2373 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2374 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2375 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2376 if (!cert || !key || !server_ctx || !client_ctx ||
2377 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2378 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2379 !SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION) ||
2380 !SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)) {
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2381 return false;
2382 }
2383
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2384 SSL_CTX_set_select_certificate_cb(server_ctx.get(), SetMaxVersion);
2385
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2386 bssl::UniquePtr<SSL> client, server;
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2387 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2388 server_ctx.get(), nullptr)) {
2389 return false;
2390 }
2391
2392 if (SSL_version(client.get()) != TLS1_2_VERSION) {
2393 fprintf(stderr, "Early callback failed to switch the maximum version.\n");
2394 return false;
2395 }
2396
2397 return true;
2398}
2399
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2400static bool TestSetVersion() {
2401 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2402 if (!ctx) {
2403 return false;
2404 }
2405
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2406 if (!SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2407 !SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION) ||
2408 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2409 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2410 fprintf(stderr, "Could not set valid TLS version.\n");
2411 return false;
2412 }
2413
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2414 if (SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2415 SSL_CTX_set_max_proto_version(ctx.get(), 0x0200) ||
2416 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2417 SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2418 SSL_CTX_set_min_proto_version(ctx.get(), 0x0200) ||
2419 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2420 fprintf(stderr, "Unexpectedly set invalid TLS version.\n");
2421 return false;
2422 }
2423
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2424 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2425 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2426 fprintf(stderr, "Could not set default TLS version.\n");
2427 return false;
2428 }
2429
2430 if (ctx->min_version != SSL3_VERSION ||
2431 ctx->max_version != TLS1_2_VERSION) {
2432 fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n",
2433 ctx->min_version, ctx->max_version);
2434 return false;
2435 }
2436
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2437 ctx.reset(SSL_CTX_new(DTLS_method()));
2438 if (!ctx) {
2439 return false;
2440 }
2441
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2442 if (!SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2443 !SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION) ||
2444 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2445 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2446 fprintf(stderr, "Could not set valid DTLS version.\n");
2447 return false;
2448 }
2449
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2450 if (SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2451 SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2452 SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2453 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2454 SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2455 SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2456 SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2457 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2458 fprintf(stderr, "Unexpectedly set invalid DTLS version.\n");
2459 return false;
2460 }
2461
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2462 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2463 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2464 fprintf(stderr, "Could not set default DTLS version.\n");
2465 return false;
2466 }
2467
2468 if (ctx->min_version != TLS1_1_VERSION ||
2469 ctx->max_version != TLS1_2_VERSION) {
2470 fprintf(stderr, "Default DTLS versions were incorrect (%04x and %04x).\n",
2471 ctx->min_version, ctx->max_version);
2472 return false;
2473 }
2474
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2475 return true;
2476}
2477
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2478static bool TestVersions() {
2479 bssl::UniquePtr<X509> cert = GetTestCertificate();
2480 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2481 if (!cert || !key) {
2482 return false;
2483 }
2484
2485 for (bool is_dtls : std::vector<bool>{false, true}) {
2486 const SSL_METHOD *method = is_dtls ? DTLS_method() : TLS_method();
2487 const char *name = is_dtls ? "DTLS" : "TLS";
2488 const uint16_t *versions = is_dtls ? kDTLSVersions : kTLSVersions;
2489 size_t num_versions = is_dtls ? OPENSSL_ARRAY_SIZE(kDTLSVersions)
2490 : OPENSSL_ARRAY_SIZE(kTLSVersions);
2491 for (size_t i = 0; i < num_versions; i++) {
2492 uint16_t version = versions[i];
2493 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2494 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2495 bssl::UniquePtr<SSL> client, server;
2496 if (!server_ctx || !client_ctx ||
2497 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2498 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2499 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2500 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2501 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2502 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2503 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2504 server_ctx.get(), nullptr /* no session */)) {
2505 fprintf(stderr, "Failed to connect %s at version %04x.\n", name,
2506 version);
2507 return false;
2508 }
2509
2510 if (SSL_version(client.get()) != version ||
2511 SSL_version(server.get()) != version) {
2512 fprintf(stderr,
2513 "%s version mismatch. Got %04x and %04x, wanted %04x.\n", name,
2514 SSL_version(client.get()), SSL_version(server.get()), version);
2515 return false;
2516 }
2517 }
2518 }
2519
2520 return true;
2521}
2522
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2523// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2524// selection callback.
2525static bool TestALPNCipherAvailable() {
2526 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2527
2528 bssl::UniquePtr<X509> cert = GetTestCertificate();
2529 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2530 if (!cert || !key) {
2531 return false;
2532 }
2533
2534 for (uint16_t version : kTLSVersions) {
2535 // SSL 3.0 lacks extensions.
2536 if (version == SSL3_VERSION) {
2537 continue;
2538 }
2539
2540 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2541 if (!ctx ||
2542 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2543 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2544 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2545 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2546 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2547 0) {
2548 return false;
2549 }
2550
2551 // The ALPN callback does not fail the handshake on error, so have the
2552 // callback write a boolean.
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2553 std::pair<uint16_t, bool> callback_state(version, false);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2554 SSL_CTX_set_alpn_select_cb(
2555 ctx.get(),
2556 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2557 unsigned in_len, void *arg) -> int {
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2558 auto state = reinterpret_cast<std::pair<uint16_t, bool>*>(arg);
2559 if (SSL_get_pending_cipher(ssl) != nullptr &&
2560 SSL_version(ssl) == state->first) {
2561 state->second = true;
2562 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2563 return SSL_TLSEXT_ERR_NOACK;
2564 },
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2565 &callback_state);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2566
2567 bssl::UniquePtr<SSL> client, server;
2568 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2569 nullptr /* no session */)) {
2570 return false;
2571 }
2572
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2573 if (!callback_state.second) {
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2574 fprintf(stderr,
2575 "%x: The pending cipher was not known in the ALPN callback.\n",
2576 version);
2577 return false;
2578 }
2579 }
2580
2581 return true;
2582}
2583
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]2584int main() {
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]2585 CRYPTO_library_init();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2586
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2587 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]2588 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2589 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
2590 !TestSSL_SESSIONEncoding(kCustomSession) ||
2591 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
2592 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
2593 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
2594 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]2595 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2596 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
2597 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
2598 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
2599 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
2600 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
2601 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
2602 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
2603 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
2604 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame^]2605 // Test the padding extension at TLS 1.2.
2606 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
2607 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
2608 // will be no PSK binder after the padding extension.
2609 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
2610 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
2611 // will be a PSK binder after the padding extension.
2612 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2613 !TestClientCAList() ||
2614 !TestInternalSessionCache() ||
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]2615 !TestSequenceNumber() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2616 !TestOneSidedShutdown() ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]2617 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]2618 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]2619 !TestSetBIO() ||
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]2620 !TestGetPeerCertificate() ||
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2621 !TestRetainOnlySHA256OfCerts() ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2622 !TestClientHello() ||
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2623 !TestSessionIDContext() ||
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2624 !TestSessionTimeout() ||
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2625 !TestSNICallback() ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2626 !TestEarlyCallbackVersionSwitch() ||
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2627 !TestSetVersion() ||
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2628 !TestVersions() ||
2629 !TestALPNCipherAvailable()) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]2630 ERR_print_errors_fp(stderr);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2631 return 1;
2632 }
2633
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]2634 printf("PASS\n");
2635 return 0;
2636}