Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / a933c38f1af3ad7b03974ca7d7300b9df2162117 / . / ssl / ssl_test.cc
blob: 1d2c1faaf3ca965b58002dd0a177f2e6d2d3749c [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]24#include <openssl/base64.h>
25#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]26#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]27#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]28#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]29#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]30#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]31#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]32#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]33#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]34#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]35
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]36#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]37#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]38#include "../crypto/test/test_util.h"
39
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]40#if defined(OPENSSL_WINDOWS)
41/* Windows defines struct timeval in winsock2.h. */
42OPENSSL_MSVC_PRAGMA(warning(push, 3))
43#include <winsock2.h>
44OPENSSL_MSVC_PRAGMA(warning(pop))
45#else
46#include <sys/time.h>
47#endif
48
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]49
50struct ExpectedCipher {
51 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]52 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]53};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55struct CipherTest {
56 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]57 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]58 // The list of expected ciphers, in order.
59 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]60};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]61
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]62struct CurveTest {
63 // The rule string to apply.
64 const char *rule;
65 // The list of expected curves, in order.
66 std::vector<uint16_t> expected;
67};
68
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]69static const CipherTest kCipherTests[] = {
70 // Selecting individual ciphers should work.
71 {
72 "ECDHE-ECDSA-CHACHA20-POLY1305:"
73 "ECDHE-RSA-CHACHA20-POLY1305:"
74 "ECDHE-ECDSA-AES128-GCM-SHA256:"
75 "ECDHE-RSA-AES128-GCM-SHA256",
76 {
77 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
78 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
79 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
80 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
94 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
95 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
96 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
97 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
99 },
100 },
101 // ! banishes ciphers from future selections.
102 {
103 "!aRSA:"
104 "ECDHE-ECDSA-CHACHA20-POLY1305:"
105 "ECDHE-RSA-CHACHA20-POLY1305:"
106 "ECDHE-ECDSA-AES128-GCM-SHA256:"
107 "ECDHE-RSA-AES128-GCM-SHA256",
108 {
109 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
110 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
111 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
112 },
113 },
114 // Multiple masks can be ANDed in a single rule.
115 {
116 "kRSA+AESGCM+AES128",
117 {
118 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
119 },
120 },
121 // - removes selected ciphers, but preserves their order for future
122 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
123 // ECDHE_RSA.
124 {
125 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
126 "AESGCM+AES128+aRSA",
127 {
128 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
129 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
130 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
131 },
132 },
133 // Unknown selectors are no-ops.
134 {
135 "ECDHE-ECDSA-CHACHA20-POLY1305:"
136 "ECDHE-RSA-CHACHA20-POLY1305:"
137 "ECDHE-ECDSA-AES128-GCM-SHA256:"
138 "ECDHE-RSA-AES128-GCM-SHA256:"
139 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
140 {
141 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
142 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
143 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
144 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
145 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
146 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
147 },
148 },
149 // Square brackets specify equi-preference groups.
150 {
151 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
152 "[ECDHE-RSA-CHACHA20-POLY1305]:"
153 "ECDHE-RSA-AES128-GCM-SHA256",
154 {
155 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
156 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1},
157 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
158 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1},
159 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
160 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
161 },
162 },
163 // @STRENGTH performs a stable strength-sort of the selected ciphers and
164 // only the selected ciphers.
165 {
166 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]167 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]168 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
169 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]170 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]171 // Select ECDHE ones and sort them by strength. Ties should resolve
172 // based on the order above.
173 "kECDHE:@STRENGTH:-ALL:"
174 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
175 // by strength. Then RSA, backwards by strength.
176 "aRSA",
177 {
178 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
179 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
180 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]181 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]182 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
183 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
184 },
185 },
186 // Exact ciphers may not be used in multi-part rules; they are treated
187 // as unknown aliases.
188 {
189 "ECDHE-ECDSA-AES128-GCM-SHA256:"
190 "ECDHE-RSA-AES128-GCM-SHA256:"
191 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
192 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
193 {
194 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
195 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
196 },
197 },
198 // SSLv3 matches everything that existed before TLS 1.2.
199 {
200 "AES128-SHA:AES128-SHA256:!SSLv3",
201 {
202 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
203 },
204 },
205 // TLSv1.2 matches everything added in TLS 1.2.
206 {
207 "AES128-SHA:AES128-SHA256:!TLSv1.2",
208 {
209 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
210 },
211 },
212 // The two directives have no intersection.
213 {
214 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
215 {
216 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
217 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
218 },
219 },
220 // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher
221 // name and not an alias. It may not be used in a multipart rule. (That the
222 // shared name works is covered by the standard tests.)
223 {
224 "ECDHE-ECDSA-CHACHA20-POLY1305:"
225 "ECDHE-RSA-CHACHA20-POLY1305:"
226 "!ECDHE-RSA-CHACHA20-POLY1305+RSA:"
227 "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305",
228 {
229 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
230 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0},
231 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
232 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0},
233 },
234 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]235};
236
237static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]238 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]239 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
240 "RSA]",
241 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]242 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]243 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]244 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]245 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]246 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]247 "",
248 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]249 // COMPLEMENTOFDEFAULT is empty.
250 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]251 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]252 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]253 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]254 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
255 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
256 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
257 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]258 // Opcode supplied, but missing selector.
259 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]260};
261
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]262static const char *kMustNotIncludeNull[] = {
263 "ALL",
264 "DEFAULT",
265 "ALL:!eNULL",
266 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]267 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]268 "FIPS",
269 "SHA",
270 "SHA1",
271 "RSA",
272 "SSLv3",
273 "TLSv1",
274 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]275};
276
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]277static const char *kMustNotIncludeCECPQ1[] = {
278 "ALL",
279 "DEFAULT",
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]280 "HIGH",
281 "FIPS",
282 "SHA",
283 "SHA1",
284 "SHA256",
285 "SHA384",
286 "RSA",
287 "SSLv3",
288 "TLSv1",
289 "TLSv1.2",
290 "aRSA",
291 "RSA",
292 "aECDSA",
293 "ECDSA",
294 "AES",
295 "AES128",
296 "AES256",
297 "AESGCM",
298 "CHACHA20",
299};
300
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]301static const CurveTest kCurveTests[] = {
302 {
303 "P-256",
304 { SSL_CURVE_SECP256R1 },
305 },
306 {
307 "P-256:P-384:P-521:X25519",
308 {
309 SSL_CURVE_SECP256R1,
310 SSL_CURVE_SECP384R1,
311 SSL_CURVE_SECP521R1,
312 SSL_CURVE_X25519,
313 },
314 },
315};
316
317static const char *kBadCurvesLists[] = {
318 "",
319 ":",
320 "::",
321 "P-256::X25519",
322 "RSA:P-256",
323 "P-256:RSA",
324 "X25519:P-256:",
325 ":X25519:P-256",
326};
327
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]328static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
329 bool in_group = false;
330 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
332 if (!in_group && list->in_group_flags[i]) {
333 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]334 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]335 }
336 fprintf(stderr, "\t");
337 if (in_group) {
338 fprintf(stderr, " ");
339 }
340 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
341 if (in_group && !list->in_group_flags[i]) {
342 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]343 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]344 }
345 }
346}
347
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]348static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]349 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]350 if (!ctx) {
351 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]352 }
353
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]354 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
355 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]356 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]357 }
358
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]359 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]360 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
361 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
362 PrintCipherPreferenceList(ctx->cipher_list);
363 return false;
364 }
365
366 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]367 const SSL_CIPHER *cipher =
368 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]369 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
370 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
371 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]372 PrintCipherPreferenceList(ctx->cipher_list);
373 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]374 }
375 }
376
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]377 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]378}
379
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]380static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]381 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]382 if (!ctx) {
383 return false;
384 }
385 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
386 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
387 return false;
388 }
389 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
390 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
391 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
392 return false;
393 }
394 }
395 return true;
396}
397
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]398static bool TestRuleDoesNotIncludeCECPQ1(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]399 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]400 if (!ctx) {
401 return false;
402 }
403 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
404 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
405 return false;
406 }
407 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
408 if (SSL_CIPHER_is_CECPQ1(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
409 fprintf(stderr, "Error: cipher rule '%s' includes CECPQ1\n",rule);
410 return false;
411 }
412 }
413 return true;
414}
415
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]416static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]417 for (const CipherTest &test : kCipherTests) {
418 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]419 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]420 }
421 }
422
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]423 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]424 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]425 if (!ctx) {
426 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]427 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]428 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
429 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]430 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]431 }
432 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]433 }
434
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]435 for (const char *rule : kMustNotIncludeNull) {
436 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]437 return false;
438 }
439 }
440
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]441 for (const char *rule : kMustNotIncludeCECPQ1) {
442 if (!TestRuleDoesNotIncludeCECPQ1(rule)) {
443 return false;
444 }
445 }
446
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]447 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]448}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]449
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]450static bool TestCurveRule(const CurveTest &t) {
451 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
452 if (!ctx) {
453 return false;
454 }
455
456 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
457 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
458 return false;
459 }
460
461 // Compare the two lists.
462 if (ctx->supported_group_list_len != t.expected.size()) {
463 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
464 return false;
465 }
466
467 for (size_t i = 0; i < t.expected.size(); i++) {
468 if (t.expected[i] != ctx->supported_group_list[i]) {
469 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
470 return false;
471 }
472 }
473
474 return true;
475}
476
477static bool TestCurveRules() {
478 for (const CurveTest &test : kCurveTests) {
479 if (!TestCurveRule(test)) {
480 return false;
481 }
482 }
483
484 for (const char *rule : kBadCurvesLists) {
485 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
486 if (!ctx) {
487 return false;
488 }
489 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
490 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
491 return false;
492 }
493 ERR_clear_error();
494 }
495
496 return true;
497}
498
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]499// kOpenSSLSession is a serialized SSL_SESSION generated from openssl
500// s_client -sess_out.
501static const char kOpenSSLSession[] =
502 "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
503 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
504 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
505 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
506 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
507 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
508 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
509 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
510 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
511 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
512 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
513 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
514 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
515 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
516 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
517 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
518 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
519 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
520 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
521 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
522 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
523 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
524 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
525 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
526 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
527 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
528 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
529 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
530 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
531 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
532 "i4gv7Y5oliyn";
533
534// kCustomSession is a custom serialized SSL_SESSION generated by
535// filling in missing fields from |kOpenSSLSession|. This includes
536// providing |peer_sha256|, so |peer| is not serialized.
537static const char kCustomSession[] =
538 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
539 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
540 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
541 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
542 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
543 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
544 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
545 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
546
547// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
548static const char kBoringSSLSession[] =
549 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
550 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
551 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
552 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
553 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
554 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
555 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
556 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
557 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
558 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
559 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
560 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
561 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
562 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
563 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
564 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
565 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
566 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
567 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
568 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
569 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
570 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
571 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
572 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
573 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
574 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
575 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
576 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
577 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
578 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
579 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
580 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
581 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
582 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
583 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
584 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
585 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
586 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
587 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
588 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
589 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
590 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
591 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
592 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
593 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
594 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
595 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
596 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
597 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
598 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
599 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
600 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
601 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
602 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
603 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
604 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
605 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
606 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
607 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
608 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
609 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
610 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
611 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
612 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
613 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
614 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
615 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
616 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
617 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
618 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
619 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
620 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
621 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
622 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
623 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
624 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
625 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
626 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
627 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
628 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
629 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
630 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
631 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
632 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
633 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
634 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
635 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
636 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
637 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
638 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
639 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
640 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
641 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
642 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
643 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
644
645// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
646// the final (optional) element of |kCustomSession| with tag number 30.
647static const char kBadSessionExtraField[] =
648 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
649 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
650 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
651 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
652 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
653 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
654 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
655 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
656
657// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
658// the version of |kCustomSession| with 2.
659static const char kBadSessionVersion[] =
660 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
661 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
662 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
663 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
664 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
665 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
666 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
667 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
668
669// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
670// appended.
671static const char kBadSessionTrailingData[] =
672 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
673 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
674 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
675 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
676 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
677 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
678 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
679 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
680
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]681static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]683 if (!EVP_DecodedLength(&len, strlen(in))) {
684 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]686 }
687
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]688 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]689 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 strlen(in))) {
691 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]693 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694 out->resize(len);
695 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]696}
697
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 const uint8_t *cptr;
700 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]701
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]702 // Decode the input.
703 std::vector<uint8_t> input;
704 if (!DecodeBase64(&input, input_b64)) {
705 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 }
707
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]708 // Verify the SSL_SESSION decodes.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]709 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]710 if (!session) {
711 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]712 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]713 }
714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Verify the SSL_SESSION encoding round-trips.
716 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]717 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 uint8_t *encoded_raw;
719 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]720 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]722 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]723 encoded.reset(encoded_raw);
724 if (encoded_len != input.size() ||
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]725 memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]726 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]727 hexdump(stderr, "Before: ", input.data(), input.size());
728 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]729 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]730 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]731
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]732 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]733 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]734 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]735 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]736 fprintf(stderr, "d2i_SSL_SESSION failed\n");
737 return false;
738 }
739
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]740 // Verify the SSL_SESSION encoding round-trips via the legacy API.
741 int len = i2d_SSL_SESSION(session.get(), NULL);
742 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]743 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]744 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]745 }
746
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
748 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]749 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]750 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]751 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]752
753 ptr = encoded.get();
754 len = i2d_SSL_SESSION(session.get(), &ptr);
755 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]756 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]757 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]758 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]759 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]760 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]761 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]762 }
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]763 if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]764 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]765 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]766 }
767
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769}
770
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]771static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
772 std::vector<uint8_t> input;
773 if (!DecodeBase64(&input, input_b64)) {
774 return false;
775 }
776
777 // Verify that the SSL_SESSION fails to decode.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]778 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]779 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]780 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]781 return false;
782 }
783 ERR_clear_error();
784 return true;
785}
786
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]787static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]788 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]789 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]790 if (!ctx) {
791 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]792 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]793 if (ctx->min_version != min_version || ctx->max_version != max_version) {
794 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
795 ctx->min_version, ctx->max_version, min_version, max_version);
796 return false;
797 }
798 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]799}
800
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]801static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]802 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
803 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]804 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]805 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]806 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]807 if (!rfc_name) {
808 return false;
809 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]810 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]811 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]812}
813
814typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]815 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]816 const char *rfc_name;
817} CIPHER_RFC_NAME_TEST;
818
819static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]820 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
821 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
822 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
823 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
824 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
825 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
826 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
827 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
828 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
829 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
830 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
831 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
832 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
833 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
834 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
835 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
836 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
837 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
838 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
839 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
840 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
841 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
842
843 // These names are non-standard:
844 {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
845 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
846 {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
847 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]848};
849
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]850static bool TestCipherGetRFCName(void) {
851 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]852 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]853 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]854 std::string rfc_name;
855 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
856 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
857 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]858 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]859 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]860 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]861 rfc_name.c_str(), test->rfc_name);
862 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]863 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]864 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]865 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]866}
867
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]868// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
869// version and ticket length or nullptr on failure.
870static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
871 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]872 std::vector<uint8_t> der;
873 if (!DecodeBase64(&der, kOpenSSLSession)) {
874 return nullptr;
875 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]876 bssl::UniquePtr<SSL_SESSION> session(
877 SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]878 if (!session) {
879 return nullptr;
880 }
881
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]882 session->ssl_version = version;
883
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]884 // Swap out the ticket for a garbage one.
885 OPENSSL_free(session->tlsext_tick);
886 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
887 if (session->tlsext_tick == nullptr) {
888 return nullptr;
889 }
890 memset(session->tlsext_tick, 'a', ticket_len);
891 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]892
893 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]894#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
895 session->time = 1234;
896#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]897 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]898#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]899 return session;
900}
901
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]902static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]903 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]904 if (!bio) {
905 return false;
906 }
907 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]908 BIO_up_ref(bio.get());
909 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]910 int ret = SSL_connect(ssl);
911 if (ret > 0) {
912 // SSL_connect should fail without a BIO to write to.
913 return false;
914 }
915 ERR_clear_error();
916
917 const uint8_t *client_hello;
918 size_t client_hello_len;
919 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
920 return false;
921 }
922 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
923 return true;
924}
925
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]926// GetClientHelloLen creates a client SSL connection with the specified version
927// and ticket length. It returns the length of the ClientHello, not including
928// the record header, on success and zero on error.
929static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
930 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]931 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]932 bssl::UniquePtr<SSL_SESSION> session =
933 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]934 if (!ctx || !session) {
935 return 0;
936 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]937
938 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]939 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]940 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]941 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
942 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]943 return 0;
944 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]945
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]946 std::vector<uint8_t> client_hello;
947 if (!GetClientHello(ssl.get(), &client_hello) ||
948 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]949 return 0;
950 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]951
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]952 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]953}
954
955struct PaddingTest {
956 size_t input_len, padded_len;
957};
958
959static const PaddingTest kPaddingTests[] = {
960 // ClientHellos of length below 0x100 do not require padding.
961 {0xfe, 0xfe},
962 {0xff, 0xff},
963 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
964 {0x100, 0x200},
965 {0x123, 0x200},
966 {0x1fb, 0x200},
967 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
968 // padding extension takes a minimum of four bytes plus one required content
969 // byte. (To work around yet more server bugs, we avoid empty final
970 // extensions.)
971 {0x1fc, 0x201},
972 {0x1fd, 0x202},
973 {0x1fe, 0x203},
974 {0x1ff, 0x204},
975 // Finally, larger ClientHellos need no padding.
976 {0x200, 0x200},
977 {0x201, 0x201},
978};
979
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]980static bool TestPaddingExtension(uint16_t max_version,
981 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]982 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]983 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]984 if (base_len == 0) {
985 return false;
986 }
987
988 for (const PaddingTest &test : kPaddingTests) {
989 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]990 fprintf(stderr,
991 "Baseline ClientHello too long (max_version = %04x, "
992 "session_version = %04x).\n",
993 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]994 return false;
995 }
996
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]997 size_t padded_len = GetClientHelloLen(max_version, session_version,
998 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]999 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1000 fprintf(stderr,
1001 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1002 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1003 static_cast<unsigned>(test.input_len),
1004 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1005 static_cast<unsigned>(test.padded_len), max_version,
1006 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1007 return false;
1008 }
1009 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1010
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1011 return true;
1012}
1013
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1014// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1015// before configuring as a server.
1016static bool TestClientCAList() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1018 if (!ctx) {
1019 return false;
1020 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1021 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1022 if (!ssl) {
1023 return false;
1024 }
1025
1026 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
1027 if (stack == nullptr) {
1028 return false;
1029 }
1030 // |SSL_set_client_CA_list| takes ownership.
1031 SSL_set_client_CA_list(ssl.get(), stack);
1032
1033 return SSL_get_client_CA_list(ssl.get()) == stack;
1034}
1035
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1036static void AppendSession(SSL_SESSION *session, void *arg) {
1037 std::vector<SSL_SESSION*> *out =
1038 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1039 out->push_back(session);
1040}
1041
1042// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
1043// order.
1044static bool ExpectCache(SSL_CTX *ctx,
1045 const std::vector<SSL_SESSION*> &expected) {
1046 // Check the linked list.
1047 SSL_SESSION *ptr = ctx->session_cache_head;
1048 for (SSL_SESSION *session : expected) {
1049 if (ptr != session) {
1050 return false;
1051 }
1052 // TODO(davidben): This is an absurd way to denote the end of the list.
1053 if (ptr->next ==
1054 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1055 ptr = nullptr;
1056 } else {
1057 ptr = ptr->next;
1058 }
1059 }
1060 if (ptr != nullptr) {
1061 return false;
1062 }
1063
1064 // Check the hash table.
1065 std::vector<SSL_SESSION*> actual, expected_copy;
1066 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1067 expected_copy = expected;
1068
1069 std::sort(actual.begin(), actual.end());
1070 std::sort(expected_copy.begin(), expected_copy.end());
1071
1072 return actual == expected_copy;
1073}
1074
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1075static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
1076 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new());
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1077 if (!ret) {
1078 return nullptr;
1079 }
1080
1081 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
1082 memset(ret->session_id, 0, ret->session_id_length);
1083 memcpy(ret->session_id, &number, sizeof(number));
1084 return ret;
1085}
1086
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1087// Test that the internal session cache behaves as expected.
1088static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1089 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1090 if (!ctx) {
1091 return false;
1092 }
1093
1094 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1095 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1096 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1097 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1098 if (!session) {
1099 return false;
1100 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1101 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1102 }
1103
1104 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1105
1106 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1107 for (const auto &session : sessions) {
1108 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1109 return false;
1110 }
1111 }
1112
1113 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1114 std::vector<SSL_SESSION*> expected = {
1115 sessions[9].get(),
1116 sessions[8].get(),
1117 sessions[7].get(),
1118 sessions[6].get(),
1119 sessions[5].get(),
1120 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1121 if (!ExpectCache(ctx.get(), expected)) {
1122 return false;
1123 }
1124
1125 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1126 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1127 !ExpectCache(ctx.get(), expected)) {
1128 return false;
1129 }
1130
1131 // Although collisions should be impossible (256-bit session IDs), the cache
1132 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1133 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1134 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1135 return false;
1136 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1137 expected = {
1138 collision.get(),
1139 sessions[9].get(),
1140 sessions[8].get(),
1141 sessions[6].get(),
1142 sessions[5].get(),
1143 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1144 if (!ExpectCache(ctx.get(), expected)) {
1145 return false;
1146 }
1147
1148 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1149 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1150 return false;
1151 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1152 expected = {
1153 collision.get(),
1154 sessions[9].get(),
1155 sessions[8].get(),
1156 sessions[5].get(),
1157 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1158 if (!ExpectCache(ctx.get(), expected)) {
1159 return false;
1160 }
1161
1162 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1163 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1164 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1165 !ExpectCache(ctx.get(), expected)) {
1166 return false;
1167 }
1168
1169 return true;
1170}
1171
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1172static uint16_t EpochFromSequence(uint64_t seq) {
1173 return static_cast<uint16_t>(seq >> 48);
1174}
1175
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1176static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1177 static const char kCertPEM[] =
1178 "-----BEGIN CERTIFICATE-----\n"
1179 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1180 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1181 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1182 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1183 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1184 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1185 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1186 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1187 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1188 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1189 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1190 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1191 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1192 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1193 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1194 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1195}
1196
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1198 static const char kKeyPEM[] =
1199 "-----BEGIN RSA PRIVATE KEY-----\n"
1200 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1201 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1202 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1203 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1204 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1205 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1206 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1207 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1208 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1209 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1210 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1211 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1212 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1213 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1214 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1215 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1216 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1217}
1218
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1219static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1220 static const char kCertPEM[] =
1221 "-----BEGIN CERTIFICATE-----\n"
1222 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1223 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1224 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1225 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1226 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1227 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1228 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1229 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1230 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1231 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1232 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1233 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1234 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1235}
1236
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1237static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1238 static const char kKeyPEM[] =
1239 "-----BEGIN PRIVATE KEY-----\n"
1240 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1241 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1242 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1243 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1244 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1245 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1246 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1247}
1248
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1249static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1250 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1251 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1252 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1253 if (!client || !server) {
1254 return false;
1255 }
1256 SSL_set_connect_state(client.get());
1257 SSL_set_accept_state(server.get());
1258
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1259 SSL_set_session(client.get(), session);
1260
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1261 BIO *bio1, *bio2;
1262 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1263 return false;
1264 }
1265 // SSL_set_bio takes ownership.
1266 SSL_set_bio(client.get(), bio1, bio1);
1267 SSL_set_bio(server.get(), bio2, bio2);
1268
1269 // Drive both their handshakes to completion.
1270 for (;;) {
1271 int client_ret = SSL_do_handshake(client.get());
1272 int client_err = SSL_get_error(client.get(), client_ret);
1273 if (client_err != SSL_ERROR_NONE &&
1274 client_err != SSL_ERROR_WANT_READ &&
1275 client_err != SSL_ERROR_WANT_WRITE) {
1276 fprintf(stderr, "Client error: %d\n", client_err);
1277 return false;
1278 }
1279
1280 int server_ret = SSL_do_handshake(server.get());
1281 int server_err = SSL_get_error(server.get(), server_ret);
1282 if (server_err != SSL_ERROR_NONE &&
1283 server_err != SSL_ERROR_WANT_READ &&
1284 server_err != SSL_ERROR_WANT_WRITE) {
1285 fprintf(stderr, "Server error: %d\n", server_err);
1286 return false;
1287 }
1288
1289 if (client_ret == 1 && server_ret == 1) {
1290 break;
1291 }
1292 }
1293
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1294 *out_client = std::move(client);
1295 *out_server = std::move(server);
1296 return true;
1297}
1298
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1299static uint16_t kTLSVersions[] = {
1300 SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION,
1301};
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1302
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1303static uint16_t kDTLSVersions[] = {
1304 DTLS1_VERSION, DTLS1_2_VERSION,
1305};
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1306
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1307static bool TestSequenceNumber() {
1308 for (bool is_dtls : std::vector<bool>{false, true}) {
1309 const SSL_METHOD *method = is_dtls ? DTLS_method() : TLS_method();
1310 const uint16_t *versions = is_dtls ? kDTLSVersions : kTLSVersions;
1311 size_t num_versions = is_dtls ? OPENSSL_ARRAY_SIZE(kDTLSVersions)
1312 : OPENSSL_ARRAY_SIZE(kTLSVersions);
1313 for (size_t i = 0; i < num_versions; i++) {
1314 uint16_t version = versions[i];
1315 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1316 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1317 if (!server_ctx || !client_ctx ||
1318 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1319 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1320 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1321 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1322 return false;
1323 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1324
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1325 bssl::UniquePtr<X509> cert = GetTestCertificate();
1326 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1327 if (!cert || !key ||
1328 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1329 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1330 return false;
1331 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1332
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1333 bssl::UniquePtr<SSL> client, server;
1334 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1335 server_ctx.get(), nullptr /* no session */)) {
1336 return false;
1337 }
1338
1339 // Drain any post-handshake messages to ensure there are no unread records
1340 // on either end.
1341 uint8_t byte = 0;
1342 if (SSL_read(client.get(), &byte, 1) > 0 ||
1343 SSL_read(server.get(), &byte, 1) > 0) {
1344 fprintf(stderr, "Received unexpected data.\n");
1345 return false;
1346 }
1347
1348 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1349 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1350 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1351 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
1352
1353 if (is_dtls) {
1354 // Both client and server must be at epoch 1.
1355 if (EpochFromSequence(client_read_seq) != 1 ||
1356 EpochFromSequence(client_write_seq) != 1 ||
1357 EpochFromSequence(server_read_seq) != 1 ||
1358 EpochFromSequence(server_write_seq) != 1) {
1359 fprintf(stderr, "Bad epochs.\n");
1360 return false;
1361 }
1362
1363 // The next record to be written should exceed the largest received.
1364 if (client_write_seq <= server_read_seq ||
1365 server_write_seq <= client_read_seq) {
1366 fprintf(stderr, "Inconsistent sequence numbers.\n");
1367 return false;
1368 }
1369 } else {
1370 // The next record to be written should equal the next to be received.
1371 if (client_write_seq != server_read_seq ||
1372 server_write_seq != client_read_seq) {
1373 fprintf(stderr, "Inconsistent sequence numbers.\n");
1374 return false;
1375 }
1376 }
1377
1378 // Send a record from client to server.
1379 if (SSL_write(client.get(), &byte, 1) != 1 ||
1380 SSL_read(server.get(), &byte, 1) != 1) {
1381 fprintf(stderr, "Could not send byte.\n");
1382 return false;
1383 }
1384
1385 // The client write and server read sequence numbers should have
1386 // incremented.
1387 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1388 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1389 fprintf(stderr, "Sequence numbers did not increment.\n");
1390 return false;
1391 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1392 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1393 }
1394
1395 return true;
1396}
1397
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1398static bool TestOneSidedShutdown() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1399 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1400 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1401 if (!client_ctx || !server_ctx) {
1402 return false;
1403 }
1404
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1405 bssl::UniquePtr<X509> cert = GetTestCertificate();
1406 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1407 if (!cert || !key ||
1408 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1409 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1410 return false;
1411 }
1412
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1413 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1414 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1415 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1416 return false;
1417 }
1418
1419 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1420 // one side has shut down.
1421 if (SSL_shutdown(client.get()) != 0) {
1422 fprintf(stderr, "Could not shutdown.\n");
1423 return false;
1424 }
1425
1426 // Reading from the server should consume the EOF.
1427 uint8_t byte;
1428 if (SSL_read(server.get(), &byte, 1) != 0 ||
1429 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1430 fprintf(stderr, "Connection was not shut down cleanly.\n");
1431 return false;
1432 }
1433
1434 // However, the server may continue to write data and then shut down the
1435 // connection.
1436 byte = 42;
1437 if (SSL_write(server.get(), &byte, 1) != 1 ||
1438 SSL_read(client.get(), &byte, 1) != 1 ||
1439 byte != 42) {
1440 fprintf(stderr, "Could not send byte.\n");
1441 return false;
1442 }
1443
1444 // The server may then shutdown the connection.
1445 if (SSL_shutdown(server.get()) != 1 ||
1446 SSL_shutdown(client.get()) != 1) {
1447 fprintf(stderr, "Could not complete shutdown.\n");
1448 return false;
1449 }
1450
1451 return true;
1452}
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1453static bool TestSessionDuplication() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1454 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1455 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1456 if (!client_ctx || !server_ctx) {
1457 return false;
1458 }
1459
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1460 bssl::UniquePtr<X509> cert = GetTestCertificate();
1461 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1462 if (!cert || !key ||
1463 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1464 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1465 return false;
1466 }
1467
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1468 bssl::UniquePtr<SSL> client, server;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1469 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1470 server_ctx.get(), nullptr /* no session */)) {
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1471 return false;
1472 }
1473
1474 SSL_SESSION *session0 = SSL_get_session(client.get());
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1475 bssl::UniquePtr<SSL_SESSION> session1(SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1476 if (!session1) {
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1477 return false;
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1478 }
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1479
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1480 session1->not_resumable = 0;
1481
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1482 uint8_t *s0_bytes, *s1_bytes;
1483 size_t s0_len, s1_len;
1484
1485 if (!SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len)) {
1486 return false;
1487 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1488 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1489
1490 if (!SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len)) {
1491 return false;
1492 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1493 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1494
1495 return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
1496}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1497
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1498static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1499 if (SSL_get_rfd(ssl) != rfd || SSL_get_wfd(ssl) != wfd) {
1500 fprintf(stderr, "Got fds %d and %d, wanted %d and %d.\n", SSL_get_rfd(ssl),
1501 SSL_get_wfd(ssl), rfd, wfd);
1502 return false;
1503 }
1504
1505 // The wrapper BIOs are always equal when fds are equal, even if set
1506 // individually.
1507 if (rfd == wfd && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
1508 fprintf(stderr, "rbio and wbio did not match.\n");
1509 return false;
1510 }
1511
1512 return true;
1513}
1514
1515static bool TestSetFD() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1516 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1517 if (!ctx) {
1518 return false;
1519 }
1520
1521 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1522 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1523 if (!ssl ||
1524 !SSL_set_rfd(ssl.get(), 1) ||
1525 !SSL_set_wfd(ssl.get(), 2) ||
1526 !ExpectFDs(ssl.get(), 1, 2)) {
1527 return false;
1528 }
1529
1530 // Test setting the same FD.
1531 ssl.reset(SSL_new(ctx.get()));
1532 if (!ssl ||
1533 !SSL_set_fd(ssl.get(), 1) ||
1534 !ExpectFDs(ssl.get(), 1, 1)) {
1535 return false;
1536 }
1537
1538 // Test setting the same FD one side at a time.
1539 ssl.reset(SSL_new(ctx.get()));
1540 if (!ssl ||
1541 !SSL_set_rfd(ssl.get(), 1) ||
1542 !SSL_set_wfd(ssl.get(), 1) ||
1543 !ExpectFDs(ssl.get(), 1, 1)) {
1544 return false;
1545 }
1546
1547 // Test setting the same FD in the other order.
1548 ssl.reset(SSL_new(ctx.get()));
1549 if (!ssl ||
1550 !SSL_set_wfd(ssl.get(), 1) ||
1551 !SSL_set_rfd(ssl.get(), 1) ||
1552 !ExpectFDs(ssl.get(), 1, 1)) {
1553 return false;
1554 }
1555
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1556 // Test changing the read FD partway through.
1557 ssl.reset(SSL_new(ctx.get()));
1558 if (!ssl ||
1559 !SSL_set_fd(ssl.get(), 1) ||
1560 !SSL_set_rfd(ssl.get(), 2) ||
1561 !ExpectFDs(ssl.get(), 2, 1)) {
1562 return false;
1563 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1564
1565 // Test changing the write FD partway through.
1566 ssl.reset(SSL_new(ctx.get()));
1567 if (!ssl ||
1568 !SSL_set_fd(ssl.get(), 1) ||
1569 !SSL_set_wfd(ssl.get(), 2) ||
1570 !ExpectFDs(ssl.get(), 1, 2)) {
1571 return false;
1572 }
1573
1574 // Test a no-op change to the read FD partway through.
1575 ssl.reset(SSL_new(ctx.get()));
1576 if (!ssl ||
1577 !SSL_set_fd(ssl.get(), 1) ||
1578 !SSL_set_rfd(ssl.get(), 1) ||
1579 !ExpectFDs(ssl.get(), 1, 1)) {
1580 return false;
1581 }
1582
1583 // Test a no-op change to the write FD partway through.
1584 ssl.reset(SSL_new(ctx.get()));
1585 if (!ssl ||
1586 !SSL_set_fd(ssl.get(), 1) ||
1587 !SSL_set_wfd(ssl.get(), 1) ||
1588 !ExpectFDs(ssl.get(), 1, 1)) {
1589 return false;
1590 }
1591
1592 // ASan builds will implicitly test that the internal |BIO| reference-counting
1593 // is correct.
1594
1595 return true;
1596}
1597
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1598static bool TestSetBIO() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1599 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1600 if (!ctx) {
1601 return false;
1602 }
1603
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1604 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1605 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1606 bio3(BIO_new(BIO_s_mem()));
1607 if (!ssl || !bio1 || !bio2 || !bio3) {
1608 return false;
1609 }
1610
1611 // SSL_set_bio takes one reference when the parameters are the same.
1612 BIO_up_ref(bio1.get());
1613 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1614
1615 // Repeating the call does nothing.
1616 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1617
1618 // It takes one reference each when the parameters are different.
1619 BIO_up_ref(bio2.get());
1620 BIO_up_ref(bio3.get());
1621 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1622
1623 // Repeating the call does nothing.
1624 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1625
1626 // It takes one reference when changing only wbio.
1627 BIO_up_ref(bio1.get());
1628 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1629
1630 // It takes one reference when changing only rbio and the two are different.
1631 BIO_up_ref(bio3.get());
1632 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1633
1634 // If setting wbio to rbio, it takes no additional references.
1635 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1636
1637 // From there, wbio may be switched to something else.
1638 BIO_up_ref(bio1.get());
1639 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1640
1641 // If setting rbio to wbio, it takes no additional references.
1642 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1643
1644 // From there, rbio may be switched to something else, but, for historical
1645 // reasons, it takes a reference to both parameters.
1646 BIO_up_ref(bio1.get());
1647 BIO_up_ref(bio2.get());
1648 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1649
1650 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1651 // is correct.
1652 return true;
1653}
1654
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1655static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1656
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1657static bool TestGetPeerCertificate() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1658 bssl::UniquePtr<X509> cert = GetTestCertificate();
1659 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1660 if (!cert || !key) {
1661 return false;
1662 }
1663
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]1664 for (uint16_t version : kTLSVersions) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1665 // Configure both client and server to accept any certificate.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1666 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1667 if (!ctx ||
1668 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1669 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1670 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1671 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1672 return false;
1673 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1674 SSL_CTX_set_verify(
1675 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1676 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1677
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1678 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1679 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1680 nullptr /* no session */)) {
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1681 return false;
1682 }
1683
1684 // Client and server should both see the leaf certificate.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1685 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1686 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1687 fprintf(stderr, "%x: Server peer certificate did not match.\n", version);
1688 return false;
1689 }
1690
1691 peer.reset(SSL_get_peer_certificate(client.get()));
1692 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1693 fprintf(stderr, "%x: Client peer certificate did not match.\n", version);
1694 return false;
1695 }
1696
1697 // However, for historical reasons, the chain includes the leaf on the
1698 // client, but does not on the server.
1699 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1700 fprintf(stderr, "%x: Client peer chain was incorrect.\n", version);
1701 return false;
1702 }
1703
1704 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1705 fprintf(stderr, "%x: Server peer chain was incorrect.\n", version);
1706 return false;
1707 }
1708 }
1709
1710 return true;
1711}
1712
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1713static bool TestRetainOnlySHA256OfCerts() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1714 bssl::UniquePtr<X509> cert = GetTestCertificate();
1715 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1716 if (!cert || !key) {
1717 return false;
1718 }
1719
1720 uint8_t *cert_der = NULL;
1721 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1722 if (cert_der_len < 0) {
1723 return false;
1724 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1725 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1726
1727 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1728 SHA256(cert_der, cert_der_len, cert_sha256);
1729
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]1730 for (uint16_t version : kTLSVersions) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1731 // Configure both client and server to accept any certificate, but the
1732 // server must retain only the SHA-256 of the peer.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1733 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1734 if (!ctx ||
1735 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1736 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1737 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1738 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1739 return false;
1740 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1741 SSL_CTX_set_verify(
1742 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1743 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1744 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
1745
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1746 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1747 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1748 nullptr /* no session */)) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1749 return false;
1750 }
1751
1752 // The peer certificate has been dropped.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1753 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1754 if (peer) {
1755 fprintf(stderr, "%x: Peer certificate was retained.\n", version);
1756 return false;
1757 }
1758
1759 SSL_SESSION *session = SSL_get_session(server.get());
1760 if (!session->peer_sha256_valid) {
1761 fprintf(stderr, "%x: peer_sha256_valid was not set.\n", version);
1762 return false;
1763 }
1764
1765 if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
1766 fprintf(stderr, "%x: peer_sha256 did not match.\n", version);
1767 return false;
1768 }
1769 }
1770
1771 return true;
1772}
1773
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1774static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1775 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1776 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1777 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1778 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1779 // Our default cipher list varies by CPU capabilities, so manually place
1780 // the ChaCha20 ciphers in front.
1781 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1782 return false;
1783 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1784
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1785 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1786 if (!ssl) {
1787 return false;
1788 }
1789 std::vector<uint8_t> client_hello;
1790 if (!GetClientHello(ssl.get(), &client_hello)) {
1791 return false;
1792 }
1793
1794 // Zero the client_random.
1795 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1796 1 + 3 + // handshake message header
1797 2; // client_version
1798 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1799 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1800 return false;
1801 }
1802 memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
1803
1804 if (client_hello.size() != expected_len ||
1805 memcmp(client_hello.data(), expected, expected_len) != 0) {
1806 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1807 fprintf(stderr, "Got:\n\t");
1808 for (size_t i = 0; i < client_hello.size(); i++) {
1809 fprintf(stderr, "0x%02x, ", client_hello[i]);
1810 }
1811 fprintf(stderr, "\nWanted:\n\t");
1812 for (size_t i = 0; i < expected_len; i++) {
1813 fprintf(stderr, "0x%02x, ", expected[i]);
1814 }
1815 fprintf(stderr, "\n");
1816 return false;
1817 }
1818
1819 return true;
1820}
1821
1822// Tests that our ClientHellos do not change unexpectedly.
1823static bool TestClientHello() {
1824 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1825 0x16,
1826 0x03, 0x00,
1827 0x00, 0x3f,
1828 0x01,
1829 0x00, 0x00, 0x3b,
1830 0x03, 0x00,
1831 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1832 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1833 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1834 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1835 0x00,
1836 0x00, 0x14,
1837 0xc0, 0x09,
1838 0xc0, 0x13,
1839 0x00, 0x33,
1840 0xc0, 0x0a,
1841 0xc0, 0x14,
1842 0x00, 0x39,
1843 0x00, 0x2f,
1844 0x00, 0x35,
1845 0x00, 0x0a,
1846 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1847 };
1848 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1849 sizeof(kSSL3ClientHello))) {
1850 return false;
1851 }
1852
1853 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1854 0x16,
1855 0x03, 0x01,
1856 0x00, 0x5e,
1857 0x01,
1858 0x00, 0x00, 0x5a,
1859 0x03, 0x01,
1860 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1861 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1862 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1863 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1864 0x00,
1865 0x00, 0x12,
1866 0xc0, 0x09,
1867 0xc0, 0x13,
1868 0x00, 0x33,
1869 0xc0, 0x0a,
1870 0xc0, 0x14,
1871 0x00, 0x39,
1872 0x00, 0x2f,
1873 0x00, 0x35,
1874 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1875 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1876 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1877 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1878 };
1879 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1880 sizeof(kTLS1ClientHello))) {
1881 return false;
1882 }
1883
1884 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1885 0x16,
1886 0x03, 0x01,
1887 0x00, 0x5e,
1888 0x01,
1889 0x00, 0x00, 0x5a,
1890 0x03, 0x02,
1891 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1892 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1893 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1894 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1895 0x00,
1896 0x00, 0x12,
1897 0xc0, 0x09,
1898 0xc0, 0x13,
1899 0x00, 0x33,
1900 0xc0, 0x0a,
1901 0xc0, 0x14,
1902 0x00, 0x39,
1903 0x00, 0x2f,
1904 0x00, 0x35,
1905 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1906 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1907 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1908 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1909 };
1910 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1911 sizeof(kTLS11ClientHello))) {
1912 return false;
1913 }
1914
1915 static const uint8_t kTLS12ClientHello[] = {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1916 0x16, 0x03, 0x01, 0x00, 0x9e, 0x01, 0x00, 0x00, 0x9a, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1917 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1918 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1919 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0xcc, 0xa9,
1920 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
1921 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13,
1922 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1923 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1924 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1925 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00,
David Benjamin3a322f52016-10-26 12:45:35 -0400[diff] [blame]1926 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04,
1927 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]1928 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
1929 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1930 };
1931 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1932 sizeof(kTLS12ClientHello))) {
1933 return false;
1934 }
1935
1936 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1937 // implementation has settled enough that it won't change.
1938
1939 return true;
1940}
1941
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1942static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1943
1944static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1945 // Save the most recent session.
1946 g_last_session.reset(session);
1947 return 1;
1948}
1949
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1950static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1951 SSL_CTX *server_ctx) {
1952 g_last_session = nullptr;
1953 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1954
1955 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1956 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1957 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1958 nullptr /* no session */)) {
1959 fprintf(stderr, "Failed to connect client and server.\n");
1960 return nullptr;
1961 }
1962
1963 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1964 SSL_read(client.get(), nullptr, 0);
1965
1966 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1967
1968 if (!g_last_session) {
1969 fprintf(stderr, "Client did not receive a session.\n");
1970 return nullptr;
1971 }
1972 return std::move(g_last_session);
1973}
1974
1975static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1976 SSL_SESSION *session,
1977 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1978 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1979 if (!ConnectClientAndServer(&client, &server, client_ctx,
1980 server_ctx, session)) {
1981 fprintf(stderr, "Failed to connect client and server.\n");
1982 return false;
1983 }
1984
1985 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1986 fprintf(stderr, "Client and server were inconsistent.\n");
1987 return false;
1988 }
1989
1990 bool was_reused = !!SSL_session_reused(client.get());
1991 if (was_reused != reused) {
1992 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1993 was_reused ? "" : " not");
1994 return false;
1995 }
1996
1997 return true;
1998}
1999
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2000static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2001 SSL_CTX *server_ctx,
2002 SSL_SESSION *session) {
2003 g_last_session = nullptr;
2004 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2005
2006 bssl::UniquePtr<SSL> client, server;
2007 if (!ConnectClientAndServer(&client, &server, client_ctx,
2008 server_ctx, session)) {
2009 fprintf(stderr, "Failed to connect client and server.\n");
2010 return nullptr;
2011 }
2012
2013 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2014 fprintf(stderr, "Client and server were inconsistent.\n");
2015 return nullptr;
2016 }
2017
2018 if (!SSL_session_reused(client.get())) {
2019 fprintf(stderr, "Session was not reused.\n");
2020 return nullptr;
2021 }
2022
2023 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2024 SSL_read(client.get(), nullptr, 0);
2025
2026 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2027
2028 if (!g_last_session) {
2029 fprintf(stderr, "Client did not receive a renewed session.\n");
2030 return nullptr;
2031 }
2032 return std::move(g_last_session);
2033}
2034
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame^]2035static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2036 static const uint8_t kContext[] = {3};
2037
2038 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2039 return SSL_TLSEXT_ERR_ALERT_FATAL;
2040 }
2041
2042 return SSL_TLSEXT_ERR_OK;
2043}
2044
2045static int SwitchSessionIDContextEarly(
2046 const struct ssl_early_callback_ctx *ctx) {
2047 static const uint8_t kContext[] = {3};
2048
2049 if (!SSL_set_session_id_context(ctx->ssl, kContext, sizeof(kContext))) {
2050 return -1;
2051 }
2052
2053 return 1;
2054}
2055
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2056static bool TestSessionIDContext() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2057 bssl::UniquePtr<X509> cert = GetTestCertificate();
2058 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2059 if (!cert || !key) {
2060 return false;
2061 }
2062
2063 static const uint8_t kContext1[] = {1};
2064 static const uint8_t kContext2[] = {2};
2065
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2066 for (uint16_t version : kTLSVersions) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2067 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2068 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2069 if (!server_ctx || !client_ctx ||
2070 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2071 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2072 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2073 sizeof(kContext1)) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2074 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2075 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2076 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2077 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2078 return false;
2079 }
2080
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2081 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2082 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2083
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2084 bssl::UniquePtr<SSL_SESSION> session =
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2085 CreateClientSession(client_ctx.get(), server_ctx.get());
2086 if (!session) {
2087 fprintf(stderr, "Error getting session (version = %04x).\n", version);
2088 return false;
2089 }
2090
2091 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2092 true /* expect session reused */)) {
2093 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2094 return false;
2095 }
2096
2097 // Change the session ID context.
2098 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2099 sizeof(kContext2))) {
2100 return false;
2101 }
2102
2103 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2104 false /* expect session not reused */)) {
2105 fprintf(stderr,
2106 "Error connection with different context (version = %04x).\n",
2107 version);
2108 return false;
2109 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame^]2110
2111 // Change the session ID context back and install an SNI callback to switch
2112 // it.
2113 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2114 sizeof(kContext1))) {
2115 return false;
2116 }
2117
2118 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2119 SwitchSessionIDContextSNI);
2120
2121 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2122 false /* expect session not reused */)) {
2123 fprintf(
2124 stderr,
2125 "Error connection with different context (version = %04x, SNI).\n",
2126 version);
2127 return false;
2128 }
2129
2130 // Switch the session ID context with the early callback instead.
2131 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2132 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2133 SwitchSessionIDContextEarly);
2134
2135 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2136 false /* expect session not reused */)) {
2137 fprintf(
2138 stderr,
2139 "Error connection with different context (version = %04x, early).\n",
2140 version);
2141 return false;
2142 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2143 }
2144
2145 return true;
2146}
2147
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2148static timeval g_current_time;
2149
2150static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2151 *out_clock = g_current_time;
2152}
2153
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2154static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2155 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2156 int encrypt) {
2157 static const uint8_t kZeros[16] = {0};
2158
2159 if (encrypt) {
2160 memcpy(key_name, kZeros, sizeof(kZeros));
2161 RAND_bytes(iv, 16);
2162 } else if (memcmp(key_name, kZeros, 16) != 0) {
2163 return 0;
2164 }
2165
2166 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2167 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2168 return -1;
2169 }
2170
2171 // Returning two from the callback in decrypt mode renews the
2172 // session in TLS 1.2 and below.
2173 return encrypt ? 1 : 2;
2174}
2175
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2176static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2177 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2178 return false;
2179 }
2180
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2181 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2182 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2183 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2184
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2185#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2186 // Fuzzer-mode tickets are unencrypted.
2187 memcpy(plaintext.get(), ciphertext, len);
2188#else
2189 static const uint8_t kZeros[16] = {0};
2190 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2191 bssl::ScopedEVP_CIPHER_CTX ctx;
2192 int len1, len2;
2193 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2194 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2195 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2196 return false;
2197 }
2198
2199 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2200#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2201
2202 bssl::UniquePtr<SSL_SESSION> server_session(
2203 SSL_SESSION_from_bytes(plaintext.get(), len));
2204 if (!server_session) {
2205 return false;
2206 }
2207
2208 *out = server_session->time;
2209 return true;
2210}
2211
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2212static bool TestSessionTimeout() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2213 bssl::UniquePtr<X509> cert = GetTestCertificate();
2214 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2215 if (!cert || !key) {
2216 return false;
2217 }
2218
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2219 for (uint16_t version : kTLSVersions) {
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2220 for (bool server_test : std::vector<bool>{false, true}) {
2221 static const int kStartTime = 1000;
2222 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2223
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2224 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2225 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
2226 if (!server_ctx || !client_ctx ||
2227 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2228 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2229 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2230 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2231 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2232 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2233 return false;
2234 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2235
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2236 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2237 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2238
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2239 // Both client and server must enforce session timeouts.
2240 if (server_test) {
2241 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2242 } else {
2243 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
2244 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2245
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2246 // Configure a ticket callback which renews tickets.
2247 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2248
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2249 bssl::UniquePtr<SSL_SESSION> session =
2250 CreateClientSession(client_ctx.get(), server_ctx.get());
2251 if (!session) {
2252 fprintf(stderr, "Error getting session (version = %04x).\n", version);
2253 return false;
2254 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2255
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2256 // Advance the clock just behind the timeout.
David Benjamin8e816eb2016-11-02 23:24:29 -0400[diff] [blame]2257 g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT - 1;
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2258
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2259 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2260 session.get(),
2261 true /* expect session reused */)) {
2262 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2263 return false;
2264 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2265
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2266 // Advance the clock one more second.
2267 g_current_time.tv_sec++;
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2268
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2269 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2270 session.get(),
2271 false /* expect session not reused */)) {
2272 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2273 return false;
2274 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2275
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2276 // Rewind the clock to before the session was minted.
2277 g_current_time.tv_sec = kStartTime - 1;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2278
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2279 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2280 session.get(),
2281 false /* expect session not reused */)) {
2282 fprintf(stderr, "Error resuming session (version = %04x).\n", version);
2283 return false;
2284 }
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2285
2286 // SSL 3.0 cannot renew sessions.
2287 if (version == SSL3_VERSION) {
2288 continue;
2289 }
2290
2291 // Renew the session 10 seconds before expiration.
2292 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 10;
2293 bssl::UniquePtr<SSL_SESSION> new_session = ExpectSessionRenewed(
2294 client_ctx.get(), server_ctx.get(), session.get());
2295 if (!new_session) {
2296 fprintf(stderr, "Error renewing session (version = %04x).\n", version);
2297 return false;
2298 }
2299
2300 // This new session is not the same object as before.
2301 if (session.get() == new_session.get()) {
2302 fprintf(stderr, "New and old sessions alias (version = %04x).\n",
2303 version);
2304 return false;
2305 }
2306
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2307 // Check the sessions have timestamps measured from issuance.
2308 long session_time = 0;
2309 if (server_test) {
2310 if (!GetServerTicketTime(&session_time, new_session.get())) {
2311 fprintf(stderr, "Failed to decode session ticket (version = %04x).\n",
2312 version);
2313 return false;
2314 }
2315 } else {
2316 session_time = new_session->time;
2317 }
2318
2319 if (session_time != g_current_time.tv_sec) {
2320 fprintf(stderr,
2321 "New session is not measured from issuance (version = %04x).\n",
2322 version);
2323 return false;
2324 }
2325
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2326 // The new session is usable just before the old expiration.
2327 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT - 1;
2328 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2329 new_session.get(),
2330 true /* expect session reused */)) {
2331 fprintf(stderr, "Error resuming renewed session (version = %04x).\n",
2332 version);
2333 return false;
2334 }
2335
2336 // Renewal does not extend the lifetime, so it is not usable beyond the
2337 // old expiration.
2338 g_current_time.tv_sec = kStartTime + SSL_DEFAULT_SESSION_TIMEOUT + 1;
2339 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2340 new_session.get(),
2341 false /* expect session not reused */)) {
2342 fprintf(stderr,
2343 "Renewed session's lifetime is too long (version = %04x).\n",
2344 version);
2345 return false;
2346 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2347 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2348 }
2349
2350 return true;
2351}
2352
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2353static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2354 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2355 SSL_set_SSL_CTX(ssl, ctx);
2356 return SSL_TLSEXT_ERR_OK;
2357}
2358
2359static bool TestSNICallback() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2360 bssl::UniquePtr<X509> cert = GetTestCertificate();
2361 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2362 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2363 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2364 if (!cert || !key || !cert2 || !key2) {
2365 return false;
2366 }
2367
2368 // At each version, test that switching the |SSL_CTX| at the SNI callback
2369 // behaves correctly.
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2370 for (uint16_t version : kTLSVersions) {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2371 if (version == SSL3_VERSION) {
2372 continue;
2373 }
2374
2375 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
2376
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2377 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2378 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(TLS_method()));
2379 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2380 if (!server_ctx || !server_ctx2 || !client_ctx ||
2381 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2382 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2383 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2384 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2385 // Historically signing preferences would be lost in some cases with the
2386 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2387 // this doesn't happen when |version| is TLS 1.2, configure the private
2388 // key to only sign SHA-256.
2389 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2390 &kECDSAWithSHA256, 1) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2391 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2392 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2393 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2394 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2395 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2396 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2397 return false;
2398 }
2399
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2400 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2401 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
2402
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2403 bssl::UniquePtr<SSL> client, server;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2404 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2405 server_ctx.get(), nullptr)) {
2406 fprintf(stderr, "Handshake failed at version %04x.\n", version);
2407 return false;
2408 }
2409
2410 // The client should have received |cert2|.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2411 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2412 if (!peer ||
2413 X509_cmp(peer.get(), cert2.get()) != 0) {
2414 fprintf(stderr, "Incorrect certificate received at version %04x.\n",
2415 version);
2416 return false;
2417 }
2418 }
2419
2420 return true;
2421}
2422
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2423static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) {
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2424 if (!SSL_set_max_proto_version(ctx->ssl, TLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2425 return -1;
2426 }
2427
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2428 return 1;
2429}
2430
2431// TestEarlyCallbackVersionSwitch tests that the early callback can swap the
2432// maximum version.
2433static bool TestEarlyCallbackVersionSwitch() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2434 bssl::UniquePtr<X509> cert = GetTestCertificate();
2435 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2436 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2437 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2438 if (!cert || !key || !server_ctx || !client_ctx ||
2439 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2440 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2441 !SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION) ||
2442 !SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)) {
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2443 return false;
2444 }
2445
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2446 SSL_CTX_set_select_certificate_cb(server_ctx.get(), SetMaxVersion);
2447
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2448 bssl::UniquePtr<SSL> client, server;
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2449 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2450 server_ctx.get(), nullptr)) {
2451 return false;
2452 }
2453
2454 if (SSL_version(client.get()) != TLS1_2_VERSION) {
2455 fprintf(stderr, "Early callback failed to switch the maximum version.\n");
2456 return false;
2457 }
2458
2459 return true;
2460}
2461
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2462static bool TestSetVersion() {
2463 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2464 if (!ctx) {
2465 return false;
2466 }
2467
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2468 if (!SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2469 !SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION) ||
2470 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2471 !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2472 fprintf(stderr, "Could not set valid TLS version.\n");
2473 return false;
2474 }
2475
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2476 if (SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2477 SSL_CTX_set_max_proto_version(ctx.get(), 0x0200) ||
2478 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2479 SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2480 SSL_CTX_set_min_proto_version(ctx.get(), 0x0200) ||
2481 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2482 fprintf(stderr, "Unexpectedly set invalid TLS version.\n");
2483 return false;
2484 }
2485
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2486 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2487 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2488 fprintf(stderr, "Could not set default TLS version.\n");
2489 return false;
2490 }
2491
2492 if (ctx->min_version != SSL3_VERSION ||
2493 ctx->max_version != TLS1_2_VERSION) {
2494 fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n",
2495 ctx->min_version, ctx->max_version);
2496 return false;
2497 }
2498
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2499 ctx.reset(SSL_CTX_new(DTLS_method()));
2500 if (!ctx) {
2501 return false;
2502 }
2503
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2504 if (!SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
2505 !SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION) ||
2506 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
2507 !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2508 fprintf(stderr, "Could not set valid DTLS version.\n");
2509 return false;
2510 }
2511
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]2512 if (SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
2513 SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2514 SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2515 SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
2516 SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
2517 SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
2518 SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
2519 SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2520 fprintf(stderr, "Unexpectedly set invalid DTLS version.\n");
2521 return false;
2522 }
2523
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2524 if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
2525 !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
2526 fprintf(stderr, "Could not set default DTLS version.\n");
2527 return false;
2528 }
2529
2530 if (ctx->min_version != TLS1_1_VERSION ||
2531 ctx->max_version != TLS1_2_VERSION) {
2532 fprintf(stderr, "Default DTLS versions were incorrect (%04x and %04x).\n",
2533 ctx->min_version, ctx->max_version);
2534 return false;
2535 }
2536
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2537 return true;
2538}
2539
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2540static bool TestVersions() {
2541 bssl::UniquePtr<X509> cert = GetTestCertificate();
2542 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2543 if (!cert || !key) {
2544 return false;
2545 }
2546
2547 for (bool is_dtls : std::vector<bool>{false, true}) {
2548 const SSL_METHOD *method = is_dtls ? DTLS_method() : TLS_method();
2549 const char *name = is_dtls ? "DTLS" : "TLS";
2550 const uint16_t *versions = is_dtls ? kDTLSVersions : kTLSVersions;
2551 size_t num_versions = is_dtls ? OPENSSL_ARRAY_SIZE(kDTLSVersions)
2552 : OPENSSL_ARRAY_SIZE(kTLSVersions);
2553 for (size_t i = 0; i < num_versions; i++) {
2554 uint16_t version = versions[i];
2555 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2556 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2557 bssl::UniquePtr<SSL> client, server;
2558 if (!server_ctx || !client_ctx ||
2559 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2560 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2561 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2562 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2563 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2564 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2565 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2566 server_ctx.get(), nullptr /* no session */)) {
2567 fprintf(stderr, "Failed to connect %s at version %04x.\n", name,
2568 version);
2569 return false;
2570 }
2571
2572 if (SSL_version(client.get()) != version ||
2573 SSL_version(server.get()) != version) {
2574 fprintf(stderr,
2575 "%s version mismatch. Got %04x and %04x, wanted %04x.\n", name,
2576 SSL_version(client.get()), SSL_version(server.get()), version);
2577 return false;
2578 }
2579 }
2580 }
2581
2582 return true;
2583}
2584
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2585// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2586// selection callback.
2587static bool TestALPNCipherAvailable() {
2588 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2589
2590 bssl::UniquePtr<X509> cert = GetTestCertificate();
2591 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2592 if (!cert || !key) {
2593 return false;
2594 }
2595
2596 for (uint16_t version : kTLSVersions) {
2597 // SSL 3.0 lacks extensions.
2598 if (version == SSL3_VERSION) {
2599 continue;
2600 }
2601
2602 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2603 if (!ctx ||
2604 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2605 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2606 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2607 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2608 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2609 0) {
2610 return false;
2611 }
2612
2613 // The ALPN callback does not fail the handshake on error, so have the
2614 // callback write a boolean.
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2615 std::pair<uint16_t, bool> callback_state(version, false);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2616 SSL_CTX_set_alpn_select_cb(
2617 ctx.get(),
2618 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2619 unsigned in_len, void *arg) -> int {
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2620 auto state = reinterpret_cast<std::pair<uint16_t, bool>*>(arg);
2621 if (SSL_get_pending_cipher(ssl) != nullptr &&
2622 SSL_version(ssl) == state->first) {
2623 state->second = true;
2624 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2625 return SSL_TLSEXT_ERR_NOACK;
2626 },
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2627 &callback_state);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2628
2629 bssl::UniquePtr<SSL> client, server;
2630 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2631 nullptr /* no session */)) {
2632 return false;
2633 }
2634
Adam Langleyfb73e972016-11-02 13:21:29 -0700[diff] [blame]2635 if (!callback_state.second) {
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2636 fprintf(stderr,
2637 "%x: The pending cipher was not known in the ALPN callback.\n",
2638 version);
2639 return false;
2640 }
2641 }
2642
2643 return true;
2644}
2645
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]2646int main() {
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]2647 CRYPTO_library_init();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2648
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2649 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]2650 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2651 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
2652 !TestSSL_SESSIONEncoding(kCustomSession) ||
2653 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
2654 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
2655 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
2656 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]2657 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2658 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
2659 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
2660 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
2661 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
2662 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
2663 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
2664 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
2665 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
2666 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]2667 // Test the padding extension at TLS 1.2.
2668 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
2669 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
2670 // will be no PSK binder after the padding extension.
2671 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
2672 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
2673 // will be a PSK binder after the padding extension.
2674 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2675 !TestClientCAList() ||
2676 !TestInternalSessionCache() ||
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]2677 !TestSequenceNumber() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]2678 !TestOneSidedShutdown() ||
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]2679 !TestSessionDuplication() ||
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]2680 !TestSetFD() ||
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]2681 !TestSetBIO() ||
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]2682 !TestGetPeerCertificate() ||
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2683 !TestRetainOnlySHA256OfCerts() ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2684 !TestClientHello() ||
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2685 !TestSessionIDContext() ||
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2686 !TestSessionTimeout() ||
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2687 !TestSNICallback() ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2688 !TestEarlyCallbackVersionSwitch() ||
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2689 !TestSetVersion() ||
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2690 !TestVersions() ||
2691 !TestALPNCipherAvailable()) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]2692 ERR_print_errors_fp(stderr);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]2693 return 1;
2694 }
2695
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]2696 printf("PASS\n");
2697 return 0;
2698}