Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / d272dea99ba0298156ccf1dbfc2a645623addf02 / . / ssl / ssl_test.cc
blob: 4556fb7748f90bd28376578368e2d0fee6c1a01f [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]62 // True if this cipher list should fail in strict mode.
63 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]64};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]65
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]66struct CurveTest {
67 // The rule string to apply.
68 const char *rule;
69 // The list of expected curves, in order.
70 std::vector<uint16_t> expected;
71};
72
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]73static const CipherTest kCipherTests[] = {
74 // Selecting individual ciphers should work.
75 {
76 "ECDHE-ECDSA-CHACHA20-POLY1305:"
77 "ECDHE-RSA-CHACHA20-POLY1305:"
78 "ECDHE-ECDSA-AES128-GCM-SHA256:"
79 "ECDHE-RSA-AES128-GCM-SHA256",
80 {
81 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]82 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]83 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
84 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
85 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]86 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]87 },
88 // + reorders selected ciphers to the end, keeping their relative order.
89 {
90 "ECDHE-ECDSA-CHACHA20-POLY1305:"
91 "ECDHE-RSA-CHACHA20-POLY1305:"
92 "ECDHE-ECDSA-AES128-GCM-SHA256:"
93 "ECDHE-RSA-AES128-GCM-SHA256:"
94 "+aRSA",
95 {
96 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]97 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
98 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]99 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
100 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]101 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]102 },
103 // ! banishes ciphers from future selections.
104 {
105 "!aRSA:"
106 "ECDHE-ECDSA-CHACHA20-POLY1305:"
107 "ECDHE-RSA-CHACHA20-POLY1305:"
108 "ECDHE-ECDSA-AES128-GCM-SHA256:"
109 "ECDHE-RSA-AES128-GCM-SHA256",
110 {
111 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]112 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
113 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]114 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]115 },
116 // Multiple masks can be ANDed in a single rule.
117 {
118 "kRSA+AESGCM+AES128",
119 {
120 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
121 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]122 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]123 },
124 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]125 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]126 // ECDHE_RSA.
127 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]128 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]129 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]130 "AESGCM+AES128+aRSA",
131 {
132 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]133 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
134 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]135 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]136 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]137 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]138 {
139 "ECDHE-ECDSA-CHACHA20-POLY1305:"
140 "ECDHE-RSA-CHACHA20-POLY1305:"
141 "ECDHE-ECDSA-AES128-GCM-SHA256:"
142 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]143 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]144 {
145 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]147 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
148 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
149 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]150 true,
151 },
152 // Unknown selectors are no-ops, except in strict mode.
153 {
154 "ECDHE-ECDSA-CHACHA20-POLY1305:"
155 "ECDHE-RSA-CHACHA20-POLY1305:"
156 "ECDHE-ECDSA-AES128-GCM-SHA256:"
157 "ECDHE-RSA-AES128-GCM-SHA256:"
158 "-BOGUS2:+BOGUS3:!BOGUS4",
159 {
160 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
161 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
162 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
163 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
164 },
165 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]166 },
167 // Square brackets specify equi-preference groups.
168 {
169 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
170 "[ECDHE-RSA-CHACHA20-POLY1305]:"
171 "ECDHE-RSA-AES128-GCM-SHA256",
172 {
173 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]175 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]176 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
177 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]178 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]179 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]180 // Standard names may be used instead of OpenSSL names.
181 {
182 "[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]183 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]184 "[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
185 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
186 {
187 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
188 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
189 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
190 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
191 },
192 false,
193 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]194 // @STRENGTH performs a stable strength-sort of the selected ciphers and
195 // only the selected ciphers.
196 {
197 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]198 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]199 "!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]200 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]201 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]202 // Select ECDHE ones and sort them by strength. Ties should resolve
203 // based on the order above.
204 "kECDHE:@STRENGTH:-ALL:"
205 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
206 // by strength. Then RSA, backwards by strength.
207 "aRSA",
208 {
209 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
210 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]211 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]212 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
213 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
214 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]215 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]216 },
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]217 // Additional masks after @STRENGTH get silently discarded.
218 //
219 // TODO(davidben): Make this an error. If not silently discarded, they get
220 // interpreted as + opcodes which are very different.
221 {
222 "ECDHE-RSA-AES128-GCM-SHA256:"
223 "ECDHE-RSA-AES256-GCM-SHA384:"
224 "@STRENGTH+AES256",
225 {
226 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
227 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
228 },
229 false,
230 },
231 {
232 "ECDHE-RSA-AES128-GCM-SHA256:"
233 "ECDHE-RSA-AES256-GCM-SHA384:"
234 "@STRENGTH+AES256:"
235 "ECDHE-RSA-CHACHA20-POLY1305",
236 {
237 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
238 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
239 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
240 },
241 false,
242 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]243 // Exact ciphers may not be used in multi-part rules; they are treated
244 // as unknown aliases.
245 {
246 "ECDHE-ECDSA-AES128-GCM-SHA256:"
247 "ECDHE-RSA-AES128-GCM-SHA256:"
248 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
249 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
250 {
251 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
252 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
253 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]254 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]255 },
256 // SSLv3 matches everything that existed before TLS 1.2.
257 {
258 "AES128-SHA:AES128-SHA256:!SSLv3",
259 {
260 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
261 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]262 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]263 },
264 // TLSv1.2 matches everything added in TLS 1.2.
265 {
266 "AES128-SHA:AES128-SHA256:!TLSv1.2",
267 {
268 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
269 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]270 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]271 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]272 // The two directives have no intersection. But each component is valid, so
273 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]274 {
275 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
276 {
277 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
278 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
279 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]280 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]281 },
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]282 // Spaces, semi-colons and commas are separators.
283 {
284 "AES128-SHA: AES128-SHA256 AES256-SHA ,AES256-SHA256 ; AES128-GCM-SHA256",
285 {
286 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
287 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
288 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
289 {TLS1_CK_RSA_WITH_AES_256_SHA256, 0},
290 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
291 },
292 // …but not in strict mode.
293 true,
294 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]295};
296
297static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]298 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]299 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
300 "RSA]",
301 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]302 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]303 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]304 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]305 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]306 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]307 "",
308 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]309 // COMPLEMENTOFDEFAULT is empty.
310 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]311 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]312 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]313 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]314 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
315 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
316 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
317 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]318 // Opcode supplied, but missing selector.
319 "+",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]320 // Spaces are forbidden in equal-preference groups.
321 "[AES128-SHA | AES128-SHA256]",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]322};
323
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]324static const char *kMustNotIncludeNull[] = {
325 "ALL",
326 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]327 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]328 "FIPS",
329 "SHA",
330 "SHA1",
331 "RSA",
332 "SSLv3",
333 "TLSv1",
334 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]335};
336
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]337static const CurveTest kCurveTests[] = {
338 {
339 "P-256",
340 { SSL_CURVE_SECP256R1 },
341 },
342 {
343 "P-256:P-384:P-521:X25519",
344 {
345 SSL_CURVE_SECP256R1,
346 SSL_CURVE_SECP384R1,
347 SSL_CURVE_SECP521R1,
348 SSL_CURVE_X25519,
349 },
350 },
351};
352
353static const char *kBadCurvesLists[] = {
354 "",
355 ":",
356 "::",
357 "P-256::X25519",
358 "RSA:P-256",
359 "P-256:RSA",
360 "X25519:P-256:",
361 ":X25519:P-256",
362};
363
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]364static std::string CipherListToString(ssl_cipher_preference_list_st *list) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]365 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]366 std::string ret;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]367 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]368 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
369 if (!in_group && list->in_group_flags[i]) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]370 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]371 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]372 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]373 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]374 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]375 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]376 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]377 ret += SSL_CIPHER_get_name(cipher);
378 ret += "\n";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]379 if (in_group && !list->in_group_flags[i]) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]380 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]381 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]382 }
383 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]384 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]385}
386
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]387static bool CipherListsEqual(ssl_cipher_preference_list_st *list,
388 const std::vector<ExpectedCipher> &expected) {
389 if (sk_SSL_CIPHER_num(list->ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]390 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]391 }
392
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]393 for (size_t i = 0; i < expected.size(); i++) {
394 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
395 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
396 expected[i].in_group_flag != list->in_group_flags[i]) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]397 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]398 }
399 }
400
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]401 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]402}
403
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]404TEST(SSLTest, CipherRules) {
405 for (const CipherTest &t : kCipherTests) {
406 SCOPED_TRACE(t.rule);
407 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
408 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]409
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]410 // Test lax mode.
411 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
412 EXPECT_TRUE(CipherListsEqual(ctx->cipher_list, t.expected))
413 << "Cipher rule evaluated to:\n"
414 << CipherListToString(ctx->cipher_list);
415
416 // Test strict mode.
417 if (t.strict_fail) {
418 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
419 } else {
420 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
421 EXPECT_TRUE(CipherListsEqual(ctx->cipher_list, t.expected))
422 << "Cipher rule evaluated to:\n"
423 << CipherListToString(ctx->cipher_list);
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]424 }
425 }
426
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]427 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]428 SCOPED_TRACE(rule);
429 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
430 ASSERT_TRUE(ctx);
431
432 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]433 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]434 }
435
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]436 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]437 SCOPED_TRACE(rule);
438 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
439 ASSERT_TRUE(ctx);
440
441 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
442 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
443 EXPECT_FALSE(SSL_CIPHER_is_NULL(
444 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i)));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]445 }
446 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]447}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]448
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]449TEST(SSLTest, CurveRules) {
450 for (const CurveTest &t : kCurveTests) {
451 SCOPED_TRACE(t.rule);
452 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
453 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]454
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]455 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
456 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
457 for (size_t i = 0; i < t.expected.size(); i++) {
458 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]459 }
460 }
461
462 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]463 SCOPED_TRACE(rule);
464 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
465 ASSERT_TRUE(ctx);
466
467 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]468 ERR_clear_error();
469 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]470}
471
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]472// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]473static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]474 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]475 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
476 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
477 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
478 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
479 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
480 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
481 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
482 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
483 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
484 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
485 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
486 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
487 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
488 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
489 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
490 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
491 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
492 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
493 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
494 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
495 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
496 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
497 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
498 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
499 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
500 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
501 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
502 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
503 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]504 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]505
506// kCustomSession is a custom serialized SSL_SESSION generated by
507// filling in missing fields from |kOpenSSLSession|. This includes
508// providing |peer_sha256|, so |peer| is not serialized.
509static const char kCustomSession[] =
510 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
511 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
512 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
513 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
514 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
515 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
516 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
517 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
518
519// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
520static const char kBoringSSLSession[] =
521 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
522 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
523 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
524 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
525 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
526 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
527 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
528 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
529 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
530 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
531 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
532 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
533 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
534 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
535 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
536 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
537 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
538 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
539 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
540 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
541 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
542 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
543 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
544 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
545 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
546 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
547 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
548 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
549 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
550 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
551 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
552 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
553 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
554 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
555 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
556 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
557 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
558 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
559 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
560 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
561 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
562 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
563 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
564 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
565 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
566 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
567 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
568 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
569 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
570 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
571 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
572 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
573 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
574 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
575 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
576 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
577 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
578 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
579 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
580 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
581 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
582 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
583 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
584 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
585 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
586 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
587 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
588 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
589 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
590 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
591 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
592 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
593 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
594 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
595 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
596 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
597 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
598 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
599 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
600 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
601 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
602 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
603 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
604 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
605 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
606 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
607 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
608 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
609 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
610 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
611 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
612 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
613 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
614 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
615 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
616
617// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
618// the final (optional) element of |kCustomSession| with tag number 30.
619static const char kBadSessionExtraField[] =
620 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
621 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
622 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
623 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
624 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
625 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
626 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
627 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
628
629// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
630// the version of |kCustomSession| with 2.
631static const char kBadSessionVersion[] =
632 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
633 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
634 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
635 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
636 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
637 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
638 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
639 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
640
641// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
642// appended.
643static const char kBadSessionTrailingData[] =
644 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
645 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
646 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
647 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
648 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
649 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
650 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
651 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
652
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]653static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]654 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]655 if (!EVP_DecodedLength(&len, strlen(in))) {
656 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]657 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]658 }
659
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]660 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]661 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]662 strlen(in))) {
663 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]664 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]665 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]666 out->resize(len);
667 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]668}
669
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]670static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]671 const uint8_t *cptr;
672 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]673
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]674 // Decode the input.
675 std::vector<uint8_t> input;
676 if (!DecodeBase64(&input, input_b64)) {
677 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]678 }
679
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]680 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]681 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
682 if (!ssl_ctx) {
683 return false;
684 }
685 bssl::UniquePtr<SSL_SESSION> session(
686 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]687 if (!session) {
688 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]689 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 }
691
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 // Verify the SSL_SESSION encoding round-trips.
693 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]694 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]695 uint8_t *encoded_raw;
696 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]697 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]699 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]700 encoded.reset(encoded_raw);
701 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]702 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]703 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]704 hexdump(stderr, "Before: ", input.data(), input.size());
705 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]706 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]707 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]708
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]709 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]710 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]711 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]712 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]713 fprintf(stderr, "d2i_SSL_SESSION failed\n");
714 return false;
715 }
716
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]717 // Verify the SSL_SESSION encoding round-trips via the legacy API.
718 int len = i2d_SSL_SESSION(session.get(), NULL);
719 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]720 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]722 }
723
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]724 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
725 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]726 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]727 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]728 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]729
730 ptr = encoded.get();
731 len = i2d_SSL_SESSION(session.get(), &ptr);
732 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]733 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]734 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]735 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]736 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]737 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]738 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]739 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]740 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]741 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]742 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]743 }
744
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]745 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]746}
747
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]748static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
749 std::vector<uint8_t> input;
750 if (!DecodeBase64(&input, input_b64)) {
751 return false;
752 }
753
754 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]755 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
756 if (!ssl_ctx) {
757 return false;
758 }
759 bssl::UniquePtr<SSL_SESSION> session(
760 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]761 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]762 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]763 return false;
764 }
765 ERR_clear_error();
766 return true;
767}
768
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]769static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
770 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]771 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]772 ASSERT_TRUE(ctx);
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]773 EXPECT_EQ(min_version, ctx->conf_min_version);
774 EXPECT_EQ(max_version, ctx->conf_max_version);
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]775}
776
777TEST(SSLTest, DefaultVersion) {
778 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
779 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
780 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
781 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
782 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
783 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
784 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
785 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]786}
787
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]788TEST(SSLTest, CipherGetStandardName) {
789 static const struct {
790 int id;
791 const char *standard_name;
792 } kTests[] = {
793 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
794 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
795 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
796 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
797 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
798 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
799 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
800 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
801 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
802 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
803 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
804 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
805 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
806 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
807 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
808 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
809 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
810 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
811 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
812 };
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]813
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]814 for (const auto &t : kTests) {
815 SCOPED_TRACE(t.standard_name);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]816
817 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
818 ASSERT_TRUE(cipher);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]819 EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));
820
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]821 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
822 ASSERT_TRUE(rfc_name);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]823 EXPECT_STREQ(t.standard_name, rfc_name.get());
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]824 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]825}
826
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]827// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
828// version and ticket length or nullptr on failure.
829static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
830 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]831 std::vector<uint8_t> der;
832 if (!DecodeBase64(&der, kOpenSSLSession)) {
833 return nullptr;
834 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]835
836 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
837 if (!ssl_ctx) {
838 return nullptr;
839 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]840 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]841 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]842 if (!session) {
843 return nullptr;
844 }
845
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]846 session->ssl_version = version;
847
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]848 // Swap out the ticket for a garbage one.
849 OPENSSL_free(session->tlsext_tick);
850 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
851 if (session->tlsext_tick == nullptr) {
852 return nullptr;
853 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]854 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]855 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]856
857 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]858#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
859 session->time = 1234;
860#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]861 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]862#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]863 return session;
864}
865
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]866static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]867 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]868 if (!bio) {
869 return false;
870 }
871 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]872 BIO_up_ref(bio.get());
873 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]874 int ret = SSL_connect(ssl);
875 if (ret > 0) {
876 // SSL_connect should fail without a BIO to write to.
877 return false;
878 }
879 ERR_clear_error();
880
881 const uint8_t *client_hello;
882 size_t client_hello_len;
883 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
884 return false;
885 }
886 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
887 return true;
888}
889
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]890// GetClientHelloLen creates a client SSL connection with the specified version
891// and ticket length. It returns the length of the ClientHello, not including
892// the record header, on success and zero on error.
893static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
894 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]895 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]896 bssl::UniquePtr<SSL_SESSION> session =
897 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]898 if (!ctx || !session) {
899 return 0;
900 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]901
902 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]903 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]904 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]905 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]906 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]907 return 0;
908 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]909
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]910 std::vector<uint8_t> client_hello;
911 if (!GetClientHello(ssl.get(), &client_hello) ||
912 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]913 return 0;
914 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]915
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]916 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]917}
918
919struct PaddingTest {
920 size_t input_len, padded_len;
921};
922
923static const PaddingTest kPaddingTests[] = {
924 // ClientHellos of length below 0x100 do not require padding.
925 {0xfe, 0xfe},
926 {0xff, 0xff},
927 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
928 {0x100, 0x200},
929 {0x123, 0x200},
930 {0x1fb, 0x200},
931 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
932 // padding extension takes a minimum of four bytes plus one required content
933 // byte. (To work around yet more server bugs, we avoid empty final
934 // extensions.)
935 {0x1fc, 0x201},
936 {0x1fd, 0x202},
937 {0x1fe, 0x203},
938 {0x1ff, 0x204},
939 // Finally, larger ClientHellos need no padding.
940 {0x200, 0x200},
941 {0x201, 0x201},
942};
943
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]944static bool TestPaddingExtension(uint16_t max_version,
945 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]946 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]947 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]948 if (base_len == 0) {
949 return false;
950 }
951
952 for (const PaddingTest &test : kPaddingTests) {
953 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]954 fprintf(stderr,
955 "Baseline ClientHello too long (max_version = %04x, "
956 "session_version = %04x).\n",
957 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]958 return false;
959 }
960
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]961 size_t padded_len = GetClientHelloLen(max_version, session_version,
962 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]963 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]964 fprintf(stderr,
965 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
966 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]967 static_cast<unsigned>(test.input_len),
968 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]969 static_cast<unsigned>(test.padded_len), max_version,
970 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]971 return false;
972 }
973 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]974
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]975 return true;
976}
977
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]978// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
979// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]980TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]981 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]982 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]983 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]984 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]985
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]986 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
987 ASSERT_TRUE(name);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]988
Adam Langley34b4c822017-02-02 10:57:17 -0800[diff] [blame]989 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
990 ASSERT_TRUE(name_dup);
991
992 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
993 ASSERT_TRUE(stack);
994
995 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
996 name_dup.release();
997
998 // |SSL_set_client_CA_list| takes ownership.
999 SSL_set_client_CA_list(ssl.get(), stack.release());
1000
1001 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1002 ASSERT_TRUE(result);
1003 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1004 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]1005}
1006
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1007static void AppendSession(SSL_SESSION *session, void *arg) {
1008 std::vector<SSL_SESSION*> *out =
1009 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1010 out->push_back(session);
1011}
1012
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1013// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1014// order.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1015static bool CacheEquals(SSL_CTX *ctx,
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1016 const std::vector<SSL_SESSION*> &expected) {
1017 // Check the linked list.
1018 SSL_SESSION *ptr = ctx->session_cache_head;
1019 for (SSL_SESSION *session : expected) {
1020 if (ptr != session) {
1021 return false;
1022 }
1023 // TODO(davidben): This is an absurd way to denote the end of the list.
1024 if (ptr->next ==
1025 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1026 ptr = nullptr;
1027 } else {
1028 ptr = ptr->next;
1029 }
1030 }
1031 if (ptr != nullptr) {
1032 return false;
1033 }
1034
1035 // Check the hash table.
1036 std::vector<SSL_SESSION*> actual, expected_copy;
1037 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
1038 expected_copy = expected;
1039
1040 std::sort(actual.begin(), actual.end());
1041 std::sort(expected_copy.begin(), expected_copy.end());
1042
1043 return actual == expected_copy;
1044}
1045
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1046static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]1047 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1048 if (!ssl_ctx) {
1049 return nullptr;
1050 }
1051 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1052 if (!ret) {
1053 return nullptr;
1054 }
1055
1056 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1057 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1058 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1059 return ret;
1060}
1061
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1062// Test that the internal session cache behaves as expected.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1063TEST(SSLTest, InternalSessionCache) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1064 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1065 ASSERT_TRUE(ctx);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1066
1067 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1068 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1069 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1070 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1071 ASSERT_TRUE(session);
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1072 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1073 }
1074
1075 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1076
1077 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1078 for (const auto &session : sessions) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1079 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1080 }
1081
1082 // Only the last five should be in the list.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1083 ASSERT_TRUE(CacheEquals(
1084 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1085 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1086
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1087 // Inserting an element already in the cache should fail and leave the cache
1088 // unchanged.
1089 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1090 ASSERT_TRUE(CacheEquals(
1091 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1092 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1093
1094 // Although collisions should be impossible (256-bit session IDs), the cache
1095 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1096 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1097 ASSERT_TRUE(collision);
1098 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1099 ASSERT_TRUE(CacheEquals(
1100 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1101 sessions[6].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1102
1103 // Removing sessions behaves correctly.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1104 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1105 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1106 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1107
1108 // Removing sessions requires an exact match.
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1109 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1110 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1111
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]1112 // The cache remains unchanged.
1113 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1114 sessions[8].get(), sessions[5].get()}));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1115}
1116
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1117static uint16_t EpochFromSequence(uint64_t seq) {
1118 return static_cast<uint16_t>(seq >> 48);
1119}
1120
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1121static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1122 static const char kCertPEM[] =
1123 "-----BEGIN CERTIFICATE-----\n"
1124 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1125 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1126 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1127 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1128 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1129 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1130 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1131 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1132 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1133 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1134 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1135 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1136 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1137 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1138 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1139 return bssl::UniquePtr<X509>(
1140 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1141}
1142
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1143static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1144 static const char kKeyPEM[] =
1145 "-----BEGIN RSA PRIVATE KEY-----\n"
1146 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1147 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1148 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1149 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1150 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1151 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1152 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1153 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1154 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1155 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1156 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1157 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1158 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1159 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1160 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1161 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1162 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1163}
1164
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1165static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1166 static const char kCertPEM[] =
1167 "-----BEGIN CERTIFICATE-----\n"
1168 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1169 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1170 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1171 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1172 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1173 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1174 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1175 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1176 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1177 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1178 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1179 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1180 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1181}
1182
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1183static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1184 static const char kKeyPEM[] =
1185 "-----BEGIN PRIVATE KEY-----\n"
1186 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1187 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1188 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1189 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1190 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1191 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1192 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1193}
1194
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1195static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1196 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1197 char *name, *header;
1198 uint8_t *data;
1199 long data_len;
1200 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1201 &data_len)) {
1202 return nullptr;
1203 }
1204 OPENSSL_free(name);
1205 OPENSSL_free(header);
1206
1207 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1208 CRYPTO_BUFFER_new(data, data_len, nullptr));
1209 OPENSSL_free(data);
1210 return ret;
1211}
1212
1213static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1214 static const char kCertPEM[] =
1215 "-----BEGIN CERTIFICATE-----\n"
1216 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1217 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1218 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1219 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1220 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1221 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1222 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1223 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1224 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1225 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1226 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1227 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1228 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1229 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1230 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1231 "1ngWZ7Ih\n"
1232 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1233 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1234}
1235
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1236static bssl::UniquePtr<X509> X509FromBuffer(
1237 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1238 if (!buffer) {
1239 return nullptr;
1240 }
1241 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1242 return bssl::UniquePtr<X509>(
1243 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1244}
1245
1246static bssl::UniquePtr<X509> GetChainTestCertificate() {
1247 return X509FromBuffer(GetChainTestCertificateBuffer());
1248}
1249
1250static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1251 static const char kCertPEM[] =
1252 "-----BEGIN CERTIFICATE-----\n"
1253 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1254 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1255 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1256 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1257 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1258 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1259 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1260 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1261 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1262 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1263 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1264 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1265 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1266 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1267 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1268 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1269 return BufferFromPEM(kCertPEM);
1270}
1271
1272static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1273 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1274}
1275
1276static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1277 static const char kKeyPEM[] =
1278 "-----BEGIN PRIVATE KEY-----\n"
1279 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1280 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1281 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1282 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1283 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1284 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1285 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1286 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1287 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1288 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1289 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1290 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1291 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1292 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1293 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1294 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1295 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1296 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1297 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1298 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1299 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1300 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1301 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1302 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1303 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1304 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1305 "-----END PRIVATE KEY-----\n";
1306 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1307 return bssl::UniquePtr<EVP_PKEY>(
1308 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1309}
1310
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]1311static const uint8_t kTestName[] = {
1312 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
1313 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1314 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
1315 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
1316 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
1317 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64,
1318};
1319
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1320static bool CompleteHandshakes(SSL *client, SSL *server) {
1321 // Drive both their handshakes to completion.
1322 for (;;) {
1323 int client_ret = SSL_do_handshake(client);
1324 int client_err = SSL_get_error(client, client_ret);
1325 if (client_err != SSL_ERROR_NONE &&
1326 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1327 client_err != SSL_ERROR_WANT_WRITE &&
1328 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1329 fprintf(stderr, "Client error: %d\n", client_err);
1330 return false;
1331 }
1332
1333 int server_ret = SSL_do_handshake(server);
1334 int server_err = SSL_get_error(server, server_ret);
1335 if (server_err != SSL_ERROR_NONE &&
1336 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1337 server_err != SSL_ERROR_WANT_WRITE &&
1338 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1339 fprintf(stderr, "Server error: %d\n", server_err);
1340 return false;
1341 }
1342
1343 if (client_ret == 1 && server_ret == 1) {
1344 break;
1345 }
1346 }
1347
1348 return true;
1349}
1350
1351static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1352 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1353 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1354 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1355 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1356 if (!client || !server) {
1357 return false;
1358 }
1359 SSL_set_connect_state(client.get());
1360 SSL_set_accept_state(server.get());
1361
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1362 SSL_set_session(client.get(), session);
1363
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1364 BIO *bio1, *bio2;
1365 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1366 return false;
1367 }
1368 // SSL_set_bio takes ownership.
1369 SSL_set_bio(client.get(), bio1, bio1);
1370 SSL_set_bio(server.get(), bio2, bio2);
1371
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1372 if (!CompleteHandshakes(client.get(), server.get())) {
1373 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1374 }
1375
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1376 *out_client = std::move(client);
1377 *out_server = std::move(server);
1378 return true;
1379}
1380
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1381static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1382 uint16_t version) {
1383 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1384 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1385 if (!server_ctx || !client_ctx ||
1386 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1387 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1388 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1389 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1390 return false;
1391 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1392
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1393 bssl::UniquePtr<X509> cert = GetTestCertificate();
1394 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1395 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1396 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1397 return false;
1398 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1399
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1400 bssl::UniquePtr<SSL> client, server;
1401 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1402 server_ctx.get(), nullptr /* no session */)) {
1403 return false;
1404 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1405
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1406 // Drain any post-handshake messages to ensure there are no unread records
1407 // on either end.
1408 uint8_t byte = 0;
1409 if (SSL_read(client.get(), &byte, 1) > 0 ||
1410 SSL_read(server.get(), &byte, 1) > 0) {
1411 fprintf(stderr, "Received unexpected data.\n");
1412 return false;
1413 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1414
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1415 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1416 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1417 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1418 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1419
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1420 if (is_dtls) {
1421 // Both client and server must be at epoch 1.
1422 if (EpochFromSequence(client_read_seq) != 1 ||
1423 EpochFromSequence(client_write_seq) != 1 ||
1424 EpochFromSequence(server_read_seq) != 1 ||
1425 EpochFromSequence(server_write_seq) != 1) {
1426 fprintf(stderr, "Bad epochs.\n");
1427 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1428 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1429
1430 // The next record to be written should exceed the largest received.
1431 if (client_write_seq <= server_read_seq ||
1432 server_write_seq <= client_read_seq) {
1433 fprintf(stderr, "Inconsistent sequence numbers.\n");
1434 return false;
1435 }
1436 } else {
1437 // The next record to be written should equal the next to be received.
1438 if (client_write_seq != server_read_seq ||
1439 server_write_seq != client_read_seq) {
1440 fprintf(stderr, "Inconsistent sequence numbers.\n");
1441 return false;
1442 }
1443 }
1444
1445 // Send a record from client to server.
1446 if (SSL_write(client.get(), &byte, 1) != 1 ||
1447 SSL_read(server.get(), &byte, 1) != 1) {
1448 fprintf(stderr, "Could not send byte.\n");
1449 return false;
1450 }
1451
1452 // The client write and server read sequence numbers should have
1453 // incremented.
1454 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1455 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1456 fprintf(stderr, "Sequence numbers did not increment.\n");
1457 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1458 }
1459
1460 return true;
1461}
1462
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1463static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1464 uint16_t version) {
1465 // SSL_shutdown is a no-op in DTLS.
1466 if (is_dtls) {
1467 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1468 }
1469
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1470 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1471 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1472 bssl::UniquePtr<X509> cert = GetTestCertificate();
1473 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1474 if (!client_ctx || !server_ctx || !cert || !key ||
1475 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1476 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1477 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1478 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1479 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1480 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1481 return false;
1482 }
1483
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1484 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1485 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1486 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1487 return false;
1488 }
1489
1490 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1491 // one side has shut down.
1492 if (SSL_shutdown(client.get()) != 0) {
1493 fprintf(stderr, "Could not shutdown.\n");
1494 return false;
1495 }
1496
1497 // Reading from the server should consume the EOF.
1498 uint8_t byte;
1499 if (SSL_read(server.get(), &byte, 1) != 0 ||
1500 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1501 fprintf(stderr, "Connection was not shut down cleanly.\n");
1502 return false;
1503 }
1504
1505 // However, the server may continue to write data and then shut down the
1506 // connection.
1507 byte = 42;
1508 if (SSL_write(server.get(), &byte, 1) != 1 ||
1509 SSL_read(client.get(), &byte, 1) != 1 ||
1510 byte != 42) {
1511 fprintf(stderr, "Could not send byte.\n");
1512 return false;
1513 }
1514
1515 // The server may then shutdown the connection.
1516 if (SSL_shutdown(server.get()) != 1 ||
1517 SSL_shutdown(client.get()) != 1) {
1518 fprintf(stderr, "Could not complete shutdown.\n");
1519 return false;
1520 }
1521
1522 return true;
1523}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1524
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1525TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1526 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1527 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1528 ASSERT_TRUE(client_ctx);
1529 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1530
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1531 bssl::UniquePtr<X509> cert = GetTestCertificate();
1532 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1533 ASSERT_TRUE(cert);
1534 ASSERT_TRUE(key);
1535 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1536 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1537
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1538 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1539 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1540 server_ctx.get(),
1541 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1542
1543 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjamin31b0c9b2017-07-20 14:49:15 -0400[diff] [blame]1544 bssl::UniquePtr<SSL_SESSION> session1 =
1545 bssl::SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1546 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1547
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1548 session1->not_resumable = 0;
1549
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1550 uint8_t *s0_bytes, *s1_bytes;
1551 size_t s0_len, s1_len;
1552
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1553 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1554 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1555
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1556 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1557 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1558
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1559 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1560}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1561
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1562static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]1563 EXPECT_EQ(rfd, SSL_get_fd(ssl));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1564 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1565 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1566
1567 // The wrapper BIOs are always equal when fds are equal, even if set
1568 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1569 if (rfd == wfd) {
1570 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1571 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1572}
1573
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1574TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1575 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1576 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1577
1578 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1579 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1580 ASSERT_TRUE(ssl);
1581 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1582 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1583 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1584
1585 // Test setting the same FD.
1586 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1587 ASSERT_TRUE(ssl);
1588 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1589 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1590
1591 // Test setting the same FD one side at a time.
1592 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1593 ASSERT_TRUE(ssl);
1594 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1595 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1596 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1597
1598 // Test setting the same FD in the other order.
1599 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1600 ASSERT_TRUE(ssl);
1601 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1602 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1603 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1604
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1605 // Test changing the read FD partway through.
1606 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1607 ASSERT_TRUE(ssl);
1608 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1609 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1610 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1611
1612 // Test changing the write FD partway through.
1613 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1614 ASSERT_TRUE(ssl);
1615 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1616 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1617 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1618
1619 // Test a no-op change to the read FD partway through.
1620 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1621 ASSERT_TRUE(ssl);
1622 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1623 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1624 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1625
1626 // Test a no-op change to the write FD partway through.
1627 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1628 ASSERT_TRUE(ssl);
1629 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1630 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1631 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1632
1633 // ASan builds will implicitly test that the internal |BIO| reference-counting
1634 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1635}
1636
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1637TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1638 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1639 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1640
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1641 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1642 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1643 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1644 ASSERT_TRUE(ssl);
1645 ASSERT_TRUE(bio1);
1646 ASSERT_TRUE(bio2);
1647 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1648
1649 // SSL_set_bio takes one reference when the parameters are the same.
1650 BIO_up_ref(bio1.get());
1651 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1652
1653 // Repeating the call does nothing.
1654 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1655
1656 // It takes one reference each when the parameters are different.
1657 BIO_up_ref(bio2.get());
1658 BIO_up_ref(bio3.get());
1659 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1660
1661 // Repeating the call does nothing.
1662 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1663
1664 // It takes one reference when changing only wbio.
1665 BIO_up_ref(bio1.get());
1666 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1667
1668 // It takes one reference when changing only rbio and the two are different.
1669 BIO_up_ref(bio3.get());
1670 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1671
1672 // If setting wbio to rbio, it takes no additional references.
1673 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1674
1675 // From there, wbio may be switched to something else.
1676 BIO_up_ref(bio1.get());
1677 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1678
1679 // If setting rbio to wbio, it takes no additional references.
1680 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1681
1682 // From there, rbio may be switched to something else, but, for historical
1683 // reasons, it takes a reference to both parameters.
1684 BIO_up_ref(bio1.get());
1685 BIO_up_ref(bio2.get());
1686 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1687
1688 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1689 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1690}
1691
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1692static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1693
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1694static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1695 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1696 bssl::UniquePtr<X509> cert = GetTestCertificate();
1697 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1698 if (!cert || !key) {
1699 return false;
1700 }
1701
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1702 // Configure both client and server to accept any certificate.
1703 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1704 if (!ctx ||
1705 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1706 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1707 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1708 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1709 return false;
1710 }
1711 SSL_CTX_set_verify(
1712 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1713 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1714
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1715 bssl::UniquePtr<SSL> client, server;
1716 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1717 nullptr /* no session */)) {
1718 return false;
1719 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1720
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1721 // Client and server should both see the leaf certificate.
1722 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1723 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1724 fprintf(stderr, "Server peer certificate did not match.\n");
1725 return false;
1726 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1727
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1728 peer.reset(SSL_get_peer_certificate(client.get()));
1729 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1730 fprintf(stderr, "Client peer certificate did not match.\n");
1731 return false;
1732 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1733
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1734 // However, for historical reasons, the X509 chain includes the leaf on the
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1735 // client, but does not on the server.
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1736 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1 ||
1737 sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client.get())) != 1) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1738 fprintf(stderr, "Client peer chain was incorrect.\n");
1739 return false;
1740 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1741
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1742 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0 ||
1743 sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server.get())) != 1) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1744 fprintf(stderr, "Server peer chain was incorrect.\n");
1745 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1746 }
1747
1748 return true;
1749}
1750
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1751static bool TestNoPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1752 uint16_t version) {
1753 bssl::UniquePtr<X509> cert = GetTestCertificate();
1754 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1755 if (!cert || !key) {
1756 return false;
1757 }
1758
1759 // Configure an anonymous client.
1760 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method)),
1761 client_ctx(SSL_CTX_new(method));
1762 if (!server_ctx || !client_ctx ||
1763 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1764 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
1765 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1766 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1767 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1768 !SSL_CTX_set_max_proto_version(client_ctx.get(), version)) {
1769 return false;
1770 }
1771 SSL_CTX_set_verify(
1772 server_ctx.get(), SSL_VERIFY_PEER, nullptr);
1773 SSL_CTX_set_cert_verify_callback(server_ctx.get(), VerifySucceed, NULL);
1774 SSL_CTX_set_cert_verify_callback(client_ctx.get(), VerifySucceed, NULL);
1775
1776 bssl::UniquePtr<SSL> client, server;
1777 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1778 server_ctx.get(), nullptr /* no session */)) {
1779 return false;
1780 }
1781
1782 // Client and server should both see the leaf certificate.
1783 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1784 if (peer ||
1785 SSL_get0_peer_certificates(server.get()) != nullptr) {
1786 fprintf(stderr, "Server peer certificate was non-null.\n");
1787 return false;
1788 }
1789
1790 return true;
1791}
1792
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1793static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1794 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1795 bssl::UniquePtr<X509> cert = GetTestCertificate();
1796 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1797 if (!cert || !key) {
1798 return false;
1799 }
1800
1801 uint8_t *cert_der = NULL;
1802 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1803 if (cert_der_len < 0) {
1804 return false;
1805 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1806 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1807
1808 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1809 SHA256(cert_der, cert_der_len, cert_sha256);
1810
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1811 // Configure both client and server to accept any certificate, but the
1812 // server must retain only the SHA-256 of the peer.
1813 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1814 if (!ctx ||
1815 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1816 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1817 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1818 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1819 return false;
1820 }
1821 SSL_CTX_set_verify(
1822 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1823 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1824 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1825
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1826 bssl::UniquePtr<SSL> client, server;
1827 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1828 nullptr /* no session */)) {
1829 return false;
1830 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1831
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1832 // The peer certificate has been dropped.
1833 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1834 if (peer) {
1835 fprintf(stderr, "Peer certificate was retained.\n");
1836 return false;
1837 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1838
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1839 SSL_SESSION *session = SSL_get_session(server.get());
1840 if (!session->peer_sha256_valid) {
1841 fprintf(stderr, "peer_sha256_valid was not set.\n");
1842 return false;
1843 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1844
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1845 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1846 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1847 fprintf(stderr, "peer_sha256 did not match.\n");
1848 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1849 }
1850
1851 return true;
1852}
1853
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1854static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1855 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1856 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1857 // Our default cipher list varies by CPU capabilities, so manually place the
1858 // ChaCha20 ciphers in front.
Matthew Braithwaite7e06de52017-04-10 15:52:14 -0700[diff] [blame]1859 const char* cipher_list = "CHACHA20:ALL";
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1860 if (!ctx ||
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]1861 // SSLv3 is off by default.
1862 !SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION) ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1863 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1864 !SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list)) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1865 return false;
1866 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1867
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1868 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1869 if (!ssl) {
1870 return false;
1871 }
1872 std::vector<uint8_t> client_hello;
1873 if (!GetClientHello(ssl.get(), &client_hello)) {
1874 return false;
1875 }
1876
1877 // Zero the client_random.
1878 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1879 1 + 3 + // handshake message header
1880 2; // client_version
1881 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1882 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1883 return false;
1884 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1885 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1886
1887 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1888 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1889 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1890 fprintf(stderr, "Got:\n\t");
1891 for (size_t i = 0; i < client_hello.size(); i++) {
1892 fprintf(stderr, "0x%02x, ", client_hello[i]);
1893 }
1894 fprintf(stderr, "\nWanted:\n\t");
1895 for (size_t i = 0; i < expected_len; i++) {
1896 fprintf(stderr, "0x%02x, ", expected[i]);
1897 }
1898 fprintf(stderr, "\n");
1899 return false;
1900 }
1901
1902 return true;
1903}
1904
1905// Tests that our ClientHellos do not change unexpectedly.
1906static bool TestClientHello() {
1907 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1908 0x16,
1909 0x03, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1910 0x00, 0x3b,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1911 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1912 0x00, 0x00, 0x37,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1913 0x03, 0x00,
1914 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1915 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1916 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1917 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1918 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1919 0x00, 0x10,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1920 0xc0, 0x09,
1921 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1922 0xc0, 0x0a,
1923 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1924 0x00, 0x2f,
1925 0x00, 0x35,
1926 0x00, 0x0a,
1927 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1928 };
1929 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1930 sizeof(kSSL3ClientHello))) {
1931 return false;
1932 }
1933
1934 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1935 0x16,
1936 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1937 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1938 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1939 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1940 0x03, 0x01,
1941 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1942 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1943 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1944 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1945 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1946 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1947 0xc0, 0x09,
1948 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1949 0xc0, 0x0a,
1950 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1951 0x00, 0x2f,
1952 0x00, 0x35,
1953 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1954 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1955 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1956 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1957 };
1958 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1959 sizeof(kTLS1ClientHello))) {
1960 return false;
1961 }
1962
1963 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1964 0x16,
1965 0x03, 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1966 0x00, 0x5a,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1967 0x01,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1968 0x00, 0x00, 0x56,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1969 0x03, 0x02,
1970 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1971 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1972 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1973 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1974 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1975 0x00, 0x0e,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1976 0xc0, 0x09,
1977 0xc0, 0x13,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1978 0xc0, 0x0a,
1979 0xc0, 0x14,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1980 0x00, 0x2f,
1981 0x00, 0x35,
1982 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1983 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1984 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1985 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1986 };
1987 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1988 sizeof(kTLS11ClientHello))) {
1989 return false;
1990 }
1991
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1992 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1993 // builds.
1994#if defined(BORINGSSL_ANDROID_SYSTEM)
1995 return true;
1996#endif
1997
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1998 static const uint8_t kTLS12ClientHello[] = {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]1999 0x16,
2000 0x03, 0x01,
2001 0x00, 0x8e,
2002 0x01,
2003 0x00, 0x00, 0x8a,
2004 0x03, 0x03,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]2005 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]2007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2008 0x00, 0x2a,
2009 0xcc, 0xa9,
2010 0xcc, 0xa8,
2011 0xc0, 0x2b,
2012 0xc0, 0x2f,
2013 0xc0, 0x2c,
2014 0xc0, 0x30,
2015 0xc0, 0x09,
2016 0xc0, 0x23,
2017 0xc0, 0x13,
2018 0xc0, 0x27,
2019 0xc0, 0x0a,
2020 0xc0, 0x24,
2021 0xc0, 0x14,
2022 0xc0, 0x28,
2023 0x00, 0x9c,
2024 0x00, 0x9d,
2025 0x00, 0x2f,
2026 0x00, 0x3c,
2027 0x00, 0x35,
2028 0x00, 0x3d,
2029 0x00, 0x0a,
2030 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
2031 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04,
2032 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08,
2033 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
2034 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2035 };
2036 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
2037 sizeof(kTLS12ClientHello))) {
2038 return false;
2039 }
2040
2041 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
2042 // implementation has settled enough that it won't change.
2043
2044 return true;
2045}
2046
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2047static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2048
2049static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2050 // Save the most recent session.
2051 g_last_session.reset(session);
2052 return 1;
2053}
2054
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2055static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
Steven Valdeze831a812017-03-09 14:56:07 -0500[diff] [blame]2056 SSL_CTX *server_ctx) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2057 g_last_session = nullptr;
2058 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2059
2060 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2061 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2062 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2063 nullptr /* no session */)) {
2064 fprintf(stderr, "Failed to connect client and server.\n");
2065 return nullptr;
2066 }
2067
2068 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2069 SSL_read(client.get(), nullptr, 0);
2070
2071 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2072
2073 if (!g_last_session) {
2074 fprintf(stderr, "Client did not receive a session.\n");
2075 return nullptr;
2076 }
2077 return std::move(g_last_session);
2078}
2079
2080static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2081 SSL_SESSION *session,
2082 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2083 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2084 if (!ConnectClientAndServer(&client, &server, client_ctx,
2085 server_ctx, session)) {
2086 fprintf(stderr, "Failed to connect client and server.\n");
2087 return false;
2088 }
2089
2090 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2091 fprintf(stderr, "Client and server were inconsistent.\n");
2092 return false;
2093 }
2094
2095 bool was_reused = !!SSL_session_reused(client.get());
2096 if (was_reused != reused) {
2097 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
2098 was_reused ? "" : " not");
2099 return false;
2100 }
2101
2102 return true;
2103}
2104
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2105static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2106 SSL_CTX *server_ctx,
2107 SSL_SESSION *session) {
2108 g_last_session = nullptr;
2109 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2110
2111 bssl::UniquePtr<SSL> client, server;
2112 if (!ConnectClientAndServer(&client, &server, client_ctx,
2113 server_ctx, session)) {
2114 fprintf(stderr, "Failed to connect client and server.\n");
2115 return nullptr;
2116 }
2117
2118 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2119 fprintf(stderr, "Client and server were inconsistent.\n");
2120 return nullptr;
2121 }
2122
2123 if (!SSL_session_reused(client.get())) {
2124 fprintf(stderr, "Session was not reused.\n");
2125 return nullptr;
2126 }
2127
2128 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2129 SSL_read(client.get(), nullptr, 0);
2130
2131 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2132
2133 if (!g_last_session) {
2134 fprintf(stderr, "Client did not receive a renewed session.\n");
2135 return nullptr;
2136 }
2137 return std::move(g_last_session);
2138}
2139
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2140static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2141 static const uint8_t kContext[] = {3};
2142
2143 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2144 return SSL_TLSEXT_ERR_ALERT_FATAL;
2145 }
2146
2147 return SSL_TLSEXT_ERR_OK;
2148}
2149
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2150static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2151 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2152 bssl::UniquePtr<X509> cert = GetTestCertificate();
2153 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2154 if (!cert || !key) {
2155 return false;
2156 }
2157
2158 static const uint8_t kContext1[] = {1};
2159 static const uint8_t kContext2[] = {2};
2160
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2161 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2162 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2163 if (!server_ctx || !client_ctx ||
2164 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2165 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2166 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2167 sizeof(kContext1)) ||
2168 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2169 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2170 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2171 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2172 return false;
2173 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2174
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2175 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2176 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2177
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2178 bssl::UniquePtr<SSL_SESSION> session =
2179 CreateClientSession(client_ctx.get(), server_ctx.get());
2180 if (!session) {
2181 fprintf(stderr, "Error getting session.\n");
2182 return false;
2183 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2184
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2185 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2186 true /* expect session reused */)) {
2187 fprintf(stderr, "Error resuming session.\n");
2188 return false;
2189 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2190
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2191 // Change the session ID context.
2192 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2193 sizeof(kContext2))) {
2194 return false;
2195 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2196
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2197 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2198 false /* expect session not reused */)) {
2199 fprintf(stderr, "Error connecting with a different context.\n");
2200 return false;
2201 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2202
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2203 // Change the session ID context back and install an SNI callback to switch
2204 // it.
2205 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2206 sizeof(kContext1))) {
2207 return false;
2208 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2209
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2210 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2211 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2212
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2213 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2214 false /* expect session not reused */)) {
2215 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2216 return false;
2217 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2218
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2219 // Switch the session ID context with the early callback instead.
2220 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2221 SSL_CTX_set_select_certificate_cb(
2222 server_ctx.get(),
2223 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2224 static const uint8_t kContext[] = {3};
2225
2226 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2227 sizeof(kContext))) {
2228 return ssl_select_cert_error;
2229 }
2230
2231 return ssl_select_cert_success;
2232 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2233
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2234 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2235 false /* expect session not reused */)) {
2236 fprintf(stderr,
2237 "Error connecting with a context switch on early callback.\n");
2238 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2239 }
2240
2241 return true;
2242}
2243
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2244static timeval g_current_time;
2245
2246static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2247 *out_clock = g_current_time;
2248}
2249
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2250static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2251 out_clock->tv_sec = 1000;
2252 out_clock->tv_usec = 0;
2253}
2254
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2255static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2256 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2257 int encrypt) {
2258 static const uint8_t kZeros[16] = {0};
2259
2260 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2261 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2262 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2263 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2264 return 0;
2265 }
2266
2267 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2268 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2269 return -1;
2270 }
2271
2272 // Returning two from the callback in decrypt mode renews the
2273 // session in TLS 1.2 and below.
2274 return encrypt ? 1 : 2;
2275}
2276
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2277static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2278 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2279 return false;
2280 }
2281
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2282 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2283 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2284 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2285
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2286#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2287 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2288 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2289#else
2290 static const uint8_t kZeros[16] = {0};
2291 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2292 bssl::ScopedEVP_CIPHER_CTX ctx;
2293 int len1, len2;
2294 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2295 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2296 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2297 return false;
2298 }
2299
2300 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2301#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2302
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2303 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2304 if (!ssl_ctx) {
2305 return false;
2306 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2307 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2308 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2309 if (!server_session) {
2310 return false;
2311 }
2312
2313 *out = server_session->time;
2314 return true;
2315}
2316
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2317static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2318 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2319 bssl::UniquePtr<X509> cert = GetTestCertificate();
2320 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2321 if (!cert || !key) {
2322 return false;
2323 }
2324
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2325 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2326 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2327 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2328
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2329 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2330 // resumptions still perform ECDHE.
2331 const time_t timeout = version == TLS1_3_VERSION
2332 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2333 : SSL_DEFAULT_SESSION_TIMEOUT;
2334
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2335 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2336 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2337 if (!server_ctx || !client_ctx ||
2338 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2339 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2340 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2341 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2342 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2343 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2344 return false;
2345 }
2346
2347 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2348 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2349
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2350 // Both client and server must enforce session timeouts. We configure the
2351 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2352 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2353 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2354 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2355 } else {
2356 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2357 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2358 }
2359
2360 // Configure a ticket callback which renews tickets.
2361 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2362
2363 bssl::UniquePtr<SSL_SESSION> session =
2364 CreateClientSession(client_ctx.get(), server_ctx.get());
2365 if (!session) {
2366 fprintf(stderr, "Error getting session.\n");
2367 return false;
2368 }
2369
2370 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2371 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2372
2373 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2374 true /* expect session reused */)) {
2375 fprintf(stderr, "Error resuming session.\n");
2376 return false;
2377 }
2378
2379 // Advance the clock one more second.
2380 g_current_time.tv_sec++;
2381
2382 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2383 false /* expect session not reused */)) {
2384 fprintf(stderr, "Error resuming session.\n");
2385 return false;
2386 }
2387
2388 // Rewind the clock to before the session was minted.
2389 g_current_time.tv_sec = kStartTime - 1;
2390
2391 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2392 false /* expect session not reused */)) {
2393 fprintf(stderr, "Error resuming session.\n");
2394 return false;
2395 }
2396
2397 // SSL 3.0 cannot renew sessions.
2398 if (version == SSL3_VERSION) {
2399 continue;
2400 }
2401
2402 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2403 time_t new_start_time = kStartTime + timeout - 10;
2404 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2405 bssl::UniquePtr<SSL_SESSION> new_session =
2406 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2407 if (!new_session) {
2408 fprintf(stderr, "Error renewing session.\n");
2409 return false;
2410 }
2411
2412 // This new session is not the same object as before.
2413 if (session.get() == new_session.get()) {
2414 fprintf(stderr, "New and old sessions alias.\n");
2415 return false;
2416 }
2417
2418 // Check the sessions have timestamps measured from issuance.
2419 long session_time = 0;
2420 if (server_test) {
2421 if (!GetServerTicketTime(&session_time, new_session.get())) {
2422 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2423 return false;
2424 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2425 } else {
2426 session_time = new_session->time;
2427 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2428
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2429 if (session_time != g_current_time.tv_sec) {
2430 fprintf(stderr, "New session is not measured from issuance.\n");
2431 return false;
2432 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2433
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2434 if (version == TLS1_3_VERSION) {
2435 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2436 // lifetime TLS 1.3.
2437 g_current_time.tv_sec = new_start_time + timeout - 1;
2438 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2439 new_session.get(),
2440 true /* expect session reused */)) {
2441 fprintf(stderr, "Error resuming renewed session.\n");
2442 return false;
2443 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2444
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2445 // The new session expires after the new timeout.
2446 g_current_time.tv_sec = new_start_time + timeout + 1;
2447 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2448 new_session.get(),
2449 false /* expect session ot reused */)) {
2450 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2451 return false;
2452 }
2453
2454 // Renew the session until it begins just past the auth timeout.
2455 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2456 while (new_start_time < auth_end_time - 1000) {
2457 // Get as close as possible to target start time.
2458 new_start_time =
2459 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2460 g_current_time.tv_sec = new_start_time;
2461 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2462 new_session.get());
2463 if (!new_session) {
2464 fprintf(stderr, "Error renewing session.\n");
2465 return false;
2466 }
2467 }
2468
2469 // Now the session's lifetime is bound by the auth timeout.
2470 g_current_time.tv_sec = auth_end_time - 1;
2471 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2472 new_session.get(),
2473 true /* expect session reused */)) {
2474 fprintf(stderr, "Error resuming renewed session.\n");
2475 return false;
2476 }
2477
2478 g_current_time.tv_sec = auth_end_time + 1;
2479 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2480 new_session.get(),
2481 false /* expect session ot reused */)) {
2482 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2483 return false;
2484 }
2485 } else {
2486 // The new session is usable just before the old expiration.
2487 g_current_time.tv_sec = kStartTime + timeout - 1;
2488 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2489 new_session.get(),
2490 true /* expect session reused */)) {
2491 fprintf(stderr, "Error resuming renewed session.\n");
2492 return false;
2493 }
2494
2495 // Renewal does not extend the lifetime, so it is not usable beyond the
2496 // old expiration.
2497 g_current_time.tv_sec = kStartTime + timeout + 1;
2498 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2499 new_session.get(),
2500 false /* expect session not reused */)) {
2501 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2502 return false;
2503 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2504 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2505 }
2506
2507 return true;
2508}
2509
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2510static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2511 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2512 SSL_set_SSL_CTX(ssl, ctx);
2513 return SSL_TLSEXT_ERR_OK;
2514}
2515
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2516static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2517 uint16_t version) {
2518 // SSL 3.0 lacks extensions.
2519 if (version == SSL3_VERSION) {
2520 return true;
2521 }
2522
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2523 bssl::UniquePtr<X509> cert = GetTestCertificate();
2524 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2525 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2526 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2527 if (!cert || !key || !cert2 || !key2) {
2528 return false;
2529 }
2530
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2531 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2532 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2533
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2534 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2535 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2536
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2537 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2538 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2539 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2540 if (!server_ctx || !server_ctx2 || !client_ctx ||
2541 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2542 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2543 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2544 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2545 !SSL_CTX_set_signed_cert_timestamp_list(server_ctx2.get(), kSCTList,
2546 sizeof(kSCTList)) ||
2547 !SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2548 sizeof(kOCSPResponse)) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2549 // Historically signing preferences would be lost in some cases with the
2550 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2551 // this doesn't happen when |version| is TLS 1.2, configure the private
2552 // key to only sign SHA-256.
2553 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2554 1) ||
2555 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2556 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2557 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2558 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2559 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2560 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2561 return false;
2562 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2563
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2564 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2565 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2566
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2567 SSL_CTX_enable_signed_cert_timestamps(client_ctx.get());
2568 SSL_CTX_enable_ocsp_stapling(client_ctx.get());
2569
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2570 bssl::UniquePtr<SSL> client, server;
2571 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2572 server_ctx.get(), nullptr)) {
2573 fprintf(stderr, "Handshake failed.\n");
2574 return false;
2575 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2576
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2577 // The client should have received |cert2|.
2578 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2579 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2580 fprintf(stderr, "Incorrect certificate received.\n");
2581 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2582 }
2583
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2584 // The client should have received |server_ctx2|'s SCT list.
2585 const uint8_t *data;
2586 size_t len;
2587 SSL_get0_signed_cert_timestamp_list(client.get(), &data, &len);
2588 if (Bytes(kSCTList) != Bytes(data, len)) {
2589 fprintf(stderr, "Incorrect SCT list received.\n");
2590 return false;
2591 }
2592
2593 // The client should have received |server_ctx2|'s OCSP response.
2594 SSL_get0_ocsp_response(client.get(), &data, &len);
2595 if (Bytes(kOCSPResponse) != Bytes(data, len)) {
2596 fprintf(stderr, "Incorrect OCSP response received.\n");
2597 return false;
2598 }
2599
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2600 return true;
2601}
2602
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2603// Test that the early callback can swap the maximum version.
2604TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2605 bssl::UniquePtr<X509> cert = GetTestCertificate();
2606 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2607 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2608 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2609 ASSERT_TRUE(cert);
2610 ASSERT_TRUE(key);
2611 ASSERT_TRUE(server_ctx);
2612 ASSERT_TRUE(client_ctx);
2613 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2614 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2615 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2616 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2617
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2618 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2619 server_ctx.get(),
2620 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2621 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2622 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2623 }
2624
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2625 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2626 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2627
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2628 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2629 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2630 server_ctx.get(), nullptr));
2631 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2632}
2633
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2634TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2635 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2636 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2637
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2638 // Set valid TLS versions.
2639 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2640 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2641 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2642 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2643
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2644 // Invalid TLS versions are rejected.
2645 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2646 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2647 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2648 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2649 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2650 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2651
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2652 // Zero is the default version.
2653 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2654 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2655 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2656 EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2657
2658 // SSL 3.0 and TLS 1.3 are available, but not by default.
2659 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2660 EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2661 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2662 EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2663
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2664 // TLS1_3_DRAFT_VERSION is not an API-level version.
2665 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT_VERSION));
2666 ERR_clear_error();
2667
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2668 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2669 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2670
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2671 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2672 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2673 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2674 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2675
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2676 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2677 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2678 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2679 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2680 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2681 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2682 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2683 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2684
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2685 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2686 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2687 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2688 EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2689}
2690
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2691static const char *GetVersionName(uint16_t version) {
2692 switch (version) {
2693 case SSL3_VERSION:
2694 return "SSLv3";
2695 case TLS1_VERSION:
2696 return "TLSv1";
2697 case TLS1_1_VERSION:
2698 return "TLSv1.1";
2699 case TLS1_2_VERSION:
2700 return "TLSv1.2";
2701 case TLS1_3_VERSION:
2702 return "TLSv1.3";
2703 case DTLS1_VERSION:
2704 return "DTLSv1";
2705 case DTLS1_2_VERSION:
2706 return "DTLSv1.2";
2707 default:
2708 return "???";
2709 }
2710}
2711
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2712static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2713 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2714 bssl::UniquePtr<X509> cert = GetTestCertificate();
2715 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2716 if (!cert || !key) {
2717 return false;
2718 }
2719
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2720 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2721 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2722 bssl::UniquePtr<SSL> client, server;
2723 if (!server_ctx || !client_ctx ||
2724 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2725 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2726 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2727 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2728 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2729 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2730 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2731 server_ctx.get(), nullptr /* no session */)) {
2732 fprintf(stderr, "Failed to connect.\n");
2733 return false;
2734 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2735
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2736 if (SSL_version(client.get()) != version ||
2737 SSL_version(server.get()) != version) {
2738 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2739 SSL_version(client.get()), SSL_version(server.get()), version);
2740 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2741 }
2742
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2743 // Test the version name is reported as expected.
2744 const char *version_name = GetVersionName(version);
2745 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2746 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2747 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2748 SSL_get_version(client.get()), SSL_get_version(server.get()),
2749 version_name);
2750 return false;
2751 }
2752
2753 // Test SSL_SESSION reports the same name.
2754 const char *client_name =
2755 SSL_SESSION_get_version(SSL_get_session(client.get()));
2756 const char *server_name =
2757 SSL_SESSION_get_version(SSL_get_session(server.get()));
2758 if (strcmp(version_name, client_name) != 0 ||
2759 strcmp(version_name, server_name) != 0) {
2760 fprintf(stderr,
2761 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2762 client_name, server_name, version_name);
2763 return false;
2764 }
2765
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2766 return true;
2767}
2768
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2769// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2770// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2771static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2772 uint16_t version) {
2773 // SSL 3.0 lacks extensions.
2774 if (version == SSL3_VERSION) {
2775 return true;
2776 }
2777
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2778 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2779
2780 bssl::UniquePtr<X509> cert = GetTestCertificate();
2781 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2782 if (!cert || !key) {
2783 return false;
2784 }
2785
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2786 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2787 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2788 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2789 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2790 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2791 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2792 0) {
2793 return false;
2794 }
2795
2796 // The ALPN callback does not fail the handshake on error, so have the
2797 // callback write a boolean.
2798 std::pair<uint16_t, bool> callback_state(version, false);
2799 SSL_CTX_set_alpn_select_cb(
2800 ctx.get(),
2801 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2802 unsigned in_len, void *arg) -> int {
2803 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2804 if (SSL_get_pending_cipher(ssl) != nullptr &&
2805 SSL_version(ssl) == state->first) {
2806 state->second = true;
2807 }
2808 return SSL_TLSEXT_ERR_NOACK;
2809 },
2810 &callback_state);
2811
2812 bssl::UniquePtr<SSL> client, server;
2813 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2814 nullptr /* no session */)) {
2815 return false;
2816 }
2817
2818 if (!callback_state.second) {
2819 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2820 return false;
2821 }
2822
2823 return true;
2824}
2825
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2826static bool TestSSLClearSessionResumption(bool is_dtls,
2827 const SSL_METHOD *method,
2828 uint16_t version) {
2829 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2830 // API pattern.
2831 if (version == TLS1_3_VERSION) {
2832 return true;
2833 }
2834
2835 bssl::UniquePtr<X509> cert = GetTestCertificate();
2836 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2837 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2838 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2839 if (!cert || !key || !server_ctx || !client_ctx ||
2840 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2841 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2842 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2843 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2844 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2845 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2846 return false;
2847 }
2848
2849 // Connect a client and a server.
2850 bssl::UniquePtr<SSL> client, server;
2851 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2852 server_ctx.get(), nullptr /* no session */)) {
2853 return false;
2854 }
2855
2856 if (SSL_session_reused(client.get()) ||
2857 SSL_session_reused(server.get())) {
2858 fprintf(stderr, "Session unexpectedly reused.\n");
2859 return false;
2860 }
2861
2862 // Reset everything.
2863 if (!SSL_clear(client.get()) ||
2864 !SSL_clear(server.get())) {
2865 fprintf(stderr, "SSL_clear failed.\n");
2866 return false;
2867 }
2868
2869 // Attempt to connect a second time.
2870 if (!CompleteHandshakes(client.get(), server.get())) {
2871 fprintf(stderr, "Could not reuse SSL objects.\n");
2872 return false;
2873 }
2874
2875 // |SSL_clear| should implicitly offer the previous session to the server.
2876 if (!SSL_session_reused(client.get()) ||
2877 !SSL_session_reused(server.get())) {
2878 fprintf(stderr, "Session was not reused in second try.\n");
2879 return false;
2880 }
2881
2882 return true;
2883}
2884
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2885static bool ChainsEqual(STACK_OF(X509) *chain,
2886 const std::vector<X509 *> &expected) {
2887 if (sk_X509_num(chain) != expected.size()) {
2888 return false;
2889 }
2890
2891 for (size_t i = 0; i < expected.size(); i++) {
2892 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2893 return false;
2894 }
2895 }
2896
2897 return true;
2898}
2899
2900static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2901 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2902 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2903 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2904 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2905 if (!cert || !intermediate || !key) {
2906 return false;
2907 }
2908
2909 // Configure both client and server to accept any certificate. Add
2910 // |intermediate| to the cert store.
2911 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2912 if (!ctx ||
2913 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2914 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2915 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2916 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2917 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2918 intermediate.get())) {
2919 return false;
2920 }
2921 SSL_CTX_set_verify(
2922 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2923 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2924
2925 // By default, the client and server should each only send the leaf.
2926 bssl::UniquePtr<SSL> client, server;
2927 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2928 nullptr /* no session */)) {
2929 return false;
2930 }
2931
2932 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2933 fprintf(stderr, "Client-received chain did not match.\n");
2934 return false;
2935 }
2936
2937 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2938 fprintf(stderr, "Server-received chain did not match.\n");
2939 return false;
2940 }
2941
2942 // If auto-chaining is enabled, then the intermediate is sent.
2943 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2944 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2945 nullptr /* no session */)) {
2946 return false;
2947 }
2948
2949 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2950 {cert.get(), intermediate.get()})) {
2951 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
2952 return false;
2953 }
2954
2955 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2956 {cert.get(), intermediate.get()})) {
2957 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
2958 return false;
2959 }
2960
2961 // Auto-chaining does not override explicitly-configured intermediates.
2962 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
2963 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2964 nullptr /* no session */)) {
2965 return false;
2966 }
2967
2968 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2969 {cert.get(), cert.get()})) {
2970 fprintf(stderr,
2971 "Client-received chain did not match (auto-chaining, explicit "
2972 "intermediate).\n");
2973 return false;
2974 }
2975
2976 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2977 {cert.get(), cert.get()})) {
2978 fprintf(stderr,
2979 "Server-received chain did not match (auto-chaining, explicit "
2980 "intermediate).\n");
2981 return false;
2982 }
2983
2984 return true;
2985}
2986
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2987static bool ExpectBadWriteRetry() {
2988 int err = ERR_get_error();
2989 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2990 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2991 char buf[ERR_ERROR_STRING_BUF_LEN];
2992 ERR_error_string_n(err, buf, sizeof(buf));
2993 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2994 return false;
2995 }
2996
2997 if (ERR_peek_error() != 0) {
2998 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2999 return false;
3000 }
3001
3002 return true;
3003}
3004
3005static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
3006 uint16_t version) {
3007 if (is_dtls) {
3008 return true;
3009 }
3010
3011 for (bool enable_partial_write : std::vector<bool>{false, true}) {
3012 // Connect a client and server.
3013 bssl::UniquePtr<X509> cert = GetTestCertificate();
3014 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3015 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3016 bssl::UniquePtr<SSL> client, server;
3017 if (!cert || !key || !ctx ||
3018 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3019 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3020 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3021 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
3022 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3023 nullptr /* no session */)) {
3024 return false;
3025 }
3026
3027 if (enable_partial_write) {
3028 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
3029 }
3030
3031 // Write without reading until the buffer is full and we have an unfinished
3032 // write. Keep a count so we may reread it again later. "hello!" will be
3033 // written in two chunks, "hello" and "!".
3034 char data[] = "hello!";
3035 static const int kChunkLen = 5; // The length of "hello".
3036 unsigned count = 0;
3037 for (;;) {
3038 int ret = SSL_write(client.get(), data, kChunkLen);
3039 if (ret <= 0) {
3040 int err = SSL_get_error(client.get(), ret);
3041 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
3042 break;
3043 }
3044 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
3045 return false;
3046 }
3047
3048 if (ret != 5) {
3049 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
3050 return false;
3051 }
3052
3053 count++;
3054 }
3055
3056 // Retrying with the same parameters is legal.
3057 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
3058 SSL_ERROR_WANT_WRITE) {
3059 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3060 return false;
3061 }
3062
3063 // Retrying with the same buffer but shorter length is not legal.
3064 if (SSL_get_error(client.get(),
3065 SSL_write(client.get(), data, kChunkLen - 1)) !=
3066 SSL_ERROR_SSL ||
3067 !ExpectBadWriteRetry()) {
3068 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3069 return false;
3070 }
3071
3072 // Retrying with a different buffer pointer is not legal.
3073 char data2[] = "hello";
3074 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
3075 kChunkLen)) != SSL_ERROR_SSL ||
3076 !ExpectBadWriteRetry()) {
3077 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3078 return false;
3079 }
3080
3081 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
3082 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
3083 if (SSL_get_error(client.get(),
3084 SSL_write(client.get(), data2, kChunkLen)) !=
3085 SSL_ERROR_WANT_WRITE) {
3086 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3087 return false;
3088 }
3089
3090 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
3091 if (SSL_get_error(client.get(),
3092 SSL_write(client.get(), data2, kChunkLen - 1)) !=
3093 SSL_ERROR_SSL ||
3094 !ExpectBadWriteRetry()) {
3095 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
3096 return false;
3097 }
3098
3099 // Retrying with a larger buffer is legal.
3100 if (SSL_get_error(client.get(),
3101 SSL_write(client.get(), data, kChunkLen + 1)) !=
3102 SSL_ERROR_WANT_WRITE) {
3103 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
3104 return false;
3105 }
3106
3107 // Drain the buffer.
3108 char buf[20];
3109 for (unsigned i = 0; i < count; i++) {
3110 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3111 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
3112 fprintf(stderr, "Failed to read initial records.\n");
3113 return false;
3114 }
3115 }
3116
3117 // Now that there is space, a retry with a larger buffer should flush the
3118 // pending record, skip over that many bytes of input (on assumption they
3119 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
3120 // is set, this will complete in two steps.
3121 char data3[] = "_____!";
3122 if (enable_partial_write) {
3123 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
3124 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
3125 fprintf(stderr, "SSL_write retry failed.\n");
3126 return false;
3127 }
3128 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3129 fprintf(stderr, "SSL_write retry failed.\n");
3130 return false;
3131 }
3132
3133 // Check the last write was correct. The data will be spread over two
3134 // records, so SSL_read returns twice.
3135 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3136 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3137 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3138 buf[0] != '!') {
3139 fprintf(stderr, "Failed to read write retry.\n");
3140 return false;
3141 }
3142 }
3143
3144 return true;
3145}
3146
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]3147static bool TestRecordCallback(bool is_dtls, const SSL_METHOD *method,
3148 uint16_t version) {
3149 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
3150 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
3151 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3152 if (!cert || !intermediate || !key) {
3153 return false;
3154 }
3155
3156 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
3157 if (!ctx ||
3158 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
3159 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
3160 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
3161 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
3162 return false;
3163 }
3164
3165 bool read_seen = false;
3166 bool write_seen = false;
3167 auto cb = [&](int is_write, int cb_version, int cb_type, const void *buf,
3168 size_t len, SSL *ssl) {
3169 if (cb_type != SSL3_RT_HEADER) {
3170 return;
3171 }
3172
3173 // The callback does not report a version for records.
3174 EXPECT_EQ(0, cb_version);
3175
3176 if (is_write) {
3177 write_seen = true;
3178 } else {
3179 read_seen = true;
3180 }
3181
3182 // Sanity-check that the record header is plausible.
3183 CBS cbs;
3184 CBS_init(&cbs, reinterpret_cast<const uint8_t *>(buf), len);
3185 uint8_t type;
3186 uint16_t record_version, length;
3187 ASSERT_TRUE(CBS_get_u8(&cbs, &type));
3188 ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
3189 EXPECT_TRUE(record_version == version ||
3190 record_version == (is_dtls ? DTLS1_VERSION : TLS1_VERSION))
3191 << "Invalid record version: " << record_version;
3192 if (is_dtls) {
3193 uint16_t epoch;
3194 ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
3195 EXPECT_TRUE(epoch == 0 || epoch == 1) << "Invalid epoch: " << epoch;
3196 ASSERT_TRUE(CBS_skip(&cbs, 6));
3197 }
3198 ASSERT_TRUE(CBS_get_u16(&cbs, &length));
3199 EXPECT_EQ(0u, CBS_len(&cbs));
3200 };
3201 using CallbackType = decltype(cb);
3202 SSL_CTX_set_msg_callback(
3203 ctx.get(), [](int is_write, int cb_version, int cb_type, const void *buf,
3204 size_t len, SSL *ssl, void *arg) {
3205 CallbackType *cb_ptr = reinterpret_cast<CallbackType *>(arg);
3206 (*cb_ptr)(is_write, cb_version, cb_type, buf, len, ssl);
3207 });
3208 SSL_CTX_set_msg_callback_arg(ctx.get(), &cb);
3209
3210 bssl::UniquePtr<SSL> client, server;
3211 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
3212 nullptr /* no session */)) {
3213 return false;
3214 }
3215
3216 EXPECT_TRUE(read_seen);
3217 EXPECT_TRUE(write_seen);
3218 return true;
3219}
3220
3221
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3222static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3223 const SSL_METHOD *method,
3224 uint16_t version)) {
3225 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]3226 SSL3_VERSION,
3227 TLS1_VERSION,
3228 TLS1_1_VERSION,
3229 TLS1_2_VERSION,
3230// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3231#if !defined(BORINGSSL_ANDROID_SYSTEM)
3232 TLS1_3_VERSION,
3233#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3234 };
3235
3236 static uint16_t kDTLSVersions[] = {
3237 DTLS1_VERSION, DTLS1_2_VERSION,
3238 };
3239
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3240 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3241 if (!test_func(false, TLS_method(), version)) {
3242 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3243 return false;
3244 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3245 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3246
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3247 for (uint16_t version : kDTLSVersions) {
3248 if (!test_func(true, DTLS_method(), version)) {
3249 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3250 return false;
3251 }
3252 }
3253
3254 return true;
3255}
3256
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3257TEST(SSLTest, AddChainCertHack) {
3258 // Ensure that we don't accidently break the hack that we have in place to
3259 // keep curl and serf happy when they use an |X509| even after transfering
3260 // ownership.
3261
3262 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3263 ASSERT_TRUE(ctx);
3264 X509 *cert = GetTestCertificate().release();
3265 ASSERT_TRUE(cert);
3266 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3267
3268 // This should not trigger a use-after-free.
3269 X509_cmp(cert, cert);
3270}
3271
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3272TEST(SSLTest, GetCertificate) {
3273 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3274 ASSERT_TRUE(ctx);
3275 bssl::UniquePtr<X509> cert = GetTestCertificate();
3276 ASSERT_TRUE(cert);
3277 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3278 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3279 ASSERT_TRUE(ssl);
3280
3281 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3282 ASSERT_TRUE(cert2);
3283 X509 *cert3 = SSL_get_certificate(ssl.get());
3284 ASSERT_TRUE(cert3);
3285
3286 // The old and new certificates must be identical.
3287 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3288 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3289
3290 uint8_t *der = nullptr;
3291 long der_len = i2d_X509(cert.get(), &der);
3292 ASSERT_LT(0, der_len);
3293 bssl::UniquePtr<uint8_t> free_der(der);
3294
3295 uint8_t *der2 = nullptr;
3296 long der2_len = i2d_X509(cert2, &der2);
3297 ASSERT_LT(0, der2_len);
3298 bssl::UniquePtr<uint8_t> free_der2(der2);
3299
3300 uint8_t *der3 = nullptr;
3301 long der3_len = i2d_X509(cert3, &der3);
3302 ASSERT_LT(0, der3_len);
3303 bssl::UniquePtr<uint8_t> free_der3(der3);
3304
3305 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3306 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3307 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3308}
3309
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3310TEST(SSLTest, SetChainAndKeyMismatch) {
3311 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3312 ASSERT_TRUE(ctx);
3313
3314 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3315 ASSERT_TRUE(key);
3316 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3317 ASSERT_TRUE(leaf);
3318 std::vector<CRYPTO_BUFFER*> chain = {
3319 leaf.get(),
3320 };
3321
3322 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3323 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3324 key.get(), nullptr));
3325 ERR_clear_error();
3326}
3327
3328TEST(SSLTest, SetChainAndKey) {
3329 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3330 ASSERT_TRUE(client_ctx);
3331 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3332 ASSERT_TRUE(server_ctx);
3333
3334 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3335 ASSERT_TRUE(key);
3336 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3337 ASSERT_TRUE(leaf);
3338 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3339 GetChainTestIntermediateBuffer();
3340 ASSERT_TRUE(intermediate);
3341 std::vector<CRYPTO_BUFFER*> chain = {
3342 leaf.get(), intermediate.get(),
3343 };
3344 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3345 chain.size(), key.get(), nullptr));
3346
David Benjamin3a1dd462017-07-11 16:13:10 -0400[diff] [blame]3347 SSL_CTX_set_custom_verify(
3348 client_ctx.get(), SSL_VERIFY_PEER,
3349 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3350 return ssl_verify_ok;
3351 });
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3352
3353 bssl::UniquePtr<SSL> client, server;
3354 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3355 server_ctx.get(),
3356 nullptr /* no session */));
3357}
3358
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3359TEST(SSLTest, ClientCABuffers) {
3360 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3361 ASSERT_TRUE(client_ctx);
3362 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3363 ASSERT_TRUE(server_ctx);
3364
3365 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3366 ASSERT_TRUE(key);
3367 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3368 ASSERT_TRUE(leaf);
3369 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3370 GetChainTestIntermediateBuffer();
3371 ASSERT_TRUE(intermediate);
3372 std::vector<CRYPTO_BUFFER *> chain = {
3373 leaf.get(),
3374 intermediate.get(),
3375 };
3376 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3377 chain.size(), key.get(), nullptr));
3378
3379 bssl::UniquePtr<CRYPTO_BUFFER> ca_name(
3380 CRYPTO_BUFFER_new(kTestName, sizeof(kTestName), nullptr));
3381 ASSERT_TRUE(ca_name);
3382 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names(
3383 sk_CRYPTO_BUFFER_new_null());
3384 ASSERT_TRUE(ca_names);
3385 ASSERT_TRUE(sk_CRYPTO_BUFFER_push(ca_names.get(), ca_name.get()));
3386 ca_name.release();
3387 SSL_CTX_set0_client_CAs(server_ctx.get(), ca_names.release());
3388
3389 // Configure client and server to accept all certificates.
3390 SSL_CTX_set_custom_verify(
3391 client_ctx.get(), SSL_VERIFY_PEER,
3392 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3393 return ssl_verify_ok;
3394 });
3395 SSL_CTX_set_custom_verify(
3396 server_ctx.get(), SSL_VERIFY_PEER,
3397 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3398 return ssl_verify_ok;
3399 });
3400
3401 bool cert_cb_called = false;
3402 SSL_CTX_set_cert_cb(
3403 client_ctx.get(),
3404 [](SSL *ssl, void *arg) -> int {
3405 STACK_OF(CRYPTO_BUFFER) *peer_names =
3406 SSL_get0_server_requested_CAs(ssl);
3407 EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
3408 CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
3409 EXPECT_EQ(Bytes(kTestName), Bytes(CRYPTO_BUFFER_data(peer_name),
3410 CRYPTO_BUFFER_len(peer_name)));
3411 *reinterpret_cast<bool *>(arg) = true;
3412 return 1;
3413 },
3414 &cert_cb_called);
3415
3416 bssl::UniquePtr<SSL> client, server;
3417 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3418 server_ctx.get(),
3419 nullptr /* no session */));
3420 EXPECT_TRUE(cert_cb_called);
3421}
3422
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3423// Configuring the empty cipher list, though an error, should still modify the
3424// configuration.
3425TEST(SSLTest, EmptyCipherList) {
3426 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3427 ASSERT_TRUE(ctx);
3428
3429 // Initially, the cipher list is not empty.
3430 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3431
3432 // Configuring the empty cipher list fails.
3433 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3434 ERR_clear_error();
3435
3436 // But the cipher list is still updated to empty.
3437 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3438}
3439
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3440// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3441// test |SSL_TICKET_AEAD_METHOD| can fail.
3442enum ssl_test_ticket_aead_failure_mode {
3443 ssl_test_ticket_aead_ok = 0,
3444 ssl_test_ticket_aead_seal_fail,
3445 ssl_test_ticket_aead_open_soft_fail,
3446 ssl_test_ticket_aead_open_hard_fail,
3447};
3448
3449struct ssl_test_ticket_aead_state {
3450 unsigned retry_count;
3451 ssl_test_ticket_aead_failure_mode failure_mode;
3452};
3453
3454static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3455 const CRYPTO_EX_DATA *from,
3456 void **from_d, int index,
3457 long argl, void *argp) {
3458 abort();
3459}
3460
3461static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3462 CRYPTO_EX_DATA *ad, int index,
3463 long argl, void *argp) {
3464 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3465 if (state == nullptr) {
3466 return;
3467 }
3468
3469 OPENSSL_free(state);
3470}
3471
3472static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3473static int g_ssl_test_ticket_aead_ex_index;
3474
3475static int ssl_test_ticket_aead_get_ex_index() {
3476 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3477 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3478 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3479 ssl_test_ticket_aead_ex_index_free);
3480 });
3481 return g_ssl_test_ticket_aead_ex_index;
3482}
3483
3484static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3485 return 1;
3486}
3487
3488static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3489 size_t max_out_len, const uint8_t *in,
3490 size_t in_len) {
3491 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3492 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3493
3494 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3495 max_out_len < in_len + 1) {
3496 return 0;
3497 }
3498
3499 OPENSSL_memmove(out, in, in_len);
3500 out[in_len] = 0xff;
3501 *out_len = in_len + 1;
3502
3503 return 1;
3504}
3505
3506static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3507 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3508 const uint8_t *in, size_t in_len) {
3509 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3510 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3511
3512 if (state->retry_count > 0) {
3513 state->retry_count--;
3514 return ssl_ticket_aead_retry;
3515 }
3516
3517 switch (state->failure_mode) {
3518 case ssl_test_ticket_aead_ok:
3519 break;
3520 case ssl_test_ticket_aead_seal_fail:
3521 // If |seal| failed then there shouldn't be any ticket to try and
3522 // decrypt.
3523 abort();
3524 break;
3525 case ssl_test_ticket_aead_open_soft_fail:
3526 return ssl_ticket_aead_ignore_ticket;
3527 case ssl_test_ticket_aead_open_hard_fail:
3528 return ssl_ticket_aead_error;
3529 }
3530
3531 if (in_len == 0 || in[in_len - 1] != 0xff) {
3532 return ssl_ticket_aead_ignore_ticket;
3533 }
3534
3535 if (max_out_len < in_len - 1) {
3536 return ssl_ticket_aead_error;
3537 }
3538
3539 OPENSSL_memmove(out, in, in_len - 1);
3540 *out_len = in_len - 1;
3541 return ssl_ticket_aead_success;
3542}
3543
3544static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3545 ssl_test_ticket_aead_max_overhead,
3546 ssl_test_ticket_aead_seal,
3547 ssl_test_ticket_aead_open,
3548};
3549
3550static void ConnectClientAndServerWithTicketMethod(
3551 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3552 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3553 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3554 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3555 ASSERT_TRUE(client);
3556 ASSERT_TRUE(server);
3557 SSL_set_connect_state(client.get());
3558 SSL_set_accept_state(server.get());
3559
3560 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3561 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3562 ASSERT_TRUE(state);
3563 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3564 state->retry_count = retry_count;
3565 state->failure_mode = failure_mode;
3566
3567 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3568 state));
3569
3570 SSL_set_session(client.get(), session);
3571
3572 BIO *bio1, *bio2;
3573 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3574
3575 // SSL_set_bio takes ownership.
3576 SSL_set_bio(client.get(), bio1, bio1);
3577 SSL_set_bio(server.get(), bio2, bio2);
3578
3579 if (CompleteHandshakes(client.get(), server.get())) {
3580 *out_client = std::move(client);
3581 *out_server = std::move(server);
3582 } else {
3583 out_client->reset();
3584 out_server->reset();
3585 }
3586}
3587
3588class TicketAEADMethodTest
3589 : public ::testing::TestWithParam<testing::tuple<
3590 uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>> {};
3591
3592TEST_P(TicketAEADMethodTest, Resume) {
3593 bssl::UniquePtr<X509> cert = GetTestCertificate();
3594 ASSERT_TRUE(cert);
3595 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3596 ASSERT_TRUE(key);
3597
3598 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3599 ASSERT_TRUE(server_ctx);
3600 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3601 ASSERT_TRUE(client_ctx);
3602
3603 const uint16_t version = testing::get<0>(GetParam());
3604 const unsigned retry_count = testing::get<1>(GetParam());
3605 const ssl_test_ticket_aead_failure_mode failure_mode =
3606 testing::get<2>(GetParam());
3607
3608 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3609 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3610 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3611 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3612 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3613 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3614
3615 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3616 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3617 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3618 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3619 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3620
3621 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3622
3623 bssl::UniquePtr<SSL> client, server;
3624 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3625 server_ctx.get(), retry_count,
3626 failure_mode, nullptr);
3627 switch (failure_mode) {
3628 case ssl_test_ticket_aead_ok:
3629 case ssl_test_ticket_aead_open_hard_fail:
3630 case ssl_test_ticket_aead_open_soft_fail:
3631 ASSERT_TRUE(client);
3632 break;
3633 case ssl_test_ticket_aead_seal_fail:
3634 EXPECT_FALSE(client);
3635 return;
3636 }
3637 EXPECT_FALSE(SSL_session_reused(client.get()));
3638 EXPECT_FALSE(SSL_session_reused(server.get()));
3639
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3640 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3641 SSL_read(client.get(), nullptr, 0);
3642
3643 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3644 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3645 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3646 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3647 switch (failure_mode) {
3648 case ssl_test_ticket_aead_ok:
3649 ASSERT_TRUE(client);
3650 EXPECT_TRUE(SSL_session_reused(client.get()));
3651 EXPECT_TRUE(SSL_session_reused(server.get()));
3652 break;
3653 case ssl_test_ticket_aead_seal_fail:
3654 abort();
3655 break;
3656 case ssl_test_ticket_aead_open_hard_fail:
3657 EXPECT_FALSE(client);
3658 break;
3659 case ssl_test_ticket_aead_open_soft_fail:
3660 ASSERT_TRUE(client);
3661 EXPECT_FALSE(SSL_session_reused(client.get()));
3662 EXPECT_FALSE(SSL_session_reused(server.get()));
3663 }
3664}
3665
3666INSTANTIATE_TEST_CASE_P(
3667 TicketAEADMethodTests, TicketAEADMethodTest,
3668 testing::Combine(
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3669 testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3670 testing::Values(0, 1, 2),
3671 testing::Values(ssl_test_ticket_aead_ok,
3672 ssl_test_ticket_aead_seal_fail,
3673 ssl_test_ticket_aead_open_soft_fail,
3674 ssl_test_ticket_aead_open_hard_fail)));
3675
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3676TEST(SSLTest, SSL3Method) {
3677 bssl::UniquePtr<X509> cert = GetTestCertificate();
3678 ASSERT_TRUE(cert);
3679
3680 // For compatibility, SSLv3_method should work up to SSL_CTX_new and SSL_new.
3681 bssl::UniquePtr<SSL_CTX> ssl3_ctx(SSL_CTX_new(SSLv3_method()));
3682 ASSERT_TRUE(ssl3_ctx);
3683 ASSERT_TRUE(SSL_CTX_use_certificate(ssl3_ctx.get(), cert.get()));
3684 bssl::UniquePtr<SSL> ssl(SSL_new(ssl3_ctx.get()));
3685 EXPECT_TRUE(ssl);
3686
3687 // Create a normal TLS context to test against.
3688 bssl::UniquePtr<SSL_CTX> tls_ctx(SSL_CTX_new(TLS_method()));
3689 ASSERT_TRUE(tls_ctx);
3690 ASSERT_TRUE(SSL_CTX_use_certificate(tls_ctx.get(), cert.get()));
3691
3692 // However, handshaking an SSLv3_method server should fail to resolve the
3693 // version range. Explicit calls to SSL_CTX_set_min_proto_version are the only
3694 // way to enable SSL 3.0.
3695 bssl::UniquePtr<SSL> client, server;
3696 EXPECT_FALSE(ConnectClientAndServer(&client, &server, tls_ctx.get(),
3697 ssl3_ctx.get(),
3698 nullptr /* no session */));
3699 uint32_t err = ERR_get_error();
3700 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3701 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3702
3703 // Likewise for SSLv3_method clients.
3704 EXPECT_FALSE(ConnectClientAndServer(&client, &server, ssl3_ctx.get(),
3705 tls_ctx.get(),
3706 nullptr /* no session */));
3707 err = ERR_get_error();
3708 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3709 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3710}
3711
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]3712TEST(SSLTest, SelectNextProto) {
3713 uint8_t *result;
3714 uint8_t result_len;
3715
3716 // If there is an overlap, it should be returned.
3717 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3718 SSL_select_next_proto(&result, &result_len,
3719 (const uint8_t *)"\1a\2bb\3ccc", 9,
3720 (const uint8_t *)"\1x\1y\1a\1z", 8));
3721 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3722
3723 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3724 SSL_select_next_proto(&result, &result_len,
3725 (const uint8_t *)"\1a\2bb\3ccc", 9,
3726 (const uint8_t *)"\1x\1y\2bb\1z", 9));
3727 EXPECT_EQ(Bytes("bb"), Bytes(result, result_len));
3728
3729 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3730 SSL_select_next_proto(&result, &result_len,
3731 (const uint8_t *)"\1a\2bb\3ccc", 9,
3732 (const uint8_t *)"\1x\1y\3ccc\1z", 10));
3733 EXPECT_EQ(Bytes("ccc"), Bytes(result, result_len));
3734
3735 // Peer preference order takes precedence over local.
3736 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3737 SSL_select_next_proto(&result, &result_len,
3738 (const uint8_t *)"\1a\2bb\3ccc", 9,
3739 (const uint8_t *)"\3ccc\2bb\1a", 9));
3740 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3741
3742 // If there is no overlap, return the first local protocol.
3743 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3744 SSL_select_next_proto(&result, &result_len,
3745 (const uint8_t *)"\1a\2bb\3ccc", 9,
3746 (const uint8_t *)"\1x\2yy\3zzz", 9));
3747 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3748
3749 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3750 SSL_select_next_proto(&result, &result_len, nullptr, 0,
3751 (const uint8_t *)"\1x\2yy\3zzz", 9));
3752 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3753}
3754
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3755TEST(SSLTest, SealRecord) {
3756 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3757 server_ctx(SSL_CTX_new(TLS_method()));
3758 ASSERT_TRUE(client_ctx);
3759 ASSERT_TRUE(server_ctx);
3760
3761 bssl::UniquePtr<X509> cert = GetTestCertificate();
3762 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3763 ASSERT_TRUE(cert);
3764 ASSERT_TRUE(key);
3765 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3766 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3767
3768 bssl::UniquePtr<SSL> client, server;
3769 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3770 server_ctx.get(),
3771 nullptr /* no session */));
3772
3773 const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3774 std::vector<uint8_t> prefix(
3775 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3776 body(record.size()),
3777 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3778 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3779 bssl::MakeSpan(body), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3780 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3781
3782 std::vector<uint8_t> sealed;
3783 sealed.insert(sealed.end(), prefix.begin(), prefix.end());
3784 sealed.insert(sealed.end(), body.begin(), body.end());
3785 sealed.insert(sealed.end(), suffix.begin(), suffix.end());
3786 std::vector<uint8_t> sealed_copy = sealed;
3787
3788 bssl::Span<uint8_t> plaintext;
3789 size_t record_len;
3790 uint8_t alert = 255;
3791 EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
3792 bssl::MakeSpan(sealed)),
3793 bssl::OpenRecordResult::kOK);
3794 EXPECT_EQ(record_len, sealed.size());
3795 EXPECT_EQ(plaintext, record);
3796 EXPECT_EQ(255, alert);
3797}
3798
3799TEST(SSLTest, SealRecordInPlace) {
3800 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3801 server_ctx(SSL_CTX_new(TLS_method()));
3802 ASSERT_TRUE(client_ctx);
3803 ASSERT_TRUE(server_ctx);
3804
3805 bssl::UniquePtr<X509> cert = GetTestCertificate();
3806 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3807 ASSERT_TRUE(cert);
3808 ASSERT_TRUE(key);
3809 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3810 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3811
3812 bssl::UniquePtr<SSL> client, server;
3813 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3814 server_ctx.get(),
3815 nullptr /* no session */));
3816
3817 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3818 std::vector<uint8_t> record = plaintext;
3819 std::vector<uint8_t> prefix(
3820 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3821 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3822 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3823 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3824 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3825 record.insert(record.begin(), prefix.begin(), prefix.end());
3826 record.insert(record.end(), suffix.begin(), suffix.end());
3827
3828 bssl::Span<uint8_t> result;
3829 size_t record_len;
3830 uint8_t alert;
3831 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3832 bssl::MakeSpan(record)),
3833 bssl::OpenRecordResult::kOK);
3834 EXPECT_EQ(record_len, record.size());
3835 EXPECT_EQ(plaintext, result);
3836}
3837
3838TEST(SSLTest, SealRecordTrailingData) {
3839 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3840 server_ctx(SSL_CTX_new(TLS_method()));
3841 ASSERT_TRUE(client_ctx);
3842 ASSERT_TRUE(server_ctx);
3843
3844 bssl::UniquePtr<X509> cert = GetTestCertificate();
3845 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3846 ASSERT_TRUE(cert);
3847 ASSERT_TRUE(key);
3848 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3849 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3850
3851 bssl::UniquePtr<SSL> client, server;
3852 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3853 server_ctx.get(),
3854 nullptr /* no session */));
3855
3856 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3857 std::vector<uint8_t> record = plaintext;
3858 std::vector<uint8_t> prefix(
3859 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3860 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3861 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3862 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3863 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3864 record.insert(record.begin(), prefix.begin(), prefix.end());
3865 record.insert(record.end(), suffix.begin(), suffix.end());
3866 record.insert(record.end(), {5, 4, 3, 2, 1});
3867
3868 bssl::Span<uint8_t> result;
3869 size_t record_len;
3870 uint8_t alert;
3871 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3872 bssl::MakeSpan(record)),
3873 bssl::OpenRecordResult::kOK);
3874 EXPECT_EQ(record_len, record.size() - 5);
3875 EXPECT_EQ(plaintext, result);
3876}
3877
3878TEST(SSLTest, SealRecordInvalidSpanSize) {
3879 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3880 server_ctx(SSL_CTX_new(TLS_method()));
3881 ASSERT_TRUE(client_ctx);
3882 ASSERT_TRUE(server_ctx);
3883
3884 bssl::UniquePtr<X509> cert = GetTestCertificate();
3885 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3886 ASSERT_TRUE(cert);
3887 ASSERT_TRUE(key);
3888 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3889 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3890
3891 bssl::UniquePtr<SSL> client, server;
3892 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3893 server_ctx.get(),
3894 nullptr /* no session */));
3895
3896 std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3897 std::vector<uint8_t> prefix(
3898 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3899 body(record.size()),
3900 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3901
3902 auto expect_err = []() {
3903 int err = ERR_get_error();
3904 EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
3905 EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
3906 ERR_clear_error();
3907 };
3908 EXPECT_FALSE(bssl::SealRecord(
3909 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3910 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3911 expect_err();
3912 EXPECT_FALSE(bssl::SealRecord(
3913 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3914 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3915 expect_err();
3916
3917 EXPECT_FALSE(
3918 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3919 bssl::MakeSpan(record.data(), record.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3920 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3921 expect_err();
3922 EXPECT_FALSE(
3923 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3924 bssl::MakeSpan(record.data(), record.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3925 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3926 expect_err();
3927
3928 EXPECT_FALSE(bssl::SealRecord(
3929 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3930 bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3931 expect_err();
3932 EXPECT_FALSE(bssl::SealRecord(
3933 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3934 bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3935 expect_err();
3936}
3937
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3938// TODO(davidben): Convert this file to GTest properly.
3939TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]3940 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3941 !TestSSL_SESSIONEncoding(kCustomSession) ||
3942 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3943 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3944 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3945 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3946 // Test the padding extension at TLS 1.2.
3947 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3948 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3949 // will be no PSK binder after the padding extension.
3950 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3951 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3952 // will be a PSK binder after the padding extension.
3953 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3954 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3955 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3956 !ForEachVersion(TestGetPeerCertificate) ||
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]3957 !ForEachVersion(TestNoPeerCertificate) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3958 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3959 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3960 !ForEachVersion(TestSessionIDContext) ||
3961 !ForEachVersion(TestSessionTimeout) ||
3962 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3963 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3964 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3965 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3966 !ForEachVersion(TestAutoChain) ||
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]3967 !ForEachVersion(TestSSLWriteRetry) ||
3968 !ForEachVersion(TestRecordCallback)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3969 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3970 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3971}