Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / ddb57cfb51fa754a54a319d71927ab81033f9e15 / . / ssl / ssl_test.cc
blob: 0f2a33cfddb3491508f2afcfeee7fd0afa79c024 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]43// Windows defines struct timeval in winsock2.h.
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]52namespace bssl {
53
54namespace {
55
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]56#define TRACED_CALL(code) \
57 do { \
58 SCOPED_TRACE("<- called from here"); \
59 code; \
60 if (::testing::Test::HasFatalFailure()) { \
61 return; \
62 } \
63 } while (false)
64
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]65struct VersionParam {
66 uint16_t version;
67 enum { is_tls, is_dtls } ssl_method;
68 const char name[8];
69};
70
71static const size_t kTicketKeyLen = 48;
72
73static const VersionParam kAllVersions[] = {
74 {SSL3_VERSION, VersionParam::is_tls, "SSL3"},
75 {TLS1_VERSION, VersionParam::is_tls, "TLS1"},
76 {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"},
77 {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"},
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]78 {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"},
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]79 {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"},
80 {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"},
81};
82
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]83struct ExpectedCipher {
84 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]85 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]86};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]87
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]88struct CipherTest {
89 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]90 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]91 // The list of expected ciphers, in order.
92 std::vector<ExpectedCipher> expected;
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]93 // True if this cipher list should fail in strict mode.
94 bool strict_fail;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]95};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]96
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]97struct CurveTest {
98 // The rule string to apply.
99 const char *rule;
100 // The list of expected curves, in order.
101 std::vector<uint16_t> expected;
102};
103
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]104static const CipherTest kCipherTests[] = {
105 // Selecting individual ciphers should work.
106 {
107 "ECDHE-ECDSA-CHACHA20-POLY1305:"
108 "ECDHE-RSA-CHACHA20-POLY1305:"
109 "ECDHE-ECDSA-AES128-GCM-SHA256:"
110 "ECDHE-RSA-AES128-GCM-SHA256",
111 {
112 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]113 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]114 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
115 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
116 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]117 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]118 },
119 // + reorders selected ciphers to the end, keeping their relative order.
120 {
121 "ECDHE-ECDSA-CHACHA20-POLY1305:"
122 "ECDHE-RSA-CHACHA20-POLY1305:"
123 "ECDHE-ECDSA-AES128-GCM-SHA256:"
124 "ECDHE-RSA-AES128-GCM-SHA256:"
125 "+aRSA",
126 {
127 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]128 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
129 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]130 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
131 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]132 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]133 },
134 // ! banishes ciphers from future selections.
135 {
136 "!aRSA:"
137 "ECDHE-ECDSA-CHACHA20-POLY1305:"
138 "ECDHE-RSA-CHACHA20-POLY1305:"
139 "ECDHE-ECDSA-AES128-GCM-SHA256:"
140 "ECDHE-RSA-AES128-GCM-SHA256",
141 {
142 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]143 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
144 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]145 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]146 },
147 // Multiple masks can be ANDed in a single rule.
148 {
149 "kRSA+AESGCM+AES128",
150 {
151 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
152 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]153 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]154 },
155 // - removes selected ciphers, but preserves their order for future
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]156 // selections. Select AES_128_GCM, but order the key exchanges RSA,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]157 // ECDHE_RSA.
158 {
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]159 "ALL:-kECDHE:"
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]160 "-kRSA:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 "AESGCM+AES128+aRSA",
162 {
163 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]164 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
165 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]166 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]167 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]168 // Unknown selectors are no-ops, except in strict mode.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]169 {
170 "ECDHE-ECDSA-CHACHA20-POLY1305:"
171 "ECDHE-RSA-CHACHA20-POLY1305:"
172 "ECDHE-ECDSA-AES128-GCM-SHA256:"
173 "ECDHE-RSA-AES128-GCM-SHA256:"
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]174 "BOGUS1",
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]175 {
176 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]177 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]178 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
179 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
180 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]181 true,
182 },
183 // Unknown selectors are no-ops, except in strict mode.
184 {
185 "ECDHE-ECDSA-CHACHA20-POLY1305:"
186 "ECDHE-RSA-CHACHA20-POLY1305:"
187 "ECDHE-ECDSA-AES128-GCM-SHA256:"
188 "ECDHE-RSA-AES128-GCM-SHA256:"
189 "-BOGUS2:+BOGUS3:!BOGUS4",
190 {
191 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
192 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
193 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
194 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
195 },
196 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]197 },
198 // Square brackets specify equi-preference groups.
199 {
200 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
201 "[ECDHE-RSA-CHACHA20-POLY1305]:"
202 "ECDHE-RSA-AES128-GCM-SHA256",
203 {
204 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]205 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]206 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]207 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
208 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]209 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]210 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]211 // Standard names may be used instead of OpenSSL names.
212 {
213 "[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]214 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]215 "[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
216 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
217 {
218 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
219 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
220 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
221 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
222 },
223 false,
224 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]225 // @STRENGTH performs a stable strength-sort of the selected ciphers and
226 // only the selected ciphers.
227 {
228 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]229 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
Matthew Braithwaitecedc6f12017-03-15 19:20:23 -0700[diff] [blame]230 "!AESGCM:!3DES:!SHA256:!SHA384:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]231 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]232 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]233 // Select ECDHE ones and sort them by strength. Ties should resolve
234 // based on the order above.
235 "kECDHE:@STRENGTH:-ALL:"
236 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
237 // by strength. Then RSA, backwards by strength.
238 "aRSA",
239 {
240 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
241 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]242 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]243 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
244 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
245 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]246 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]247 },
David Benjaminbf5f1922017-07-01 11:13:53 -0400[diff] [blame]248 // Additional masks after @STRENGTH get silently discarded.
249 //
250 // TODO(davidben): Make this an error. If not silently discarded, they get
251 // interpreted as + opcodes which are very different.
252 {
253 "ECDHE-RSA-AES128-GCM-SHA256:"
254 "ECDHE-RSA-AES256-GCM-SHA384:"
255 "@STRENGTH+AES256",
256 {
257 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
258 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
259 },
260 false,
261 },
262 {
263 "ECDHE-RSA-AES128-GCM-SHA256:"
264 "ECDHE-RSA-AES256-GCM-SHA384:"
265 "@STRENGTH+AES256:"
266 "ECDHE-RSA-CHACHA20-POLY1305",
267 {
268 {TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
269 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
270 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
271 },
272 false,
273 },
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]274 // Exact ciphers may not be used in multi-part rules; they are treated
275 // as unknown aliases.
276 {
277 "ECDHE-ECDSA-AES128-GCM-SHA256:"
278 "ECDHE-RSA-AES128-GCM-SHA256:"
279 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
280 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
281 {
282 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
283 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
284 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]285 true,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]286 },
287 // SSLv3 matches everything that existed before TLS 1.2.
288 {
289 "AES128-SHA:AES128-SHA256:!SSLv3",
290 {
291 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
292 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]293 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]294 },
295 // TLSv1.2 matches everything added in TLS 1.2.
296 {
297 "AES128-SHA:AES128-SHA256:!TLSv1.2",
298 {
299 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
300 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]301 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]302 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]303 // The two directives have no intersection. But each component is valid, so
304 // even in strict mode it is accepted.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]305 {
306 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
307 {
308 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
309 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
310 },
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]311 false,
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]312 },
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]313 // Spaces, semi-colons and commas are separators.
314 {
315 "AES128-SHA: AES128-SHA256 AES256-SHA ,AES256-SHA256 ; AES128-GCM-SHA256",
316 {
317 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
318 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
319 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
320 {TLS1_CK_RSA_WITH_AES_256_SHA256, 0},
321 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
322 },
323 // …but not in strict mode.
324 true,
325 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]326};
327
328static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]329 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]330 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
331 "RSA]",
332 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]333 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]334 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]335 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]336 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]337 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]338 "",
339 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]340 // COMPLEMENTOFDEFAULT is empty.
341 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]342 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]343 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]344 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]345 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
346 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
347 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
348 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]349 // Opcode supplied, but missing selector.
350 "+",
Adam Langley22df6912017-07-25 12:27:37 -0700[diff] [blame]351 // Spaces are forbidden in equal-preference groups.
352 "[AES128-SHA | AES128-SHA256]",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]353};
354
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]355static const char *kMustNotIncludeNull[] = {
356 "ALL",
357 "DEFAULT",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]358 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]359 "FIPS",
360 "SHA",
361 "SHA1",
362 "RSA",
363 "SSLv3",
364 "TLSv1",
365 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]366};
367
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]368static const CurveTest kCurveTests[] = {
369 {
370 "P-256",
371 { SSL_CURVE_SECP256R1 },
372 },
373 {
374 "P-256:P-384:P-521:X25519",
375 {
376 SSL_CURVE_SECP256R1,
377 SSL_CURVE_SECP384R1,
378 SSL_CURVE_SECP521R1,
379 SSL_CURVE_X25519,
380 },
381 },
David Benjamin6dda1662017-11-02 20:44:26 -0400[diff] [blame]382 {
383 "prime256v1:secp384r1:secp521r1:x25519",
384 {
385 SSL_CURVE_SECP256R1,
386 SSL_CURVE_SECP384R1,
387 SSL_CURVE_SECP521R1,
388 SSL_CURVE_X25519,
389 },
390 },
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]391};
392
393static const char *kBadCurvesLists[] = {
394 "",
395 ":",
396 "::",
397 "P-256::X25519",
398 "RSA:P-256",
399 "P-256:RSA",
400 "X25519:P-256:",
401 ":X25519:P-256",
402};
403
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]404static std::string CipherListToString(SSL_CTX *ctx) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]405 bool in_group = false;
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]406 std::string ret;
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]407 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
408 for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
409 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
410 if (!in_group && SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]411 ret += "\t[\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]412 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]413 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]414 ret += "\t";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]415 if (in_group) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]416 ret += " ";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]417 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]418 ret += SSL_CIPHER_get_name(cipher);
419 ret += "\n";
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]420 if (in_group && !SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]421 ret += "\t]\n";
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]422 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]423 }
424 }
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]425 return ret;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]426}
427
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]428static bool CipherListsEqual(SSL_CTX *ctx,
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]429 const std::vector<ExpectedCipher> &expected) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]430 const STACK_OF(SSL_CIPHER) *ciphers = SSL_CTX_get_ciphers(ctx);
431 if (sk_SSL_CIPHER_num(ciphers) != expected.size()) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]432 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]433 }
434
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]435 for (size_t i = 0; i < expected.size(); i++) {
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]436 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]437 if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]438 expected[i].in_group_flag != !!SSL_CTX_cipher_in_group(ctx, i)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]439 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]440 }
441 }
442
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]443 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]444}
445
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]446TEST(SSLTest, CipherRules) {
447 for (const CipherTest &t : kCipherTests) {
448 SCOPED_TRACE(t.rule);
449 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
450 ASSERT_TRUE(ctx);
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]451
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]452 // Test lax mode.
453 ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]454 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]455 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]456 << CipherListToString(ctx.get());
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]457
458 // Test strict mode.
459 if (t.strict_fail) {
460 EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
461 } else {
462 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]463 EXPECT_TRUE(CipherListsEqual(ctx.get(), t.expected))
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]464 << "Cipher rule evaluated to:\n"
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]465 << CipherListToString(ctx.get());
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]466 }
467 }
468
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]469 for (const char *rule : kBadRules) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]470 SCOPED_TRACE(rule);
471 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
472 ASSERT_TRUE(ctx);
473
474 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]475 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]476 }
477
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]478 for (const char *rule : kMustNotIncludeNull) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]479 SCOPED_TRACE(rule);
480 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
481 ASSERT_TRUE(ctx);
482
483 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
David Benjamin70dbf042017-08-08 18:51:37 -0400[diff] [blame]484 for (const SSL_CIPHER *cipher : SSL_CTX_get_ciphers(ctx.get())) {
David Benjamine3bb51c2017-08-22 23:16:02 -0700[diff] [blame]485 EXPECT_NE(NID_undef, SSL_CIPHER_get_cipher_nid(cipher));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]486 }
487 }
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]488}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]489
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]490TEST(SSLTest, CurveRules) {
491 for (const CurveTest &t : kCurveTests) {
492 SCOPED_TRACE(t.rule);
493 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
494 ASSERT_TRUE(ctx);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]495
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]496 ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
497 ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
498 for (size_t i = 0; i < t.expected.size(); i++) {
499 EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]500 }
501 }
502
503 for (const char *rule : kBadCurvesLists) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]504 SCOPED_TRACE(rule);
505 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
506 ASSERT_TRUE(ctx);
507
508 EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]509 ERR_clear_error();
510 }
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]511}
512
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]513// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]514static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]515 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]516 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
517 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
518 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
519 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
520 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
521 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
522 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
523 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
524 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
525 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
526 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
527 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
528 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
529 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
530 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
531 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
532 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
533 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
534 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
535 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
536 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
537 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
538 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
539 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
540 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
541 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
542 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
543 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
544 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]545 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]546
547// kCustomSession is a custom serialized SSL_SESSION generated by
548// filling in missing fields from |kOpenSSLSession|. This includes
549// providing |peer_sha256|, so |peer| is not serialized.
550static const char kCustomSession[] =
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]551 "MIIBZAIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]552 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]553 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUqAcEBXdvcmxkqQUCAwGJwKqBpwSB"
554 "pBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38"
555 "VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd"
556 "3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hg"
557 "b+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYGBgYGBgYGBgYGBgYGBgYGBgYG"
558 "BgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]559
560// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
561static const char kBoringSSLSession[] =
562 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
563 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
564 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
565 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
566 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
567 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
568 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
569 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
570 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
571 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
572 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
573 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
574 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
575 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
576 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
577 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
578 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
579 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
580 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
581 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
582 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
583 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
584 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
585 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
586 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
587 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
588 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
589 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
590 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
591 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
592 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
593 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
594 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
595 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
596 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
597 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
598 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
599 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
600 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
601 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
602 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
603 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
604 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
605 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
606 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
607 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
608 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
609 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
610 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
611 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
612 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
613 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
614 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
615 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
616 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
617 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
618 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
619 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
620 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
621 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
622 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
623 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
624 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
625 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
626 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
627 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
628 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
629 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
630 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
631 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
632 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
633 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
634 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
635 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
636 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
637 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
638 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
639 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
640 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
641 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
642 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
643 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
644 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
645 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
646 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
647 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
648 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
649 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
650 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
651 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
652 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
653 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
654 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
655 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
656 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
657
658// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
659// the final (optional) element of |kCustomSession| with tag number 30.
660static const char kBadSessionExtraField[] =
661 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
662 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
663 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
664 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
665 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
666 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
667 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
668 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
669
670// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
671// the version of |kCustomSession| with 2.
672static const char kBadSessionVersion[] =
673 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
674 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
675 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
676 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
677 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
678 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
679 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
680 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
681
682// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
683// appended.
684static const char kBadSessionTrailingData[] =
685 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
686 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
687 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
688 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
689 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
690 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
691 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
692 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
693
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]695 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]696 if (!EVP_DecodedLength(&len, strlen(in))) {
697 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 }
700
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]701 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]702 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]703 strlen(in))) {
704 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]705 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]706 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]707 out->resize(len);
708 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]709}
710
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]711static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]712 const uint8_t *cptr;
713 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]714
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]715 // Decode the input.
716 std::vector<uint8_t> input;
717 if (!DecodeBase64(&input, input_b64)) {
718 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]719 }
720
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]721 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]722 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
723 if (!ssl_ctx) {
724 return false;
725 }
726 bssl::UniquePtr<SSL_SESSION> session(
727 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]728 if (!session) {
729 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]730 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]731 }
732
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]733 // Verify the SSL_SESSION encoding round-trips.
734 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]735 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]736 uint8_t *encoded_raw;
737 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]738 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]740 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]741 encoded.reset(encoded_raw);
742 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]743 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]744 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]745 hexdump(stderr, "Before: ", input.data(), input.size());
746 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]747 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]748 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]749
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]750 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]751 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]752 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]753 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]754 fprintf(stderr, "d2i_SSL_SESSION failed\n");
755 return false;
756 }
757
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]758 // Verify the SSL_SESSION encoding round-trips via the legacy API.
759 int len = i2d_SSL_SESSION(session.get(), NULL);
760 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]761 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]762 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]763 }
764
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]765 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
766 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]767 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]768 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]769 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]770
771 ptr = encoded.get();
772 len = i2d_SSL_SESSION(session.get(), &ptr);
773 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]774 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]775 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]776 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]777 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]778 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]779 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]780 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]781 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]782 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]783 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]784 }
785
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]786 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]787}
788
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]789static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
790 std::vector<uint8_t> input;
791 if (!DecodeBase64(&input, input_b64)) {
792 return false;
793 }
794
795 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]796 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
797 if (!ssl_ctx) {
798 return false;
799 }
800 bssl::UniquePtr<SSL_SESSION> session(
801 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]802 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]803 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]804 return false;
805 }
806 ERR_clear_error();
807 return true;
808}
809
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]810static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
811 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]812 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]813 ASSERT_TRUE(ctx);
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]814 EXPECT_EQ(min_version, ctx->conf_min_version);
815 EXPECT_EQ(max_version, ctx->conf_max_version);
David Benjamin321fcdc2017-04-24 11:42:42 -0400[diff] [blame]816}
817
818TEST(SSLTest, DefaultVersion) {
819 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
820 ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
821 ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
822 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
823 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
824 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
825 ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
826 ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]827}
828
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]829TEST(SSLTest, CipherProperties) {
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]830 static const struct {
831 int id;
832 const char *standard_name;
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]833 int cipher_nid;
834 int digest_nid;
835 int kx_nid;
836 int auth_nid;
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]837 int prf_nid;
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]838 } kTests[] = {
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]839 {
840 SSL3_CK_RSA_DES_192_CBC3_SHA,
841 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
842 NID_des_ede3_cbc,
843 NID_sha1,
844 NID_kx_rsa,
845 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]846 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]847 },
848 {
849 TLS1_CK_RSA_WITH_AES_128_SHA,
850 "TLS_RSA_WITH_AES_128_CBC_SHA",
851 NID_aes_128_cbc,
852 NID_sha1,
853 NID_kx_rsa,
854 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]855 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]856 },
857 {
858 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
859 "TLS_PSK_WITH_AES_256_CBC_SHA",
860 NID_aes_256_cbc,
861 NID_sha1,
862 NID_kx_psk,
863 NID_auth_psk,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]864 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]865 },
866 {
867 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
868 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
869 NID_aes_128_cbc,
870 NID_sha256,
871 NID_kx_ecdhe,
872 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]873 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]874 },
875 {
876 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
877 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
878 NID_aes_256_cbc,
879 NID_sha384,
880 NID_kx_ecdhe,
881 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]882 NID_sha384,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]883 },
884 {
885 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
886 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
887 NID_aes_128_gcm,
888 NID_undef,
889 NID_kx_ecdhe,
890 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]891 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]892 },
893 {
894 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
895 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
896 NID_aes_128_gcm,
897 NID_undef,
898 NID_kx_ecdhe,
899 NID_auth_ecdsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]900 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]901 },
902 {
903 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
904 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
905 NID_aes_256_gcm,
906 NID_undef,
907 NID_kx_ecdhe,
908 NID_auth_ecdsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]909 NID_sha384,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]910 },
911 {
912 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
913 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
914 NID_aes_128_cbc,
915 NID_sha1,
916 NID_kx_ecdhe,
917 NID_auth_psk,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]918 NID_md5_sha1,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]919 },
920 {
921 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
922 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
923 NID_chacha20_poly1305,
924 NID_undef,
925 NID_kx_ecdhe,
926 NID_auth_rsa,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]927 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]928 },
929 {
930 TLS1_CK_AES_256_GCM_SHA384,
931 "TLS_AES_256_GCM_SHA384",
932 NID_aes_256_gcm,
933 NID_undef,
934 NID_kx_any,
935 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]936 NID_sha384,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]937 },
938 {
939 TLS1_CK_AES_128_GCM_SHA256,
940 "TLS_AES_128_GCM_SHA256",
941 NID_aes_128_gcm,
942 NID_undef,
943 NID_kx_any,
944 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]945 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]946 },
947 {
948 TLS1_CK_CHACHA20_POLY1305_SHA256,
949 "TLS_CHACHA20_POLY1305_SHA256",
950 NID_chacha20_poly1305,
951 NID_undef,
952 NID_kx_any,
953 NID_auth_any,
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]954 NID_sha256,
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]955 },
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]956 };
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]957
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]958 for (const auto &t : kTests) {
959 SCOPED_TRACE(t.standard_name);
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]960
961 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
962 ASSERT_TRUE(cipher);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]963 EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));
964
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]965 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
966 ASSERT_TRUE(rfc_name);
David Benjamin6fff3862017-06-21 21:07:04 -0400[diff] [blame]967 EXPECT_STREQ(t.standard_name, rfc_name.get());
David Benjamin348f0d82017-08-10 16:06:27 -0400[diff] [blame]968
969 EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher));
970 EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher));
971 EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher));
972 EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher));
David Benjaminb1b76ae2017-09-21 17:03:34 -0400[diff] [blame]973 EXPECT_EQ(t.prf_nid, SSL_CIPHER_get_prf_nid(cipher));
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]974 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]975}
976
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]977// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
978// version and ticket length or nullptr on failure.
979static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
980 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]981 std::vector<uint8_t> der;
982 if (!DecodeBase64(&der, kOpenSSLSession)) {
983 return nullptr;
984 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]985
986 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
987 if (!ssl_ctx) {
988 return nullptr;
989 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]990 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]991 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]992 if (!session) {
993 return nullptr;
994 }
995
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]996 session->ssl_version = version;
997
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]998 // Swap out the ticket for a garbage one.
999 OPENSSL_free(session->tlsext_tick);
1000 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
1001 if (session->tlsext_tick == nullptr) {
1002 return nullptr;
1003 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1004 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1005 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]1006
1007 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]1008#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
1009 session->time = 1234;
1010#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]1011 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]1012#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1013 return session;
1014}
1015
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1016static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1017 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1018 if (!bio) {
1019 return false;
1020 }
1021 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]1022 BIO_up_ref(bio.get());
1023 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1024 int ret = SSL_connect(ssl);
1025 if (ret > 0) {
1026 // SSL_connect should fail without a BIO to write to.
1027 return false;
1028 }
1029 ERR_clear_error();
1030
1031 const uint8_t *client_hello;
1032 size_t client_hello_len;
1033 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
1034 return false;
1035 }
1036 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
1037 return true;
1038}
1039
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1040// GetClientHelloLen creates a client SSL connection with the specified version
1041// and ticket length. It returns the length of the ClientHello, not including
1042// the record header, on success and zero on error.
1043static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
1044 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1045 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1046 bssl::UniquePtr<SSL_SESSION> session =
1047 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1048 if (!ctx || !session) {
1049 return 0;
1050 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1051
1052 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1053 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1054 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Matthew Braithwaitea57dcfb2017-02-17 22:08:23 -0800[diff] [blame]1055 !SSL_set_strict_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1056 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1057 return 0;
1058 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1059
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1060 std::vector<uint8_t> client_hello;
1061 if (!GetClientHello(ssl.get(), &client_hello) ||
1062 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1063 return 0;
1064 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1065
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1066 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1067}
1068
1069struct PaddingTest {
1070 size_t input_len, padded_len;
1071};
1072
1073static const PaddingTest kPaddingTests[] = {
1074 // ClientHellos of length below 0x100 do not require padding.
1075 {0xfe, 0xfe},
1076 {0xff, 0xff},
1077 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
1078 {0x100, 0x200},
1079 {0x123, 0x200},
1080 {0x1fb, 0x200},
1081 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
1082 // padding extension takes a minimum of four bytes plus one required content
1083 // byte. (To work around yet more server bugs, we avoid empty final
1084 // extensions.)
1085 {0x1fc, 0x201},
1086 {0x1fd, 0x202},
1087 {0x1fe, 0x203},
1088 {0x1ff, 0x204},
1089 // Finally, larger ClientHellos need no padding.
1090 {0x200, 0x200},
1091 {0x201, 0x201},
1092};
1093
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1094static bool TestPaddingExtension(uint16_t max_version,
1095 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1096 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1097 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1098 if (base_len == 0) {
1099 return false;
1100 }
1101
1102 for (const PaddingTest &test : kPaddingTests) {
1103 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1104 fprintf(stderr,
1105 "Baseline ClientHello too long (max_version = %04x, "
1106 "session_version = %04x).\n",
1107 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1108 return false;
1109 }
1110
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1111 size_t padded_len = GetClientHelloLen(max_version, session_version,
1112 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1113 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1114 fprintf(stderr,
1115 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
1116 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1117 static_cast<unsigned>(test.input_len),
1118 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1119 static_cast<unsigned>(test.padded_len), max_version,
1120 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1121 return false;
1122 }
1123 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]1124
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]1125 return true;
1126}
1127
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1128static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1129 static const char kCertPEM[] =
1130 "-----BEGIN CERTIFICATE-----\n"
1131 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1132 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1133 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1134 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1135 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1136 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1137 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1138 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1139 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1140 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1141 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1142 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1143 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1144 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1145 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1146 return bssl::UniquePtr<X509>(
1147 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1148}
1149
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1150static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1151 static const char kKeyPEM[] =
1152 "-----BEGIN RSA PRIVATE KEY-----\n"
1153 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1154 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1155 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1156 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1157 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1158 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1159 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1160 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1161 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1162 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1163 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1164 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1165 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1166 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1167 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1168 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1169 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1170}
1171
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1172static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1173 static const char kCertPEM[] =
1174 "-----BEGIN CERTIFICATE-----\n"
1175 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1176 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1177 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1178 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1179 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1180 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1181 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1182 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1183 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1184 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1185 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1186 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1187 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1188}
1189
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1190static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1191 static const char kKeyPEM[] =
1192 "-----BEGIN PRIVATE KEY-----\n"
1193 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1194 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1195 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1196 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1197 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1198 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1199 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1200}
1201
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1202static bssl::UniquePtr<CRYPTO_BUFFER> BufferFromPEM(const char *pem) {
1203 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1204 char *name, *header;
1205 uint8_t *data;
1206 long data_len;
1207 if (!PEM_read_bio(bio.get(), &name, &header, &data,
1208 &data_len)) {
1209 return nullptr;
1210 }
1211 OPENSSL_free(name);
1212 OPENSSL_free(header);
1213
1214 auto ret = bssl::UniquePtr<CRYPTO_BUFFER>(
1215 CRYPTO_BUFFER_new(data, data_len, nullptr));
1216 OPENSSL_free(data);
1217 return ret;
1218}
1219
1220static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestCertificateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1221 static const char kCertPEM[] =
1222 "-----BEGIN CERTIFICATE-----\n"
1223 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1224 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1225 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1226 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1227 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1228 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1229 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1230 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1231 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1232 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1233 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1234 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1235 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1236 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1237 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1238 "1ngWZ7Ih\n"
1239 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1240 return BufferFromPEM(kCertPEM);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1241}
1242
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1243static bssl::UniquePtr<X509> X509FromBuffer(
1244 bssl::UniquePtr<CRYPTO_BUFFER> buffer) {
1245 if (!buffer) {
1246 return nullptr;
1247 }
1248 const uint8_t *derp = CRYPTO_BUFFER_data(buffer.get());
1249 return bssl::UniquePtr<X509>(
1250 d2i_X509(NULL, &derp, CRYPTO_BUFFER_len(buffer.get())));
1251}
1252
1253static bssl::UniquePtr<X509> GetChainTestCertificate() {
1254 return X509FromBuffer(GetChainTestCertificateBuffer());
1255}
1256
1257static bssl::UniquePtr<CRYPTO_BUFFER> GetChainTestIntermediateBuffer() {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1258 static const char kCertPEM[] =
1259 "-----BEGIN CERTIFICATE-----\n"
1260 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1261 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1262 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1263 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1264 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1265 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1266 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1267 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1268 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1269 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1270 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1271 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1272 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1273 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1274 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1275 "-----END CERTIFICATE-----\n";
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]1276 return BufferFromPEM(kCertPEM);
1277}
1278
1279static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1280 return X509FromBuffer(GetChainTestIntermediateBuffer());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1281}
1282
1283static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1284 static const char kKeyPEM[] =
1285 "-----BEGIN PRIVATE KEY-----\n"
1286 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1287 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1288 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1289 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1290 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1291 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1292 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1293 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1294 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1295 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1296 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1297 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1298 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1299 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1300 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1301 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1302 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1303 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1304 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1305 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1306 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1307 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1308 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1309 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1310 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1311 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1312 "-----END PRIVATE KEY-----\n";
1313 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1314 return bssl::UniquePtr<EVP_PKEY>(
1315 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1316}
1317
David Benjaminc79ae7a2017-08-29 16:09:44 -0400[diff] [blame]1318// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
1319// before configuring as a server.
1320TEST(SSLTest, ClientCAList) {
1321 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1322 ASSERT_TRUE(ctx);
1323 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1324 ASSERT_TRUE(ssl);
1325
1326 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1327 ASSERT_TRUE(name);
1328
1329 bssl::UniquePtr<X509_NAME> name_dup(X509_NAME_dup(name.get()));
1330 ASSERT_TRUE(name_dup);
1331
1332 bssl::UniquePtr<STACK_OF(X509_NAME)> stack(sk_X509_NAME_new_null());
1333 ASSERT_TRUE(stack);
1334
1335 ASSERT_TRUE(sk_X509_NAME_push(stack.get(), name_dup.get()));
1336 name_dup.release();
1337
1338 // |SSL_set_client_CA_list| takes ownership.
1339 SSL_set_client_CA_list(ssl.get(), stack.release());
1340
1341 STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get());
1342 ASSERT_TRUE(result);
1343 ASSERT_EQ(1u, sk_X509_NAME_num(result));
1344 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get()));
1345}
1346
1347TEST(SSLTest, AddClientCA) {
1348 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1349 ASSERT_TRUE(ctx);
1350 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1351 ASSERT_TRUE(ssl);
1352
1353 bssl::UniquePtr<X509> cert1 = GetTestCertificate();
1354 bssl::UniquePtr<X509> cert2 = GetChainTestCertificate();
1355 ASSERT_TRUE(cert1 && cert2);
1356 X509_NAME *name1 = X509_get_subject_name(cert1.get());
1357 X509_NAME *name2 = X509_get_subject_name(cert2.get());
1358
1359 EXPECT_EQ(0u, sk_X509_NAME_num(SSL_get_client_CA_list(ssl.get())));
1360
1361 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert1.get()));
1362 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert2.get()));
1363
1364 STACK_OF(X509_NAME) *list = SSL_get_client_CA_list(ssl.get());
1365 ASSERT_EQ(2u, sk_X509_NAME_num(list));
1366 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 0), name1));
1367 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 1), name2));
1368
1369 ASSERT_TRUE(SSL_add_client_CA(ssl.get(), cert1.get()));
1370
1371 list = SSL_get_client_CA_list(ssl.get());
1372 ASSERT_EQ(3u, sk_X509_NAME_num(list));
1373 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 0), name1));
1374 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 1), name2));
1375 EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(list, 2), name1));
1376}
1377
1378static void AppendSession(SSL_SESSION *session, void *arg) {
1379 std::vector<SSL_SESSION*> *out =
1380 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
1381 out->push_back(session);
1382}
1383
1384// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
1385// order.
1386static bool CacheEquals(SSL_CTX *ctx,
1387 const std::vector<SSL_SESSION*> &expected) {
1388 // Check the linked list.
1389 SSL_SESSION *ptr = ctx->session_cache_head;
1390 for (SSL_SESSION *session : expected) {
1391 if (ptr != session) {
1392 return false;
1393 }
1394 // TODO(davidben): This is an absurd way to denote the end of the list.
1395 if (ptr->next ==
1396 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
1397 ptr = nullptr;
1398 } else {
1399 ptr = ptr->next;
1400 }
1401 }
1402 if (ptr != nullptr) {
1403 return false;
1404 }
1405
1406 // Check the hash table.
1407 std::vector<SSL_SESSION*> actual, expected_copy;
David Benjamin9eaa3bd2017-09-27 17:03:54 -0400[diff] [blame]1408 lh_SSL_SESSION_doall_arg(ctx->sessions, AppendSession, &actual);
David Benjaminc79ae7a2017-08-29 16:09:44 -0400[diff] [blame]1409 expected_copy = expected;
1410
1411 std::sort(actual.begin(), actual.end());
1412 std::sort(expected_copy.begin(), expected_copy.end());
1413
1414 return actual == expected_copy;
1415}
1416
1417static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
1418 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1419 if (!ssl_ctx) {
1420 return nullptr;
1421 }
1422 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
1423 if (!ret) {
1424 return nullptr;
1425 }
1426
1427 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
1428 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1429 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
1430 return ret;
1431}
1432
1433// Test that the internal session cache behaves as expected.
1434TEST(SSLTest, InternalSessionCache) {
1435 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
1436 ASSERT_TRUE(ctx);
1437
1438 // Prepare 10 test sessions.
1439 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
1440 for (int i = 0; i < 10; i++) {
1441 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
1442 ASSERT_TRUE(session);
1443 sessions.push_back(std::move(session));
1444 }
1445
1446 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1447
1448 // Insert all the test sessions.
1449 for (const auto &session : sessions) {
1450 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
1451 }
1452
1453 // Only the last five should be in the list.
1454 ASSERT_TRUE(CacheEquals(
1455 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1456 sessions[6].get(), sessions[5].get()}));
1457
1458 // Inserting an element already in the cache should fail and leave the cache
1459 // unchanged.
1460 ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
1461 ASSERT_TRUE(CacheEquals(
1462 ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
1463 sessions[6].get(), sessions[5].get()}));
1464
1465 // Although collisions should be impossible (256-bit session IDs), the cache
1466 // must handle them gracefully.
1467 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
1468 ASSERT_TRUE(collision);
1469 ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
1470 ASSERT_TRUE(CacheEquals(
1471 ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
1472 sessions[6].get(), sessions[5].get()}));
1473
1474 // Removing sessions behaves correctly.
1475 ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
1476 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1477 sessions[8].get(), sessions[5].get()}));
1478
1479 // Removing sessions requires an exact match.
1480 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
1481 ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
1482
1483 // The cache remains unchanged.
1484 ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
1485 sessions[8].get(), sessions[5].get()}));
1486}
1487
1488static uint16_t EpochFromSequence(uint64_t seq) {
1489 return static_cast<uint16_t>(seq >> 48);
1490}
1491
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]1492static const uint8_t kTestName[] = {
1493 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
1494 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1495 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
1496 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
1497 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
1498 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64,
1499};
1500
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1501static bool CompleteHandshakes(SSL *client, SSL *server) {
1502 // Drive both their handshakes to completion.
1503 for (;;) {
1504 int client_ret = SSL_do_handshake(client);
1505 int client_err = SSL_get_error(client, client_ret);
1506 if (client_err != SSL_ERROR_NONE &&
1507 client_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1508 client_err != SSL_ERROR_WANT_WRITE &&
1509 client_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1510 fprintf(stderr, "Client error: %d\n", client_err);
1511 return false;
1512 }
1513
1514 int server_ret = SSL_do_handshake(server);
1515 int server_err = SSL_get_error(server, server_ret);
1516 if (server_err != SSL_ERROR_NONE &&
1517 server_err != SSL_ERROR_WANT_READ &&
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]1518 server_err != SSL_ERROR_WANT_WRITE &&
1519 server_err != SSL_ERROR_PENDING_TICKET) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1520 fprintf(stderr, "Server error: %d\n", server_err);
1521 return false;
1522 }
1523
1524 if (client_ret == 1 && server_ret == 1) {
1525 break;
1526 }
1527 }
1528
1529 return true;
1530}
1531
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1532struct ClientConfig {
1533 SSL_SESSION *session = nullptr;
1534 std::string servername;
1535};
1536
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1537static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1538 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1539 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame^]1540 const ClientConfig &config = ClientConfig(),
1541 bool do_handshake = true) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1542 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1543 if (!client || !server) {
1544 return false;
1545 }
1546 SSL_set_connect_state(client.get());
1547 SSL_set_accept_state(server.get());
1548
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1549 if (config.session) {
1550 SSL_set_session(client.get(), config.session);
1551 }
1552 if (!config.servername.empty() &&
1553 !SSL_set_tlsext_host_name(client.get(), config.servername.c_str())) {
1554 return false;
1555 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1556
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1557 BIO *bio1, *bio2;
1558 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1559 return false;
1560 }
1561 // SSL_set_bio takes ownership.
1562 SSL_set_bio(client.get(), bio1, bio1);
1563 SSL_set_bio(server.get(), bio2, bio2);
1564
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame^]1565 if (do_handshake && !CompleteHandshakes(client.get(), server.get())) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1566 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1567 }
1568
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1569 *out_client = std::move(client);
1570 *out_server = std::move(server);
1571 return true;
1572}
1573
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]1574// SSLVersionTest executes its test cases under all available protocol versions.
1575// Test cases call |Connect| to create a connection using context objects with
1576// the protocol version fixed to the current version under test.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1577class SSLVersionTest : public ::testing::TestWithParam<VersionParam> {
1578 protected:
1579 SSLVersionTest() : cert_(GetTestCertificate()), key_(GetTestKey()) {}
1580
1581 void SetUp() { ResetContexts(); }
1582
1583 bssl::UniquePtr<SSL_CTX> CreateContext() const {
1584 const SSL_METHOD *method = is_dtls() ? DTLS_method() : TLS_method();
1585 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1586 if (!ctx || !SSL_CTX_set_min_proto_version(ctx.get(), version()) ||
1587 !SSL_CTX_set_max_proto_version(ctx.get(), version())) {
1588 return nullptr;
1589 }
1590 return ctx;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1591 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1592
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1593 void ResetContexts() {
1594 ASSERT_TRUE(cert_);
1595 ASSERT_TRUE(key_);
1596 client_ctx_ = CreateContext();
1597 ASSERT_TRUE(client_ctx_);
1598 server_ctx_ = CreateContext();
1599 ASSERT_TRUE(server_ctx_);
1600 // Set up a server cert. Client certs can be set up explicitly.
1601 ASSERT_TRUE(UseCertAndKey(server_ctx_.get()));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1602 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1603
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1604 bool UseCertAndKey(SSL_CTX *ctx) const {
1605 return SSL_CTX_use_certificate(ctx, cert_.get()) &&
1606 SSL_CTX_use_PrivateKey(ctx, key_.get());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1607 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1608
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1609 bool Connect(const ClientConfig &config = ClientConfig()) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1610 return ConnectClientAndServer(&client_, &server_, client_ctx_.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1611 server_ctx_.get(), config);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1612 }
1613
1614 uint16_t version() const { return GetParam().version; }
1615
1616 bool is_dtls() const {
1617 return GetParam().ssl_method == VersionParam::is_dtls;
1618 }
1619
1620 bssl::UniquePtr<SSL> client_, server_;
1621 bssl::UniquePtr<SSL_CTX> server_ctx_, client_ctx_;
1622 bssl::UniquePtr<X509> cert_;
1623 bssl::UniquePtr<EVP_PKEY> key_;
1624};
1625
1626INSTANTIATE_TEST_CASE_P(WithVersion, SSLVersionTest,
1627 testing::ValuesIn(kAllVersions),
1628 [](const testing::TestParamInfo<VersionParam> &i) {
1629 return i.param.name;
1630 });
1631
1632TEST_P(SSLVersionTest, SequenceNumber) {
1633 ASSERT_TRUE(Connect());
1634
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1635 // Drain any post-handshake messages to ensure there are no unread records
1636 // on either end.
1637 uint8_t byte = 0;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1638 ASSERT_LE(SSL_read(client_.get(), &byte, 1), 0);
1639 ASSERT_LE(SSL_read(server_.get(), &byte, 1), 0);
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1640
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1641 uint64_t client_read_seq = SSL_get_read_sequence(client_.get());
1642 uint64_t client_write_seq = SSL_get_write_sequence(client_.get());
1643 uint64_t server_read_seq = SSL_get_read_sequence(server_.get());
1644 uint64_t server_write_seq = SSL_get_write_sequence(server_.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1645
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1646 if (is_dtls()) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1647 // Both client and server must be at epoch 1.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1648 EXPECT_EQ(EpochFromSequence(client_read_seq), 1);
1649 EXPECT_EQ(EpochFromSequence(client_write_seq), 1);
1650 EXPECT_EQ(EpochFromSequence(server_read_seq), 1);
1651 EXPECT_EQ(EpochFromSequence(server_write_seq), 1);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1652
1653 // The next record to be written should exceed the largest received.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1654 EXPECT_GT(client_write_seq, server_read_seq);
1655 EXPECT_GT(server_write_seq, client_read_seq);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1656 } else {
1657 // The next record to be written should equal the next to be received.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1658 EXPECT_EQ(client_write_seq, server_read_seq);
1659 EXPECT_EQ(server_write_seq, client_read_seq);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1660 }
1661
1662 // Send a record from client to server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1663 EXPECT_EQ(SSL_write(client_.get(), &byte, 1), 1);
1664 EXPECT_EQ(SSL_read(server_.get(), &byte, 1), 1);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1665
1666 // The client write and server read sequence numbers should have
1667 // incremented.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1668 EXPECT_EQ(client_write_seq + 1, SSL_get_write_sequence(client_.get()));
1669 EXPECT_EQ(server_read_seq + 1, SSL_get_read_sequence(server_.get()));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1670}
1671
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1672TEST_P(SSLVersionTest, OneSidedShutdown) {
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1673 // SSL_shutdown is a no-op in DTLS.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1674 if (is_dtls()) {
1675 return;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1676 }
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1677 ASSERT_TRUE(Connect());
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1678
1679 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1680 // one side has shut down.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1681 ASSERT_EQ(SSL_shutdown(client_.get()), 0);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1682
1683 // Reading from the server should consume the EOF.
1684 uint8_t byte;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1685 ASSERT_EQ(SSL_read(server_.get(), &byte, 1), 0);
1686 ASSERT_EQ(SSL_get_error(server_.get(), 0), SSL_ERROR_ZERO_RETURN);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1687
1688 // However, the server may continue to write data and then shut down the
1689 // connection.
1690 byte = 42;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1691 ASSERT_EQ(SSL_write(server_.get(), &byte, 1), 1);
1692 ASSERT_EQ(SSL_read(client_.get(), &byte, 1), 1);
1693 ASSERT_EQ(byte, 42);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1694
1695 // The server may then shutdown the connection.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1696 EXPECT_EQ(SSL_shutdown(server_.get()), 1);
1697 EXPECT_EQ(SSL_shutdown(client_.get()), 1);
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1698}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1699
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1700TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1701 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1702 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1703 ASSERT_TRUE(client_ctx);
1704 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1705
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1706 bssl::UniquePtr<X509> cert = GetTestCertificate();
1707 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1708 ASSERT_TRUE(cert);
1709 ASSERT_TRUE(key);
1710 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1711 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1712
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1713 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1714 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]1715 server_ctx.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1716
1717 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjamin31b0c9b2017-07-20 14:49:15 -0400[diff] [blame]1718 bssl::UniquePtr<SSL_SESSION> session1 =
1719 bssl::SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1720 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1721
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1722 session1->not_resumable = 0;
1723
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1724 uint8_t *s0_bytes, *s1_bytes;
1725 size_t s0_len, s1_len;
1726
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1727 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1728 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1729
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1730 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1731 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1732
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1733 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1734}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1735
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1736static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]1737 EXPECT_EQ(rfd, SSL_get_fd(ssl));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1738 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1739 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1740
1741 // The wrapper BIOs are always equal when fds are equal, even if set
1742 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1743 if (rfd == wfd) {
1744 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1745 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1746}
1747
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1748TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1749 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1750 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1751
1752 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1753 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1754 ASSERT_TRUE(ssl);
1755 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1756 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1757 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1758
1759 // Test setting the same FD.
1760 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1761 ASSERT_TRUE(ssl);
1762 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1763 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1764
1765 // Test setting the same FD one side at a time.
1766 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1767 ASSERT_TRUE(ssl);
1768 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1769 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1770 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1771
1772 // Test setting the same FD in the other order.
1773 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1774 ASSERT_TRUE(ssl);
1775 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1776 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1777 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1778
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1779 // Test changing the read FD partway through.
1780 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1781 ASSERT_TRUE(ssl);
1782 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1783 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1784 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1785
1786 // Test changing the write FD partway through.
1787 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1788 ASSERT_TRUE(ssl);
1789 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1790 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1791 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1792
1793 // Test a no-op change to the read FD partway through.
1794 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1795 ASSERT_TRUE(ssl);
1796 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1797 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1798 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1799
1800 // Test a no-op change to the write FD partway through.
1801 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1802 ASSERT_TRUE(ssl);
1803 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1804 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1805 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1806
1807 // ASan builds will implicitly test that the internal |BIO| reference-counting
1808 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1809}
1810
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1811TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1812 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1813 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1814
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1815 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1816 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1817 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1818 ASSERT_TRUE(ssl);
1819 ASSERT_TRUE(bio1);
1820 ASSERT_TRUE(bio2);
1821 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1822
1823 // SSL_set_bio takes one reference when the parameters are the same.
1824 BIO_up_ref(bio1.get());
1825 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1826
1827 // Repeating the call does nothing.
1828 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1829
1830 // It takes one reference each when the parameters are different.
1831 BIO_up_ref(bio2.get());
1832 BIO_up_ref(bio3.get());
1833 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1834
1835 // Repeating the call does nothing.
1836 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1837
1838 // It takes one reference when changing only wbio.
1839 BIO_up_ref(bio1.get());
1840 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1841
1842 // It takes one reference when changing only rbio and the two are different.
1843 BIO_up_ref(bio3.get());
1844 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1845
1846 // If setting wbio to rbio, it takes no additional references.
1847 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1848
1849 // From there, wbio may be switched to something else.
1850 BIO_up_ref(bio1.get());
1851 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1852
1853 // If setting rbio to wbio, it takes no additional references.
1854 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1855
1856 // From there, rbio may be switched to something else, but, for historical
1857 // reasons, it takes a reference to both parameters.
1858 BIO_up_ref(bio1.get());
1859 BIO_up_ref(bio2.get());
1860 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1861
1862 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1863 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1864}
1865
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1866static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1867
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1868TEST_P(SSLVersionTest, GetPeerCertificate) {
1869 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1870
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1871 // Configure both client and server to accept any certificate.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1872 SSL_CTX_set_verify(client_ctx_.get(),
1873 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1874 nullptr);
1875 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
1876 SSL_CTX_set_verify(server_ctx_.get(),
1877 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1878 nullptr);
1879 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1880
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1881 ASSERT_TRUE(Connect());
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1882
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1883 // Client and server should both see the leaf certificate.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1884 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1885 ASSERT_TRUE(peer);
1886 ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1887
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1888 peer.reset(SSL_get_peer_certificate(client_.get()));
1889 ASSERT_TRUE(peer);
1890 ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1891
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1892 // However, for historical reasons, the X509 chain includes the leaf on the
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1893 // client, but does not on the server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1894 EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(client_.get())), 1u);
1895 EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client_.get())),
1896 1u);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1897
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1898 EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(server_.get())), 0u);
1899 EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server_.get())),
1900 1u);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1901}
1902
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1903TEST_P(SSLVersionTest, NoPeerCertificate) {
1904 SSL_CTX_set_verify(server_ctx_.get(), SSL_VERIFY_PEER, nullptr);
1905 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
1906 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1907
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1908 ASSERT_TRUE(Connect());
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1909
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1910 // Server should not see a peer certificate.
1911 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1912 ASSERT_FALSE(peer);
1913 ASSERT_FALSE(SSL_get0_peer_certificates(server_.get()));
David Benjamine664a532017-07-20 20:19:36 -0400[diff] [blame]1914}
1915
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1916TEST_P(SSLVersionTest, RetainOnlySHA256OfCerts) {
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1917 uint8_t *cert_der = NULL;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1918 int cert_der_len = i2d_X509(cert_.get(), &cert_der);
1919 ASSERT_GE(cert_der_len, 0);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1920 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1921
1922 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1923 SHA256(cert_der, cert_der_len, cert_sha256);
1924
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1925 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
1926
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1927 // Configure both client and server to accept any certificate, but the
1928 // server must retain only the SHA-256 of the peer.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1929 SSL_CTX_set_verify(client_ctx_.get(),
1930 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1931 nullptr);
1932 SSL_CTX_set_verify(server_ctx_.get(),
1933 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1934 nullptr);
1935 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
1936 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
1937 SSL_CTX_set_retain_only_sha256_of_client_certs(server_ctx_.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1938
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1939 ASSERT_TRUE(Connect());
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1940
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1941 // The peer certificate has been dropped.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1942 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server_.get()));
1943 EXPECT_FALSE(peer);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1944
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1945 SSL_SESSION *session = SSL_get_session(server_.get());
1946 EXPECT_TRUE(session->peer_sha256_valid);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1947
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]1948 EXPECT_EQ(Bytes(cert_sha256), Bytes(session->peer_sha256));
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1949}
1950
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1951// Tests that our ClientHellos do not change unexpectedly. These are purely
1952// change detection tests. If they fail as part of an intentional ClientHello
1953// change, update the test vector.
1954TEST(SSLTest, ClientHello) {
1955 struct {
1956 uint16_t max_version;
1957 std::vector<uint8_t> expected;
1958 } kTests[] = {
1959 {SSL3_VERSION,
1960 {0x16, 0x03, 0x00, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x37, 0x03, 0x00,
1961 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1962 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1963 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1964 0x00, 0x10, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00,
1965 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00}},
1966 {TLS1_VERSION,
1967 {0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00, 0x56, 0x03, 0x01, 0x00,
1968 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1969 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1970 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09,
1971 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1972 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1973 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1974 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}},
1975 {TLS1_1_VERSION,
1976 {0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00, 0x56, 0x03, 0x02, 0x00,
1977 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1978 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1979 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09,
1980 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1981 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1982 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1983 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}},
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1984 {TLS1_2_VERSION,
1985 {0x16, 0x03, 0x01, 0x00, 0x8e, 0x01, 0x00, 0x00, 0x8a, 0x03, 0x03, 0x00,
1986 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1987 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1988 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2a, 0xcc, 0xa9,
1989 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xc0, 0x09,
1990 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14,
1991 0xc0, 0x28, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
1992 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
1993 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1994 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
1995 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
1996 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
1997 0x17, 0x00, 0x18}},
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]1998 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1999 // implementation has settled enough that it won't change.
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2000 };
David Benjamin737d2df2017-09-25 15:05:19 -0400[diff] [blame]2001
2002 for (const auto &t : kTests) {
2003 SCOPED_TRACE(t.max_version);
2004
2005 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
2006 ASSERT_TRUE(ctx);
2007 // Our default cipher list varies by CPU capabilities, so manually place the
2008 // ChaCha20 ciphers in front.
2009 const char *cipher_list = "CHACHA20:ALL";
2010 // SSLv3 is off by default.
2011 ASSERT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
2012 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), t.max_version));
2013 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list));
2014
2015 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
2016 ASSERT_TRUE(ssl);
2017 std::vector<uint8_t> client_hello;
2018 ASSERT_TRUE(GetClientHello(ssl.get(), &client_hello));
2019
2020 // Zero the client_random.
2021 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
2022 1 + 3 + // handshake message header
2023 2; // client_version
2024 ASSERT_GE(client_hello.size(), kRandomOffset + SSL3_RANDOM_SIZE);
2025 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
2026
2027 if (client_hello != t.expected) {
2028 ADD_FAILURE() << "ClientHellos did not match.";
2029 // Print the value manually so it is easier to update the test vector.
2030 for (size_t i = 0; i < client_hello.size(); i += 12) {
2031 printf(" %c", i == 0 ? '{' : ' ');
2032 for (size_t j = i; j < client_hello.size() && j < i + 12; j++) {
2033 if (j > i) {
2034 printf(" ");
2035 }
2036 printf("0x%02x", client_hello[j]);
2037 if (j < client_hello.size() - 1) {
2038 printf(",");
2039 }
2040 }
2041 if (i + 12 >= client_hello.size()) {
2042 printf("}}");
2043 }
2044 printf("\n");
2045 }
2046 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2047 }
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]2048}
2049
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2050static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2051
2052static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
2053 // Save the most recent session.
2054 g_last_session.reset(session);
2055 return 1;
2056}
2057
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2058static bssl::UniquePtr<SSL_SESSION> CreateClientSession(
2059 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2060 const ClientConfig &config = ClientConfig()) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2061 g_last_session = nullptr;
2062 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2063
2064 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2065 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2066 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2067 config)) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2068 fprintf(stderr, "Failed to connect client and server.\n");
2069 return nullptr;
2070 }
2071
2072 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2073 SSL_read(client.get(), nullptr, 0);
2074
2075 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2076
2077 if (!g_last_session) {
2078 fprintf(stderr, "Client did not receive a session.\n");
2079 return nullptr;
2080 }
2081 return std::move(g_last_session);
2082}
2083
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2084static void ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
2085 SSL_SESSION *session, bool want_reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2086 bssl::UniquePtr<SSL> client, server;
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2087 ClientConfig config;
2088 config.session = session;
2089 EXPECT_TRUE(
2090 ConnectClientAndServer(&client, &server, client_ctx, server_ctx, config));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2091
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2092 EXPECT_EQ(SSL_session_reused(client.get()), SSL_session_reused(server.get()));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2093
2094 bool was_reused = !!SSL_session_reused(client.get());
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2095 EXPECT_EQ(was_reused, want_reused);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2096}
2097
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2098static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
2099 SSL_CTX *server_ctx,
2100 SSL_SESSION *session) {
2101 g_last_session = nullptr;
2102 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
2103
2104 bssl::UniquePtr<SSL> client, server;
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2105 ClientConfig config;
2106 config.session = session;
2107 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
2108 config)) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2109 fprintf(stderr, "Failed to connect client and server.\n");
2110 return nullptr;
2111 }
2112
2113 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2114 fprintf(stderr, "Client and server were inconsistent.\n");
2115 return nullptr;
2116 }
2117
2118 if (!SSL_session_reused(client.get())) {
2119 fprintf(stderr, "Session was not reused.\n");
2120 return nullptr;
2121 }
2122
2123 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2124 SSL_read(client.get(), nullptr, 0);
2125
2126 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2127
2128 if (!g_last_session) {
2129 fprintf(stderr, "Client did not receive a renewed session.\n");
2130 return nullptr;
2131 }
2132 return std::move(g_last_session);
2133}
2134
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2135static void ExpectTicketKeyChanged(SSL_CTX *ctx, uint8_t *inout_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2136 bool changed) {
2137 uint8_t new_key[kTicketKeyLen];
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2138 // May return 0, 1 or 48.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2139 ASSERT_EQ(SSL_CTX_get_tlsext_ticket_keys(ctx, new_key, kTicketKeyLen), 1);
2140 if (changed) {
2141 ASSERT_NE(Bytes(inout_key, kTicketKeyLen), Bytes(new_key));
2142 } else {
2143 ASSERT_EQ(Bytes(inout_key, kTicketKeyLen), Bytes(new_key));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2144 }
2145 OPENSSL_memcpy(inout_key, new_key, kTicketKeyLen);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2146}
2147
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2148static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2149 static const uint8_t kContext[] = {3};
2150
2151 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2152 return SSL_TLSEXT_ERR_ALERT_FATAL;
2153 }
2154
2155 return SSL_TLSEXT_ERR_OK;
2156}
2157
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2158TEST_P(SSLVersionTest, SessionIDContext) {
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2159 static const uint8_t kContext1[] = {1};
2160 static const uint8_t kContext2[] = {2};
2161
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2162 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1,
2163 sizeof(kContext1)));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2164
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2165 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2166 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2167
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2168 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2169 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2170 ASSERT_TRUE(session);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2171
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2172 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2173 session.get(),
2174 true /* expect session reused */));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2175
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2176 // Change the session ID context.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2177 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext2,
2178 sizeof(kContext2)));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2179
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2180 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2181 session.get(),
2182 false /* expect session not reused */));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2183
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2184 // Change the session ID context back and install an SNI callback to switch
2185 // it.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2186 ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1,
2187 sizeof(kContext1)));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2188
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2189 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(),
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2190 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2191
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2192 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2193 session.get(),
2194 false /* expect session not reused */));
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2195
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2196 // Switch the session ID context with the early callback instead.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2197 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), nullptr);
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2198 SSL_CTX_set_select_certificate_cb(
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2199 server_ctx_.get(),
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2200 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
2201 static const uint8_t kContext[] = {3};
2202
2203 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2204 sizeof(kContext))) {
2205 return ssl_select_cert_error;
2206 }
2207
2208 return ssl_select_cert_success;
2209 });
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2210
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2211 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2212 session.get(),
2213 false /* expect session not reused */));
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2214}
2215
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2216static timeval g_current_time;
2217
2218static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2219 *out_clock = g_current_time;
2220}
2221
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2222static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2223 out_clock->tv_sec = 1000;
2224 out_clock->tv_usec = 0;
2225}
2226
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2227static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2228 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2229 int encrypt) {
2230 static const uint8_t kZeros[16] = {0};
2231
2232 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2233 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2234 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2235 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2236 return 0;
2237 }
2238
2239 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2240 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2241 return -1;
2242 }
2243
2244 // Returning two from the callback in decrypt mode renews the
2245 // session in TLS 1.2 and below.
2246 return encrypt ? 1 : 2;
2247}
2248
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2249static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2250 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2251 return false;
2252 }
2253
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2254 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2255 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2256 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2257
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2258#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2259 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2260 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2261#else
2262 static const uint8_t kZeros[16] = {0};
2263 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2264 bssl::ScopedEVP_CIPHER_CTX ctx;
2265 int len1, len2;
2266 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2267 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2268 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2269 return false;
2270 }
2271
2272 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2273#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2274
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2275 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2276 if (!ssl_ctx) {
2277 return false;
2278 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2279 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2280 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2281 if (!server_session) {
2282 return false;
2283 }
2284
2285 *out = server_session->time;
2286 return true;
2287}
2288
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2289TEST_P(SSLVersionTest, SessionTimeout) {
2290 for (bool server_test : {false, true}) {
2291 SCOPED_TRACE(server_test);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2292
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2293 ResetContexts();
2294 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2295 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
2296
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2297 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2298 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2299
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2300 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2301 // resumptions still perform ECDHE.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2302 const time_t timeout = version() == TLS1_3_VERSION
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2303 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2304 : SSL_DEFAULT_SESSION_TIMEOUT;
2305
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2306 // Both client and server must enforce session timeouts. We configure the
2307 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2308 if (server_test) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2309 SSL_CTX_set_current_time_cb(client_ctx_.get(), FrozenTimeCallback);
2310 SSL_CTX_set_current_time_cb(server_ctx_.get(), CurrentTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2311 } else {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2312 SSL_CTX_set_current_time_cb(client_ctx_.get(), CurrentTimeCallback);
2313 SSL_CTX_set_current_time_cb(server_ctx_.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2314 }
2315
2316 // Configure a ticket callback which renews tickets.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2317 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx_.get(), RenewTicketCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2318
2319 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2320 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2321 ASSERT_TRUE(session);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2322
2323 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2324 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2325
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2326 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2327 session.get(),
2328 true /* expect session reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2329
2330 // Advance the clock one more second.
2331 g_current_time.tv_sec++;
2332
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2333 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2334 session.get(),
2335 false /* expect session not reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2336
2337 // Rewind the clock to before the session was minted.
2338 g_current_time.tv_sec = kStartTime - 1;
2339
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2340 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2341 session.get(),
2342 false /* expect session not reused */));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2343
2344 // SSL 3.0 cannot renew sessions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2345 if (version() == SSL3_VERSION) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2346 continue;
2347 }
2348
2349 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2350 time_t new_start_time = kStartTime + timeout - 10;
2351 g_current_time.tv_sec = new_start_time;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2352 bssl::UniquePtr<SSL_SESSION> new_session = ExpectSessionRenewed(
2353 client_ctx_.get(), server_ctx_.get(), session.get());
2354 ASSERT_TRUE(new_session);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2355
2356 // This new session is not the same object as before.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2357 EXPECT_NE(session.get(), new_session.get());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2358
2359 // Check the sessions have timestamps measured from issuance.
2360 long session_time = 0;
2361 if (server_test) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2362 ASSERT_TRUE(GetServerTicketTime(&session_time, new_session.get()));
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2363 } else {
2364 session_time = new_session->time;
2365 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2366
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2367 ASSERT_EQ(session_time, g_current_time.tv_sec);
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2368
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2369 if (version() == TLS1_3_VERSION) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2370 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2371 // lifetime TLS 1.3.
2372 g_current_time.tv_sec = new_start_time + timeout - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2373 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2374 new_session.get(),
2375 true /* expect session reused */));
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2376
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2377 // The new session expires after the new timeout.
2378 g_current_time.tv_sec = new_start_time + timeout + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2379 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2380 new_session.get(),
2381 false /* expect session ot reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2382
2383 // Renew the session until it begins just past the auth timeout.
2384 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2385 while (new_start_time < auth_end_time - 1000) {
2386 // Get as close as possible to target start time.
2387 new_start_time =
2388 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2389 g_current_time.tv_sec = new_start_time;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2390 new_session = ExpectSessionRenewed(client_ctx_.get(), server_ctx_.get(),
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2391 new_session.get());
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2392 ASSERT_TRUE(new_session);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2393 }
2394
2395 // Now the session's lifetime is bound by the auth timeout.
2396 g_current_time.tv_sec = auth_end_time - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2397 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2398 new_session.get(),
2399 true /* expect session reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2400
2401 g_current_time.tv_sec = auth_end_time + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2402 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2403 new_session.get(),
2404 false /* expect session ot reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2405 } else {
2406 // The new session is usable just before the old expiration.
2407 g_current_time.tv_sec = kStartTime + timeout - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2408 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2409 new_session.get(),
2410 true /* expect session reused */));
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2411
2412 // Renewal does not extend the lifetime, so it is not usable beyond the
2413 // old expiration.
2414 g_current_time.tv_sec = kStartTime + timeout + 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2415 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
2416 new_session.get(),
2417 false /* expect session not reused */));
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2418 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2419 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2420}
2421
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2422TEST_P(SSLVersionTest, DefaultTicketKeyInitialization) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2423 static const uint8_t kZeroKey[kTicketKeyLen] = {};
2424 uint8_t ticket_key[kTicketKeyLen];
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2425 ASSERT_EQ(1, SSL_CTX_get_tlsext_ticket_keys(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2426 kTicketKeyLen));
2427 ASSERT_NE(0, OPENSSL_memcmp(ticket_key, kZeroKey, kTicketKeyLen));
2428}
2429
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2430TEST_P(SSLVersionTest, DefaultTicketKeyRotation) {
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2431 if (GetParam().version == SSL3_VERSION) {
2432 return;
2433 }
2434
2435 static const time_t kStartTime = 1001;
2436 g_current_time.tv_sec = kStartTime;
2437 uint8_t ticket_key[kTicketKeyLen];
2438
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2439 // We use session reuse as a proxy for ticket decryption success, hence
2440 // disable session timeouts.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2441 SSL_CTX_set_timeout(server_ctx_.get(), std::numeric_limits<uint32_t>::max());
2442 SSL_CTX_set_session_psk_dhe_timeout(server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2443 std::numeric_limits<uint32_t>::max());
2444
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2445 SSL_CTX_set_current_time_cb(client_ctx_.get(), FrozenTimeCallback);
2446 SSL_CTX_set_current_time_cb(server_ctx_.get(), CurrentTimeCallback);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2447
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2448 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
2449 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_OFF);
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2450
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2451 // Initialize ticket_key with the current key.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2452 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2453 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2454
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2455 // Verify ticket resumption actually works.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2456 bssl::UniquePtr<SSL> client, server;
2457 bssl::UniquePtr<SSL_SESSION> session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2458 CreateClientSession(client_ctx_.get(), server_ctx_.get());
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2459 ASSERT_TRUE(session);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2460 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2461 session.get(), true /* reused */));
2462
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2463 // Advance time to just before key rotation.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2464 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL - 1;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2465 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2466 session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2467 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2468 false /* NOT changed */));
2469
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2470 // Force key rotation.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2471 g_current_time.tv_sec += 1;
2472 bssl::UniquePtr<SSL_SESSION> new_session =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2473 CreateClientSession(client_ctx_.get(), server_ctx_.get());
2474 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2475 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2476
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2477 // Resumption with both old and new ticket should work.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2478 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2479 session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2480 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2481 new_session.get(), true /* reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2482 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2483 false /* NOT changed */));
2484
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2485 // Force key rotation again. Resumption with the old ticket now fails.
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2486 g_current_time.tv_sec += SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2487 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2488 session.get(), false /* NOT reused */));
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2489 TRACED_CALL(ExpectTicketKeyChanged(server_ctx_.get(), ticket_key,
2490 true /* changed */));
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2491
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]2492 // But resumption with the newer session still works.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2493 TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(),
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2494 new_session.get(), true /* reused */));
2495}
2496
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2497static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2498 SSL_CTX *ctx = reinterpret_cast<SSL_CTX *>(arg);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2499 SSL_set_SSL_CTX(ssl, ctx);
2500 return SSL_TLSEXT_ERR_OK;
2501}
2502
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2503TEST_P(SSLVersionTest, SNICallback) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2504 // SSL 3.0 lacks extensions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2505 if (version() == SSL3_VERSION) {
2506 return;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2507 }
2508
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2509 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2510 ASSERT_TRUE(cert2);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2511 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2512 ASSERT_TRUE(key2);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2513
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2514 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2515 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2516
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2517 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2518 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2519
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2520 bssl::UniquePtr<SSL_CTX> server_ctx2 = CreateContext();
2521 ASSERT_TRUE(server_ctx2);
2522 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()));
2523 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()));
2524 ASSERT_TRUE(SSL_CTX_set_signed_cert_timestamp_list(
2525 server_ctx2.get(), kSCTList, sizeof(kSCTList)));
2526 ASSERT_TRUE(SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2527 sizeof(kOCSPResponse)));
2528 // Historically signing preferences would be lost in some cases with the
2529 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2530 // this doesn't happen when |version| is TLS 1.2, configure the private
2531 // key to only sign SHA-256.
2532 ASSERT_TRUE(SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
2533 &kECDSAWithSHA256, 1));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2534
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2535 SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), SwitchContext);
2536 SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2537
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2538 SSL_CTX_enable_signed_cert_timestamps(client_ctx_.get());
2539 SSL_CTX_enable_ocsp_stapling(client_ctx_.get());
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2540
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2541 ASSERT_TRUE(Connect());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2542
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2543 // The client should have received |cert2|.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2544 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client_.get()));
2545 ASSERT_TRUE(peer);
2546 EXPECT_EQ(X509_cmp(peer.get(), cert2.get()), 0);
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2547
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2548 // The client should have received |server_ctx2|'s SCT list.
2549 const uint8_t *data;
2550 size_t len;
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2551 SSL_get0_signed_cert_timestamp_list(client_.get(), &data, &len);
2552 EXPECT_EQ(Bytes(kSCTList), Bytes(data, len));
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame]2553
2554 // The client should have received |server_ctx2|'s OCSP response.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2555 SSL_get0_ocsp_response(client_.get(), &data, &len);
2556 EXPECT_EQ(Bytes(kOCSPResponse), Bytes(data, len));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2557}
2558
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2559// Test that the early callback can swap the maximum version.
2560TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2561 bssl::UniquePtr<X509> cert = GetTestCertificate();
2562 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2563 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2564 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2565 ASSERT_TRUE(cert);
2566 ASSERT_TRUE(key);
2567 ASSERT_TRUE(server_ctx);
2568 ASSERT_TRUE(client_ctx);
2569 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2570 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2571 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2572 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2573
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2574 SSL_CTX_set_select_certificate_cb(
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2575 server_ctx.get(),
2576 [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2577 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2578 return ssl_select_cert_error;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2579 }
2580
Alessandro Ghedini57e81e62017-03-14 23:36:00 +0000[diff] [blame]2581 return ssl_select_cert_success;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2582 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2583
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2584 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2585 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2586 server_ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2587 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2588}
2589
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2590TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2591 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2592 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2593
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2594 // Set valid TLS versions.
2595 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2596 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2597 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2598 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2599
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2600 // Invalid TLS versions are rejected.
2601 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2602 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2603 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2604 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2605 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2606 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2607
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2608 // Zero is the default version.
2609 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2610 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2611 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2612 EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2613
2614 // SSL 3.0 and TLS 1.3 are available, but not by default.
2615 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2616 EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]2617 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2618 EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2619
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2620 // TLS1_3_DRAFT_VERSION is not an API-level version.
Steven Valdez64cc1212017-12-04 11:15:37 -0500[diff] [blame]2621 EXPECT_FALSE(
Steven Valdez7e5dd252018-01-22 15:20:31 -0500[diff] [blame]2622 SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT23_VERSION));
David Benjamin353577c2017-06-29 15:54:58 -0400[diff] [blame]2623 ERR_clear_error();
2624
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2625 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2626 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2627
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2628 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2629 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2630 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2631 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2632
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2633 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2634 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2635 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2636 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2637 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2638 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2639 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2640 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2641
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2642 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2643 EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2644 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
David Benjaminfc08dfc2017-06-20 14:39:32 -0400[diff] [blame]2645 EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2646}
2647
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2648static const char *GetVersionName(uint16_t version) {
2649 switch (version) {
2650 case SSL3_VERSION:
2651 return "SSLv3";
2652 case TLS1_VERSION:
2653 return "TLSv1";
2654 case TLS1_1_VERSION:
2655 return "TLSv1.1";
2656 case TLS1_2_VERSION:
2657 return "TLSv1.2";
2658 case TLS1_3_VERSION:
2659 return "TLSv1.3";
2660 case DTLS1_VERSION:
2661 return "DTLSv1";
2662 case DTLS1_2_VERSION:
2663 return "DTLSv1.2";
2664 default:
2665 return "???";
2666 }
2667}
2668
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2669TEST_P(SSLVersionTest, Version) {
2670 ASSERT_TRUE(Connect());
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2671
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2672 EXPECT_EQ(SSL_version(client_.get()), version());
2673 EXPECT_EQ(SSL_version(server_.get()), version());
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2674
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2675 // Test the version name is reported as expected.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2676 const char *version_name = GetVersionName(version());
2677 EXPECT_EQ(strcmp(version_name, SSL_get_version(client_.get())), 0);
2678 EXPECT_EQ(strcmp(version_name, SSL_get_version(server_.get())), 0);
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2679
2680 // Test SSL_SESSION reports the same name.
2681 const char *client_name =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2682 SSL_SESSION_get_version(SSL_get_session(client_.get()));
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2683 const char *server_name =
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2684 SSL_SESSION_get_version(SSL_get_session(server_.get()));
2685 EXPECT_EQ(strcmp(version_name, client_name), 0);
2686 EXPECT_EQ(strcmp(version_name, server_name), 0);
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2687}
2688
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2689// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2690// selection callback.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2691TEST_P(SSLVersionTest, ALPNCipherAvailable) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2692 // SSL 3.0 lacks extensions.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2693 if (version() == SSL3_VERSION) {
2694 return;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2695 }
2696
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2697 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2698
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2699 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2700 ASSERT_EQ(SSL_CTX_set_alpn_protos(client_ctx_.get(), kALPNProtos,
2701 sizeof(kALPNProtos)),
2702 0);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2703
2704 // The ALPN callback does not fail the handshake on error, so have the
2705 // callback write a boolean.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2706 std::pair<uint16_t, bool> callback_state(version(), false);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2707 SSL_CTX_set_alpn_select_cb(
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2708 server_ctx_.get(),
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2709 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2710 unsigned in_len, void *arg) -> int {
2711 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2712 if (SSL_get_pending_cipher(ssl) != nullptr &&
2713 SSL_version(ssl) == state->first) {
2714 state->second = true;
2715 }
2716 return SSL_TLSEXT_ERR_NOACK;
2717 },
2718 &callback_state);
2719
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2720 ASSERT_TRUE(Connect());
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2721
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2722 ASSERT_TRUE(callback_state.second);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2723}
2724
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2725TEST_P(SSLVersionTest, SSLClearSessionResumption) {
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2726 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2727 // API pattern.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2728 if (version() == TLS1_3_VERSION) {
2729 return;
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2730 }
2731
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2732 ASSERT_TRUE(Connect());
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2733
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2734 EXPECT_FALSE(SSL_session_reused(client_.get()));
2735 EXPECT_FALSE(SSL_session_reused(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2736
2737 // Reset everything.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2738 ASSERT_TRUE(SSL_clear(client_.get()));
2739 ASSERT_TRUE(SSL_clear(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2740
2741 // Attempt to connect a second time.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2742 ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2743
2744 // |SSL_clear| should implicitly offer the previous session to the server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2745 EXPECT_TRUE(SSL_session_reused(client_.get()));
2746 EXPECT_TRUE(SSL_session_reused(server_.get()));
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2747}
2748
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2749static bool ChainsEqual(STACK_OF(X509) * chain,
2750 const std::vector<X509 *> &expected) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2751 if (sk_X509_num(chain) != expected.size()) {
2752 return false;
2753 }
2754
2755 for (size_t i = 0; i < expected.size(); i++) {
2756 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2757 return false;
2758 }
2759 }
2760
2761 return true;
2762}
2763
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2764TEST_P(SSLVersionTest, AutoChain) {
2765 cert_ = GetChainTestCertificate();
2766 ASSERT_TRUE(cert_);
2767 key_ = GetChainTestKey();
2768 ASSERT_TRUE(key_);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2769 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2770 ASSERT_TRUE(intermediate);
2771
2772 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2773 ASSERT_TRUE(UseCertAndKey(server_ctx_.get()));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2774
2775 // Configure both client and server to accept any certificate. Add
2776 // |intermediate| to the cert store.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2777 ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(client_ctx_.get()),
2778 intermediate.get()));
2779 ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(server_ctx_.get()),
2780 intermediate.get()));
2781 SSL_CTX_set_verify(client_ctx_.get(),
2782 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2783 nullptr);
2784 SSL_CTX_set_verify(server_ctx_.get(),
2785 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2786 nullptr);
2787 SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL);
2788 SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL);
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2789
2790 // By default, the client and server should each only send the leaf.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2791 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2792
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2793 EXPECT_TRUE(
2794 ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()), {cert_.get()}));
2795 EXPECT_TRUE(
2796 ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()), {cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2797
2798 // If auto-chaining is enabled, then the intermediate is sent.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2799 SSL_CTX_clear_mode(client_ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
2800 SSL_CTX_clear_mode(server_ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
2801 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2802
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2803 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()),
2804 {cert_.get(), intermediate.get()}));
2805 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()),
2806 {cert_.get(), intermediate.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2807
2808 // Auto-chaining does not override explicitly-configured intermediates.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2809 ASSERT_TRUE(SSL_CTX_add1_chain_cert(client_ctx_.get(), cert_.get()));
2810 ASSERT_TRUE(SSL_CTX_add1_chain_cert(server_ctx_.get(), cert_.get()));
2811 ASSERT_TRUE(Connect());
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2812
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2813 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(client_.get()),
2814 {cert_.get(), cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2815
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2816 EXPECT_TRUE(ChainsEqual(SSL_get_peer_full_cert_chain(server_.get()),
2817 {cert_.get(), cert_.get()}));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2818}
2819
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2820static bool ExpectBadWriteRetry() {
2821 int err = ERR_get_error();
2822 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2823 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2824 char buf[ERR_ERROR_STRING_BUF_LEN];
2825 ERR_error_string_n(err, buf, sizeof(buf));
2826 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2827 return false;
2828 }
2829
2830 if (ERR_peek_error() != 0) {
2831 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2832 return false;
2833 }
2834
2835 return true;
2836}
2837
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2838TEST_P(SSLVersionTest, SSLWriteRetry) {
2839 if (is_dtls()) {
2840 return;
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2841 }
2842
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2843 for (bool enable_partial_write : {false, true}) {
2844 SCOPED_TRACE(enable_partial_write);
2845
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2846 // Connect a client and server.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2847 ASSERT_TRUE(UseCertAndKey(client_ctx_.get()));
2848
2849 ASSERT_TRUE(Connect());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2850
2851 if (enable_partial_write) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2852 SSL_set_mode(client_.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2853 }
2854
2855 // Write without reading until the buffer is full and we have an unfinished
2856 // write. Keep a count so we may reread it again later. "hello!" will be
2857 // written in two chunks, "hello" and "!".
2858 char data[] = "hello!";
2859 static const int kChunkLen = 5; // The length of "hello".
2860 unsigned count = 0;
2861 for (;;) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2862 int ret = SSL_write(client_.get(), data, kChunkLen);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2863 if (ret <= 0) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2864 ASSERT_EQ(SSL_get_error(client_.get(), ret), SSL_ERROR_WANT_WRITE);
2865 break;
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2866 }
2867
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2868 ASSERT_EQ(ret, 5);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2869
2870 count++;
2871 }
2872
2873 // Retrying with the same parameters is legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2874 ASSERT_EQ(
2875 SSL_get_error(client_.get(), SSL_write(client_.get(), data, kChunkLen)),
2876 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2877
2878 // Retrying with the same buffer but shorter length is not legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2879 ASSERT_EQ(SSL_get_error(client_.get(),
2880 SSL_write(client_.get(), data, kChunkLen - 1)),
2881 SSL_ERROR_SSL);
2882 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2883
2884 // Retrying with a different buffer pointer is not legal.
2885 char data2[] = "hello";
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2886 ASSERT_EQ(SSL_get_error(client_.get(),
2887 SSL_write(client_.get(), data2, kChunkLen)),
2888 SSL_ERROR_SSL);
2889 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2890
2891 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2892 SSL_set_mode(client_.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2893 ASSERT_EQ(SSL_get_error(client_.get(),
2894 SSL_write(client_.get(), data2, kChunkLen)),
2895 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2896
2897 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2898 ASSERT_EQ(SSL_get_error(client_.get(),
2899 SSL_write(client_.get(), data2, kChunkLen - 1)),
2900 SSL_ERROR_SSL);
2901 ASSERT_TRUE(ExpectBadWriteRetry());
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2902
2903 // Retrying with a larger buffer is legal.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2904 ASSERT_EQ(SSL_get_error(client_.get(),
2905 SSL_write(client_.get(), data, kChunkLen + 1)),
2906 SSL_ERROR_WANT_WRITE);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2907
2908 // Drain the buffer.
2909 char buf[20];
2910 for (unsigned i = 0; i < count; i++) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2911 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), kChunkLen);
2912 ASSERT_EQ(OPENSSL_memcmp(buf, "hello", kChunkLen), 0);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2913 }
2914
2915 // Now that there is space, a retry with a larger buffer should flush the
2916 // pending record, skip over that many bytes of input (on assumption they
2917 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
2918 // is set, this will complete in two steps.
2919 char data3[] = "_____!";
2920 if (enable_partial_write) {
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2921 ASSERT_EQ(SSL_write(client_.get(), data3, kChunkLen + 1), kChunkLen);
2922 ASSERT_EQ(SSL_write(client_.get(), data3 + kChunkLen, 1), 1);
2923 } else {
2924 ASSERT_EQ(SSL_write(client_.get(), data3, kChunkLen + 1), kChunkLen + 1);
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2925 }
2926
2927 // Check the last write was correct. The data will be spread over two
2928 // records, so SSL_read returns twice.
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2929 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), kChunkLen);
2930 ASSERT_EQ(OPENSSL_memcmp(buf, "hello", kChunkLen), 0);
2931 ASSERT_EQ(SSL_read(server_.get(), buf, sizeof(buf)), 1);
2932 ASSERT_EQ(buf[0], '!');
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2933 }
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2934}
2935
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2936TEST_P(SSLVersionTest, RecordCallback) {
2937 for (bool test_server : {true, false}) {
2938 SCOPED_TRACE(test_server);
2939 ResetContexts();
David Benjamin5df5be12017-06-22 19:43:11 -0400[diff] [blame]2940
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2941 bool read_seen = false;
2942 bool write_seen = false;
2943 auto cb = [&](int is_write, int cb_version, int cb_type, const void *buf,
2944 size_t len, SSL *ssl) {
2945 if (cb_type != SSL3_RT_HEADER) {
2946 return;
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]2947 }
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2948
2949 // The callback does not report a version for records.
2950 EXPECT_EQ(0, cb_version);
2951
2952 if (is_write) {
2953 write_seen = true;
2954 } else {
2955 read_seen = true;
2956 }
2957
2958 // Sanity-check that the record header is plausible.
2959 CBS cbs;
2960 CBS_init(&cbs, reinterpret_cast<const uint8_t *>(buf), len);
2961 uint8_t type;
2962 uint16_t record_version, length;
2963 ASSERT_TRUE(CBS_get_u8(&cbs, &type));
2964 ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
Steven Valdez64cc1212017-12-04 11:15:37 -0500[diff] [blame]2965 EXPECT_EQ(record_version & 0xff00, version() & 0xff00);
Martin Kreichgauer1a663262017-08-16 14:54:04 -0700[diff] [blame]2966 if (is_dtls()) {
2967 uint16_t epoch;
2968 ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
2969 EXPECT_TRUE(epoch == 0 || epoch == 1) << "Invalid epoch: " << epoch;
2970 ASSERT_TRUE(CBS_skip(&cbs, 6));
2971 }
2972 ASSERT_TRUE(CBS_get_u16(&cbs, &length));
2973 EXPECT_EQ(0u, CBS_len(&cbs));
2974 };
2975 using CallbackType = decltype(cb);
2976 SSL_CTX *ctx = test_server ? server_ctx_.get() : client_ctx_.get();
2977 SSL_CTX_set_msg_callback(
2978 ctx, [](int is_write, int cb_version, int cb_type, const void *buf,
2979 size_t len, SSL *ssl, void *arg) {
2980 CallbackType *cb_ptr = reinterpret_cast<CallbackType *>(arg);
2981 (*cb_ptr)(is_write, cb_version, cb_type, buf, len, ssl);
2982 });
2983 SSL_CTX_set_msg_callback_arg(ctx, &cb);
2984
2985 ASSERT_TRUE(Connect());
2986
2987 EXPECT_TRUE(read_seen);
2988 EXPECT_TRUE(write_seen);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2989 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2990}
2991
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]2992TEST_P(SSLVersionTest, GetServerName) {
2993 // No extensions in SSL 3.0.
2994 if (version() == SSL3_VERSION) {
2995 return;
2996 }
2997
2998 ClientConfig config;
2999 config.servername = "host1";
3000
3001 SSL_CTX_set_tlsext_servername_callback(
3002 server_ctx_.get(), [](SSL *ssl, int *out_alert, void *arg) -> int {
3003 // During the handshake, |SSL_get_servername| must match |config|.
3004 ClientConfig *config_p = reinterpret_cast<ClientConfig *>(arg);
3005 EXPECT_STREQ(config_p->servername.c_str(),
3006 SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name));
3007 return SSL_TLSEXT_ERR_OK;
3008 });
3009 SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), &config);
3010
3011 ASSERT_TRUE(Connect(config));
3012 // After the handshake, it must also be available.
3013 EXPECT_STREQ(config.servername.c_str(),
3014 SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name));
3015
3016 // Establish a session under host1.
3017 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
3018 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
3019 bssl::UniquePtr<SSL_SESSION> session =
3020 CreateClientSession(client_ctx_.get(), server_ctx_.get(), config);
3021
3022 // If the client resumes a session with a different name, |SSL_get_servername|
3023 // must return the new name.
3024 ASSERT_TRUE(session);
3025 config.session = session.get();
3026 config.servername = "host2";
3027 ASSERT_TRUE(Connect(config));
3028 EXPECT_STREQ(config.servername.c_str(),
3029 SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name));
3030}
3031
David Benjamin3d8f0802017-09-06 16:12:52 -0400[diff] [blame]3032// Test that session cache mode bits are honored in the client session callback.
3033TEST_P(SSLVersionTest, ClientSessionCacheMode) {
3034 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_OFF);
3035 EXPECT_FALSE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3036
3037 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_CLIENT);
3038 EXPECT_TRUE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3039
3040 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_SERVER);
3041 EXPECT_FALSE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
3042}
3043
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3044TEST(SSLTest, AddChainCertHack) {
3045 // Ensure that we don't accidently break the hack that we have in place to
3046 // keep curl and serf happy when they use an |X509| even after transfering
3047 // ownership.
3048
3049 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3050 ASSERT_TRUE(ctx);
3051 X509 *cert = GetTestCertificate().release();
3052 ASSERT_TRUE(cert);
3053 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3054
3055 // This should not trigger a use-after-free.
3056 X509_cmp(cert, cert);
3057}
3058
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3059TEST(SSLTest, GetCertificate) {
3060 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3061 ASSERT_TRUE(ctx);
3062 bssl::UniquePtr<X509> cert = GetTestCertificate();
3063 ASSERT_TRUE(cert);
3064 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3065 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3066 ASSERT_TRUE(ssl);
3067
3068 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3069 ASSERT_TRUE(cert2);
3070 X509 *cert3 = SSL_get_certificate(ssl.get());
3071 ASSERT_TRUE(cert3);
3072
3073 // The old and new certificates must be identical.
3074 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3075 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3076
3077 uint8_t *der = nullptr;
3078 long der_len = i2d_X509(cert.get(), &der);
3079 ASSERT_LT(0, der_len);
3080 bssl::UniquePtr<uint8_t> free_der(der);
3081
3082 uint8_t *der2 = nullptr;
3083 long der2_len = i2d_X509(cert2, &der2);
3084 ASSERT_LT(0, der2_len);
3085 bssl::UniquePtr<uint8_t> free_der2(der2);
3086
3087 uint8_t *der3 = nullptr;
3088 long der3_len = i2d_X509(cert3, &der3);
3089 ASSERT_LT(0, der3_len);
3090 bssl::UniquePtr<uint8_t> free_der3(der3);
3091
3092 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3093 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3094 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3095}
3096
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3097TEST(SSLTest, SetChainAndKeyMismatch) {
3098 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_with_buffers_method()));
3099 ASSERT_TRUE(ctx);
3100
3101 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3102 ASSERT_TRUE(key);
3103 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3104 ASSERT_TRUE(leaf);
3105 std::vector<CRYPTO_BUFFER*> chain = {
3106 leaf.get(),
3107 };
3108
3109 // Should fail because |GetTestKey| doesn't match the chain-test certificate.
3110 ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), &chain[0], chain.size(),
3111 key.get(), nullptr));
3112 ERR_clear_error();
3113}
3114
3115TEST(SSLTest, SetChainAndKey) {
3116 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3117 ASSERT_TRUE(client_ctx);
3118 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3119 ASSERT_TRUE(server_ctx);
3120
3121 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3122 ASSERT_TRUE(key);
3123 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3124 ASSERT_TRUE(leaf);
3125 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3126 GetChainTestIntermediateBuffer();
3127 ASSERT_TRUE(intermediate);
3128 std::vector<CRYPTO_BUFFER*> chain = {
3129 leaf.get(), intermediate.get(),
3130 };
3131 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3132 chain.size(), key.get(), nullptr));
3133
David Benjamin3a1dd462017-07-11 16:13:10 -0400[diff] [blame]3134 SSL_CTX_set_custom_verify(
3135 client_ctx.get(), SSL_VERIFY_PEER,
3136 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3137 return ssl_verify_ok;
3138 });
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3139
3140 bssl::UniquePtr<SSL> client, server;
3141 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3142 server_ctx.get()));
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]3143}
3144
Matthew Braithwaite5301c102018-01-23 12:08:55 -0800[diff] [blame]3145TEST(SSLTest, BuffersFailWithoutCustomVerify) {
3146 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3147 ASSERT_TRUE(client_ctx);
3148 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3149 ASSERT_TRUE(server_ctx);
3150
3151 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3152 ASSERT_TRUE(key);
3153 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3154 ASSERT_TRUE(leaf);
3155 std::vector<CRYPTO_BUFFER*> chain = { leaf.get() };
3156 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3157 chain.size(), key.get(), nullptr));
3158
3159 // Without SSL_CTX_set_custom_verify(), i.e. with everything in the default
3160 // configuration, certificate verification should fail.
3161 bssl::UniquePtr<SSL> client, server;
3162 ASSERT_FALSE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3163 server_ctx.get()));
3164
3165 // Whereas with a verifier, the connection should succeed.
3166 SSL_CTX_set_custom_verify(
3167 client_ctx.get(), SSL_VERIFY_PEER,
3168 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3169 return ssl_verify_ok;
3170 });
3171 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3172 server_ctx.get()));
3173}
3174
3175TEST(SSLTest, CustomVerify) {
3176 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3177 ASSERT_TRUE(client_ctx);
3178 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3179 ASSERT_TRUE(server_ctx);
3180
3181 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3182 ASSERT_TRUE(key);
3183 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3184 ASSERT_TRUE(leaf);
3185 std::vector<CRYPTO_BUFFER*> chain = { leaf.get() };
3186 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3187 chain.size(), key.get(), nullptr));
3188
3189 SSL_CTX_set_custom_verify(
3190 client_ctx.get(), SSL_VERIFY_PEER,
3191 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3192 return ssl_verify_ok;
3193 });
3194
3195 bssl::UniquePtr<SSL> client, server;
3196 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3197 server_ctx.get()));
3198
3199 // With SSL_VERIFY_PEER, ssl_verify_invalid should result in a dropped
3200 // connection.
3201 SSL_CTX_set_custom_verify(
3202 client_ctx.get(), SSL_VERIFY_PEER,
3203 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3204 return ssl_verify_invalid;
3205 });
3206
3207 ASSERT_FALSE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3208 server_ctx.get()));
3209
3210 // But with SSL_VERIFY_NONE, ssl_verify_invalid should not cause a dropped
3211 // connection.
3212 SSL_CTX_set_custom_verify(
3213 client_ctx.get(), SSL_VERIFY_NONE,
3214 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3215 return ssl_verify_invalid;
3216 });
3217
3218 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3219 server_ctx.get()));
3220}
3221
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3222TEST(SSLTest, ClientCABuffers) {
3223 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3224 ASSERT_TRUE(client_ctx);
3225 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_with_buffers_method()));
3226 ASSERT_TRUE(server_ctx);
3227
3228 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
3229 ASSERT_TRUE(key);
3230 bssl::UniquePtr<CRYPTO_BUFFER> leaf = GetChainTestCertificateBuffer();
3231 ASSERT_TRUE(leaf);
3232 bssl::UniquePtr<CRYPTO_BUFFER> intermediate =
3233 GetChainTestIntermediateBuffer();
3234 ASSERT_TRUE(intermediate);
3235 std::vector<CRYPTO_BUFFER *> chain = {
3236 leaf.get(),
3237 intermediate.get(),
3238 };
3239 ASSERT_TRUE(SSL_CTX_set_chain_and_key(server_ctx.get(), &chain[0],
3240 chain.size(), key.get(), nullptr));
3241
3242 bssl::UniquePtr<CRYPTO_BUFFER> ca_name(
3243 CRYPTO_BUFFER_new(kTestName, sizeof(kTestName), nullptr));
3244 ASSERT_TRUE(ca_name);
3245 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names(
3246 sk_CRYPTO_BUFFER_new_null());
3247 ASSERT_TRUE(ca_names);
3248 ASSERT_TRUE(sk_CRYPTO_BUFFER_push(ca_names.get(), ca_name.get()));
3249 ca_name.release();
3250 SSL_CTX_set0_client_CAs(server_ctx.get(), ca_names.release());
3251
3252 // Configure client and server to accept all certificates.
3253 SSL_CTX_set_custom_verify(
3254 client_ctx.get(), SSL_VERIFY_PEER,
3255 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3256 return ssl_verify_ok;
3257 });
3258 SSL_CTX_set_custom_verify(
3259 server_ctx.get(), SSL_VERIFY_PEER,
3260 [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t {
3261 return ssl_verify_ok;
3262 });
3263
3264 bool cert_cb_called = false;
3265 SSL_CTX_set_cert_cb(
3266 client_ctx.get(),
3267 [](SSL *ssl, void *arg) -> int {
3268 STACK_OF(CRYPTO_BUFFER) *peer_names =
3269 SSL_get0_server_requested_CAs(ssl);
3270 EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
3271 CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
3272 EXPECT_EQ(Bytes(kTestName), Bytes(CRYPTO_BUFFER_data(peer_name),
3273 CRYPTO_BUFFER_len(peer_name)));
3274 *reinterpret_cast<bool *>(arg) = true;
3275 return 1;
3276 },
3277 &cert_cb_called);
3278
3279 bssl::UniquePtr<SSL> client, server;
3280 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3281 server_ctx.get()));
David Benjamin71dfad42017-07-16 17:27:39 -0400[diff] [blame]3282 EXPECT_TRUE(cert_cb_called);
3283}
3284
David Benjamin91222b82017-03-09 20:10:56 -0500[diff] [blame]3285// Configuring the empty cipher list, though an error, should still modify the
3286// configuration.
3287TEST(SSLTest, EmptyCipherList) {
3288 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3289 ASSERT_TRUE(ctx);
3290
3291 // Initially, the cipher list is not empty.
3292 EXPECT_NE(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3293
3294 // Configuring the empty cipher list fails.
3295 EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), ""));
3296 ERR_clear_error();
3297
3298 // But the cipher list is still updated to empty.
3299 EXPECT_EQ(0u, sk_SSL_CIPHER_num(SSL_CTX_get_ciphers(ctx.get())));
3300}
3301
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3302// ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the
3303// test |SSL_TICKET_AEAD_METHOD| can fail.
3304enum ssl_test_ticket_aead_failure_mode {
3305 ssl_test_ticket_aead_ok = 0,
3306 ssl_test_ticket_aead_seal_fail,
3307 ssl_test_ticket_aead_open_soft_fail,
3308 ssl_test_ticket_aead_open_hard_fail,
3309};
3310
3311struct ssl_test_ticket_aead_state {
3312 unsigned retry_count;
3313 ssl_test_ticket_aead_failure_mode failure_mode;
3314};
3315
3316static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to,
3317 const CRYPTO_EX_DATA *from,
3318 void **from_d, int index,
3319 long argl, void *argp) {
3320 abort();
3321}
3322
3323static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr,
3324 CRYPTO_EX_DATA *ad, int index,
3325 long argl, void *argp) {
3326 auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr);
3327 if (state == nullptr) {
3328 return;
3329 }
3330
3331 OPENSSL_free(state);
3332}
3333
3334static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT;
3335static int g_ssl_test_ticket_aead_ex_index;
3336
3337static int ssl_test_ticket_aead_get_ex_index() {
3338 CRYPTO_once(&g_ssl_test_ticket_aead_ex_index_once, [] {
3339 g_ssl_test_ticket_aead_ex_index = SSL_get_ex_new_index(
3340 0, nullptr, nullptr, ssl_test_ticket_aead_ex_index_dup,
3341 ssl_test_ticket_aead_ex_index_free);
3342 });
3343 return g_ssl_test_ticket_aead_ex_index;
3344}
3345
3346static size_t ssl_test_ticket_aead_max_overhead(SSL *ssl) {
3347 return 1;
3348}
3349
3350static int ssl_test_ticket_aead_seal(SSL *ssl, uint8_t *out, size_t *out_len,
3351 size_t max_out_len, const uint8_t *in,
3352 size_t in_len) {
3353 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3354 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3355
3356 if (state->failure_mode == ssl_test_ticket_aead_seal_fail ||
3357 max_out_len < in_len + 1) {
3358 return 0;
3359 }
3360
3361 OPENSSL_memmove(out, in, in_len);
3362 out[in_len] = 0xff;
3363 *out_len = in_len + 1;
3364
3365 return 1;
3366}
3367
3368static ssl_ticket_aead_result_t ssl_test_ticket_aead_open(
3369 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
3370 const uint8_t *in, size_t in_len) {
3371 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3372 SSL_get_ex_data(ssl, ssl_test_ticket_aead_get_ex_index()));
3373
3374 if (state->retry_count > 0) {
3375 state->retry_count--;
3376 return ssl_ticket_aead_retry;
3377 }
3378
3379 switch (state->failure_mode) {
3380 case ssl_test_ticket_aead_ok:
3381 break;
3382 case ssl_test_ticket_aead_seal_fail:
3383 // If |seal| failed then there shouldn't be any ticket to try and
3384 // decrypt.
3385 abort();
3386 break;
3387 case ssl_test_ticket_aead_open_soft_fail:
3388 return ssl_ticket_aead_ignore_ticket;
3389 case ssl_test_ticket_aead_open_hard_fail:
3390 return ssl_ticket_aead_error;
3391 }
3392
3393 if (in_len == 0 || in[in_len - 1] != 0xff) {
3394 return ssl_ticket_aead_ignore_ticket;
3395 }
3396
3397 if (max_out_len < in_len - 1) {
3398 return ssl_ticket_aead_error;
3399 }
3400
3401 OPENSSL_memmove(out, in, in_len - 1);
3402 *out_len = in_len - 1;
3403 return ssl_ticket_aead_success;
3404}
3405
3406static const SSL_TICKET_AEAD_METHOD kSSLTestTicketMethod = {
3407 ssl_test_ticket_aead_max_overhead,
3408 ssl_test_ticket_aead_seal,
3409 ssl_test_ticket_aead_open,
3410};
3411
3412static void ConnectClientAndServerWithTicketMethod(
3413 bssl::UniquePtr<SSL> *out_client, bssl::UniquePtr<SSL> *out_server,
3414 SSL_CTX *client_ctx, SSL_CTX *server_ctx, unsigned retry_count,
3415 ssl_test_ticket_aead_failure_mode failure_mode, SSL_SESSION *session) {
3416 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
3417 ASSERT_TRUE(client);
3418 ASSERT_TRUE(server);
3419 SSL_set_connect_state(client.get());
3420 SSL_set_accept_state(server.get());
3421
3422 auto state = reinterpret_cast<ssl_test_ticket_aead_state *>(
3423 OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state)));
3424 ASSERT_TRUE(state);
3425 OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state));
3426 state->retry_count = retry_count;
3427 state->failure_mode = failure_mode;
3428
3429 ASSERT_TRUE(SSL_set_ex_data(server.get(), ssl_test_ticket_aead_get_ex_index(),
3430 state));
3431
3432 SSL_set_session(client.get(), session);
3433
3434 BIO *bio1, *bio2;
3435 ASSERT_TRUE(BIO_new_bio_pair(&bio1, 0, &bio2, 0));
3436
3437 // SSL_set_bio takes ownership.
3438 SSL_set_bio(client.get(), bio1, bio1);
3439 SSL_set_bio(server.get(), bio2, bio2);
3440
3441 if (CompleteHandshakes(client.get(), server.get())) {
3442 *out_client = std::move(client);
3443 *out_server = std::move(server);
3444 } else {
3445 out_client->reset();
3446 out_server->reset();
3447 }
3448}
3449
3450class TicketAEADMethodTest
3451 : public ::testing::TestWithParam<testing::tuple<
3452 uint16_t, unsigned, ssl_test_ticket_aead_failure_mode>> {};
3453
3454TEST_P(TicketAEADMethodTest, Resume) {
3455 bssl::UniquePtr<X509> cert = GetTestCertificate();
3456 ASSERT_TRUE(cert);
3457 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3458 ASSERT_TRUE(key);
3459
3460 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3461 ASSERT_TRUE(server_ctx);
3462 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3463 ASSERT_TRUE(client_ctx);
3464
3465 const uint16_t version = testing::get<0>(GetParam());
3466 const unsigned retry_count = testing::get<1>(GetParam());
3467 const ssl_test_ticket_aead_failure_mode failure_mode =
3468 testing::get<2>(GetParam());
3469
3470 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3471 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3472 ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), version));
3473 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), version));
3474 ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), version));
3475 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), version));
3476
3477 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
3478 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
3479 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
3480 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3481 SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3482
3483 SSL_CTX_set_ticket_aead_method(server_ctx.get(), &kSSLTestTicketMethod);
3484
3485 bssl::UniquePtr<SSL> client, server;
3486 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3487 server_ctx.get(), retry_count,
3488 failure_mode, nullptr);
3489 switch (failure_mode) {
3490 case ssl_test_ticket_aead_ok:
3491 case ssl_test_ticket_aead_open_hard_fail:
3492 case ssl_test_ticket_aead_open_soft_fail:
3493 ASSERT_TRUE(client);
3494 break;
3495 case ssl_test_ticket_aead_seal_fail:
3496 EXPECT_FALSE(client);
3497 return;
3498 }
3499 EXPECT_FALSE(SSL_session_reused(client.get()));
3500 EXPECT_FALSE(SSL_session_reused(server.get()));
3501
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3502 // Run the read loop to account for post-handshake tickets in TLS 1.3.
3503 SSL_read(client.get(), nullptr, 0);
3504
3505 bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session);
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3506 ConnectClientAndServerWithTicketMethod(&client, &server, client_ctx.get(),
3507 server_ctx.get(), retry_count,
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3508 failure_mode, session.get());
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3509 switch (failure_mode) {
3510 case ssl_test_ticket_aead_ok:
3511 ASSERT_TRUE(client);
3512 EXPECT_TRUE(SSL_session_reused(client.get()));
3513 EXPECT_TRUE(SSL_session_reused(server.get()));
3514 break;
3515 case ssl_test_ticket_aead_seal_fail:
3516 abort();
3517 break;
3518 case ssl_test_ticket_aead_open_hard_fail:
3519 EXPECT_FALSE(client);
3520 break;
3521 case ssl_test_ticket_aead_open_soft_fail:
3522 ASSERT_TRUE(client);
3523 EXPECT_FALSE(SSL_session_reused(client.get()));
3524 EXPECT_FALSE(SSL_session_reused(server.get()));
3525 }
3526}
3527
3528INSTANTIATE_TEST_CASE_P(
3529 TicketAEADMethodTests, TicketAEADMethodTest,
3530 testing::Combine(
David Benjamin707af292017-03-10 17:47:18 -0500[diff] [blame]3531 testing::Values(TLS1_2_VERSION, TLS1_3_VERSION),
Adam Langley4c341d02017-03-08 19:33:21 -0800[diff] [blame]3532 testing::Values(0, 1, 2),
3533 testing::Values(ssl_test_ticket_aead_ok,
3534 ssl_test_ticket_aead_seal_fail,
3535 ssl_test_ticket_aead_open_soft_fail,
3536 ssl_test_ticket_aead_open_hard_fail)));
3537
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3538TEST(SSLTest, SSL3Method) {
3539 bssl::UniquePtr<X509> cert = GetTestCertificate();
3540 ASSERT_TRUE(cert);
3541
3542 // For compatibility, SSLv3_method should work up to SSL_CTX_new and SSL_new.
3543 bssl::UniquePtr<SSL_CTX> ssl3_ctx(SSL_CTX_new(SSLv3_method()));
3544 ASSERT_TRUE(ssl3_ctx);
3545 ASSERT_TRUE(SSL_CTX_use_certificate(ssl3_ctx.get(), cert.get()));
3546 bssl::UniquePtr<SSL> ssl(SSL_new(ssl3_ctx.get()));
3547 EXPECT_TRUE(ssl);
3548
3549 // Create a normal TLS context to test against.
3550 bssl::UniquePtr<SSL_CTX> tls_ctx(SSL_CTX_new(TLS_method()));
3551 ASSERT_TRUE(tls_ctx);
3552 ASSERT_TRUE(SSL_CTX_use_certificate(tls_ctx.get(), cert.get()));
3553
3554 // However, handshaking an SSLv3_method server should fail to resolve the
3555 // version range. Explicit calls to SSL_CTX_set_min_proto_version are the only
3556 // way to enable SSL 3.0.
3557 bssl::UniquePtr<SSL> client, server;
3558 EXPECT_FALSE(ConnectClientAndServer(&client, &server, tls_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3559 ssl3_ctx.get()));
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3560 uint32_t err = ERR_get_error();
3561 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3562 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3563
3564 // Likewise for SSLv3_method clients.
3565 EXPECT_FALSE(ConnectClientAndServer(&client, &server, ssl3_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3566 tls_ctx.get()));
David Benjamin3cfeb952017-03-01 16:48:38 -0500[diff] [blame]3567 err = ERR_get_error();
3568 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3569 EXPECT_EQ(SSL_R_NO_SUPPORTED_VERSIONS_ENABLED, ERR_GET_REASON(err));
3570}
3571
David Benjaminca743582017-06-15 17:51:35 -0400[diff] [blame]3572TEST(SSLTest, SelectNextProto) {
3573 uint8_t *result;
3574 uint8_t result_len;
3575
3576 // If there is an overlap, it should be returned.
3577 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3578 SSL_select_next_proto(&result, &result_len,
3579 (const uint8_t *)"\1a\2bb\3ccc", 9,
3580 (const uint8_t *)"\1x\1y\1a\1z", 8));
3581 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3582
3583 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3584 SSL_select_next_proto(&result, &result_len,
3585 (const uint8_t *)"\1a\2bb\3ccc", 9,
3586 (const uint8_t *)"\1x\1y\2bb\1z", 9));
3587 EXPECT_EQ(Bytes("bb"), Bytes(result, result_len));
3588
3589 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3590 SSL_select_next_proto(&result, &result_len,
3591 (const uint8_t *)"\1a\2bb\3ccc", 9,
3592 (const uint8_t *)"\1x\1y\3ccc\1z", 10));
3593 EXPECT_EQ(Bytes("ccc"), Bytes(result, result_len));
3594
3595 // Peer preference order takes precedence over local.
3596 EXPECT_EQ(OPENSSL_NPN_NEGOTIATED,
3597 SSL_select_next_proto(&result, &result_len,
3598 (const uint8_t *)"\1a\2bb\3ccc", 9,
3599 (const uint8_t *)"\3ccc\2bb\1a", 9));
3600 EXPECT_EQ(Bytes("a"), Bytes(result, result_len));
3601
3602 // If there is no overlap, return the first local protocol.
3603 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3604 SSL_select_next_proto(&result, &result_len,
3605 (const uint8_t *)"\1a\2bb\3ccc", 9,
3606 (const uint8_t *)"\1x\2yy\3zzz", 9));
3607 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3608
3609 EXPECT_EQ(OPENSSL_NPN_NO_OVERLAP,
3610 SSL_select_next_proto(&result, &result_len, nullptr, 0,
3611 (const uint8_t *)"\1x\2yy\3zzz", 9));
3612 EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
3613}
3614
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3615TEST(SSLTest, SealRecord) {
3616 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3617 server_ctx(SSL_CTX_new(TLS_method()));
3618 ASSERT_TRUE(client_ctx);
3619 ASSERT_TRUE(server_ctx);
3620
3621 bssl::UniquePtr<X509> cert = GetTestCertificate();
3622 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3623 ASSERT_TRUE(cert);
3624 ASSERT_TRUE(key);
3625 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3626 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3627
3628 bssl::UniquePtr<SSL> client, server;
3629 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3630 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3631
3632 const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3633 std::vector<uint8_t> prefix(
3634 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3635 body(record.size()),
3636 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3637 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3638 bssl::MakeSpan(body), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3639 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3640
3641 std::vector<uint8_t> sealed;
3642 sealed.insert(sealed.end(), prefix.begin(), prefix.end());
3643 sealed.insert(sealed.end(), body.begin(), body.end());
3644 sealed.insert(sealed.end(), suffix.begin(), suffix.end());
3645 std::vector<uint8_t> sealed_copy = sealed;
3646
3647 bssl::Span<uint8_t> plaintext;
3648 size_t record_len;
3649 uint8_t alert = 255;
3650 EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
3651 bssl::MakeSpan(sealed)),
3652 bssl::OpenRecordResult::kOK);
3653 EXPECT_EQ(record_len, sealed.size());
3654 EXPECT_EQ(plaintext, record);
3655 EXPECT_EQ(255, alert);
3656}
3657
3658TEST(SSLTest, SealRecordInPlace) {
3659 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3660 server_ctx(SSL_CTX_new(TLS_method()));
3661 ASSERT_TRUE(client_ctx);
3662 ASSERT_TRUE(server_ctx);
3663
3664 bssl::UniquePtr<X509> cert = GetTestCertificate();
3665 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3666 ASSERT_TRUE(cert);
3667 ASSERT_TRUE(key);
3668 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3669 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3670
3671 bssl::UniquePtr<SSL> client, server;
3672 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3673 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3674
3675 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3676 std::vector<uint8_t> record = plaintext;
3677 std::vector<uint8_t> prefix(
3678 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3679 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3680 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3681 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3682 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3683 record.insert(record.begin(), prefix.begin(), prefix.end());
3684 record.insert(record.end(), suffix.begin(), suffix.end());
3685
3686 bssl::Span<uint8_t> result;
3687 size_t record_len;
3688 uint8_t alert;
3689 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3690 bssl::MakeSpan(record)),
3691 bssl::OpenRecordResult::kOK);
3692 EXPECT_EQ(record_len, record.size());
3693 EXPECT_EQ(plaintext, result);
3694}
3695
3696TEST(SSLTest, SealRecordTrailingData) {
3697 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3698 server_ctx(SSL_CTX_new(TLS_method()));
3699 ASSERT_TRUE(client_ctx);
3700 ASSERT_TRUE(server_ctx);
3701
3702 bssl::UniquePtr<X509> cert = GetTestCertificate();
3703 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3704 ASSERT_TRUE(cert);
3705 ASSERT_TRUE(key);
3706 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3707 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3708
3709 bssl::UniquePtr<SSL> client, server;
3710 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3711 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3712
3713 const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
3714 std::vector<uint8_t> record = plaintext;
3715 std::vector<uint8_t> prefix(
3716 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3717 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3718 ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3719 bssl::MakeSpan(record), bssl::MakeSpan(suffix),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3720 record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3721 record.insert(record.begin(), prefix.begin(), prefix.end());
3722 record.insert(record.end(), suffix.begin(), suffix.end());
3723 record.insert(record.end(), {5, 4, 3, 2, 1});
3724
3725 bssl::Span<uint8_t> result;
3726 size_t record_len;
3727 uint8_t alert;
3728 EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
3729 bssl::MakeSpan(record)),
3730 bssl::OpenRecordResult::kOK);
3731 EXPECT_EQ(record_len, record.size() - 5);
3732 EXPECT_EQ(plaintext, result);
3733}
3734
3735TEST(SSLTest, SealRecordInvalidSpanSize) {
3736 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
3737 server_ctx(SSL_CTX_new(TLS_method()));
3738 ASSERT_TRUE(client_ctx);
3739 ASSERT_TRUE(server_ctx);
3740
3741 bssl::UniquePtr<X509> cert = GetTestCertificate();
3742 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3743 ASSERT_TRUE(cert);
3744 ASSERT_TRUE(key);
3745 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
3746 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
3747
3748 bssl::UniquePtr<SSL> client, server;
3749 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina8614602017-09-06 15:40:19 -0400[diff] [blame]3750 server_ctx.get()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3751
3752 std::vector<uint8_t> record = {1, 2, 3, 4, 5};
3753 std::vector<uint8_t> prefix(
3754 bssl::SealRecordPrefixLen(client.get(), record.size())),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3755 body(record.size()),
3756 suffix(bssl::SealRecordSuffixLen(client.get(), record.size()));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3757
3758 auto expect_err = []() {
3759 int err = ERR_get_error();
3760 EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
3761 EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
3762 ERR_clear_error();
3763 };
3764 EXPECT_FALSE(bssl::SealRecord(
3765 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3766 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3767 expect_err();
3768 EXPECT_FALSE(bssl::SealRecord(
3769 client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3770 bssl::MakeSpan(record), bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3771 expect_err();
3772
3773 EXPECT_FALSE(
3774 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3775 bssl::MakeSpan(record.data(), record.size() - 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3776 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3777 expect_err();
3778 EXPECT_FALSE(
3779 bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
3780 bssl::MakeSpan(record.data(), record.size() + 1),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3781 bssl::MakeSpan(suffix), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3782 expect_err();
3783
3784 EXPECT_FALSE(bssl::SealRecord(
3785 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3786 bssl::MakeSpan(suffix.data(), suffix.size() - 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3787 expect_err();
3788 EXPECT_FALSE(bssl::SealRecord(
3789 client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
Martin Kreichgauerabbf3652017-07-21 16:27:54 -0700[diff] [blame]3790 bssl::MakeSpan(suffix.data(), suffix.size() + 1), record));
Martin Kreichgauer17c30572017-07-18 12:42:18 -0700[diff] [blame]3791 expect_err();
3792}
3793
David Benjamin617b8182017-08-29 15:33:10 -0400[diff] [blame]3794// The client should gracefully handle no suitable ciphers being enabled.
3795TEST(SSLTest, NoCiphersAvailable) {
3796 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3797 ASSERT_TRUE(ctx);
3798
3799 // Configure |client_ctx| with a cipher list that does not intersect with its
3800 // version configuration.
3801 ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(
3802 ctx.get(), "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
3803 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
3804
3805 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3806 ASSERT_TRUE(ssl);
3807 SSL_set_connect_state(ssl.get());
3808
3809 UniquePtr<BIO> rbio(BIO_new(BIO_s_mem())), wbio(BIO_new(BIO_s_mem()));
3810 ASSERT_TRUE(rbio);
3811 ASSERT_TRUE(wbio);
3812 SSL_set0_rbio(ssl.get(), rbio.release());
3813 SSL_set0_wbio(ssl.get(), wbio.release());
3814
3815 int ret = SSL_do_handshake(ssl.get());
3816 EXPECT_EQ(-1, ret);
3817 EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), ret));
3818 uint32_t err = ERR_get_error();
3819 EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
3820 EXPECT_EQ(SSL_R_NO_CIPHERS_AVAILABLE, ERR_GET_REASON(err));
3821}
3822
David Benjamina4bafd32017-10-03 15:06:29 -0400[diff] [blame]3823TEST_P(SSLVersionTest, SessionVersion) {
3824 SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
3825 SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
3826
3827 bssl::UniquePtr<SSL_SESSION> session =
3828 CreateClientSession(client_ctx_.get(), server_ctx_.get());
3829 ASSERT_TRUE(session);
3830 EXPECT_EQ(version(), SSL_SESSION_get_protocol_version(session.get()));
3831
3832 // Sessions in TLS 1.3 and later should be single-use.
3833 EXPECT_EQ(version() == TLS1_3_VERSION,
3834 !!SSL_SESSION_should_be_single_use(session.get()));
3835
3836 // Making fake sessions for testing works.
3837 session.reset(SSL_SESSION_new(client_ctx_.get()));
3838 ASSERT_TRUE(session);
3839 ASSERT_TRUE(SSL_SESSION_set_protocol_version(session.get(), version()));
3840 EXPECT_EQ(version(), SSL_SESSION_get_protocol_version(session.get()));
3841}
3842
David Benjaminfdb7a352017-10-12 17:34:18 -0400[diff] [blame]3843TEST_P(SSLVersionTest, SSLPending) {
3844 UniquePtr<SSL> ssl(SSL_new(client_ctx_.get()));
3845 ASSERT_TRUE(ssl);
3846 EXPECT_EQ(0, SSL_pending(ssl.get()));
3847
3848 ASSERT_TRUE(Connect());
3849 EXPECT_EQ(0, SSL_pending(client_.get()));
3850
3851 ASSERT_EQ(5, SSL_write(server_.get(), "hello", 5));
3852 ASSERT_EQ(5, SSL_write(server_.get(), "world", 5));
3853 EXPECT_EQ(0, SSL_pending(client_.get()));
3854
3855 char buf[10];
3856 ASSERT_EQ(1, SSL_peek(client_.get(), buf, 1));
3857 EXPECT_EQ(5, SSL_pending(client_.get()));
3858
3859 ASSERT_EQ(1, SSL_read(client_.get(), buf, 1));
3860 EXPECT_EQ(4, SSL_pending(client_.get()));
3861
3862 ASSERT_EQ(4, SSL_read(client_.get(), buf, 10));
3863 EXPECT_EQ(0, SSL_pending(client_.get()));
3864
3865 ASSERT_EQ(2, SSL_read(client_.get(), buf, 2));
3866 EXPECT_EQ(3, SSL_pending(client_.get()));
3867}
3868
David Benjamina031b612017-10-11 20:48:25 -0400[diff] [blame]3869// Test that post-handshake tickets consumed by |SSL_shutdown| are ignored.
3870TEST(SSLTest, ShutdownIgnoresTickets) {
3871 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3872 ASSERT_TRUE(ctx);
3873 ASSERT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_3_VERSION));
3874 ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
3875
3876 bssl::UniquePtr<X509> cert = GetTestCertificate();
3877 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3878 ASSERT_TRUE(cert);
3879 ASSERT_TRUE(key);
3880 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3881 ASSERT_TRUE(SSL_CTX_use_PrivateKey(ctx.get(), key.get()));
3882
3883 SSL_CTX_set_session_cache_mode(ctx.get(), SSL_SESS_CACHE_BOTH);
3884
3885 bssl::UniquePtr<SSL> client, server;
3886 ASSERT_TRUE(ConnectClientAndServer(&client, &server, ctx.get(), ctx.get()));
3887
3888 SSL_CTX_sess_set_new_cb(ctx.get(), [](SSL *ssl, SSL_SESSION *session) -> int {
3889 ADD_FAILURE() << "New session callback called during SSL_shutdown";
3890 return 0;
3891 });
3892
3893 // Send close_notify.
3894 EXPECT_EQ(0, SSL_shutdown(server.get()));
3895 EXPECT_EQ(0, SSL_shutdown(client.get()));
3896
3897 // Receive close_notify.
3898 EXPECT_EQ(1, SSL_shutdown(server.get()));
3899 EXPECT_EQ(1, SSL_shutdown(client.get()));
3900}
3901
David Benjamin6cc352e2017-11-02 17:21:39 -0400[diff] [blame]3902TEST(SSLTest, SignatureAlgorithmProperties) {
3903 EXPECT_EQ(EVP_PKEY_NONE, SSL_get_signature_algorithm_key_type(0x1234));
3904 EXPECT_EQ(nullptr, SSL_get_signature_algorithm_digest(0x1234));
3905 EXPECT_FALSE(SSL_is_signature_algorithm_rsa_pss(0x1234));
3906
3907 EXPECT_EQ(EVP_PKEY_RSA,
3908 SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3909 EXPECT_EQ(EVP_md5_sha1(),
3910 SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3911 EXPECT_FALSE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PKCS1_MD5_SHA1));
3912
3913 EXPECT_EQ(EVP_PKEY_EC, SSL_get_signature_algorithm_key_type(
3914 SSL_SIGN_ECDSA_SECP256R1_SHA256));
3915 EXPECT_EQ(EVP_sha256(), SSL_get_signature_algorithm_digest(
3916 SSL_SIGN_ECDSA_SECP256R1_SHA256));
3917 EXPECT_FALSE(
3918 SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_ECDSA_SECP256R1_SHA256));
3919
3920 EXPECT_EQ(EVP_PKEY_RSA,
3921 SSL_get_signature_algorithm_key_type(SSL_SIGN_RSA_PSS_SHA384));
3922 EXPECT_EQ(EVP_sha384(),
3923 SSL_get_signature_algorithm_digest(SSL_SIGN_RSA_PSS_SHA384));
3924 EXPECT_TRUE(SSL_is_signature_algorithm_rsa_pss(SSL_SIGN_RSA_PSS_SHA384));
3925}
3926
Adam Langleyddb57cf2018-01-26 09:17:53 -0800[diff] [blame^]3927void MoveBIOs(SSL *dest, SSL *src) {
3928 BIO *rbio = SSL_get_rbio(src);
3929 BIO_up_ref(rbio);
3930 SSL_set0_rbio(dest, rbio);
3931
3932 BIO *wbio = SSL_get_wbio(src);
3933 BIO_up_ref(wbio);
3934 SSL_set0_wbio(dest, wbio);
3935
3936 SSL_set0_rbio(src, nullptr);
3937 SSL_set0_wbio(src, nullptr);
3938}
3939
3940TEST(SSLTest, Handoff) {
3941 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
3942 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
3943 bssl::UniquePtr<SSL_CTX> handshaker_ctx(SSL_CTX_new(TLS_method()));
3944 ASSERT_TRUE(client_ctx);
3945 ASSERT_TRUE(server_ctx);
3946 ASSERT_TRUE(handshaker_ctx);
3947
3948 SSL_CTX_set_handoff_mode(server_ctx.get(), 1);
3949 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_2_VERSION));
3950 ASSERT_TRUE(
3951 SSL_CTX_set_max_proto_version(handshaker_ctx.get(), TLS1_2_VERSION));
3952
3953 bssl::UniquePtr<X509> cert = GetTestCertificate();
3954 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
3955 ASSERT_TRUE(cert);
3956 ASSERT_TRUE(key);
3957 ASSERT_TRUE(SSL_CTX_use_certificate(handshaker_ctx.get(), cert.get()));
3958 ASSERT_TRUE(SSL_CTX_use_PrivateKey(handshaker_ctx.get(), key.get()));
3959
3960 bssl::UniquePtr<SSL> client, server;
3961 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
3962 server_ctx.get(), ClientConfig(),
3963 false /* don't handshake */));
3964
3965 int client_ret = SSL_do_handshake(client.get());
3966 int client_err = SSL_get_error(client.get(), client_ret);
3967 ASSERT_EQ(client_err, SSL_ERROR_WANT_READ);
3968
3969 int server_ret = SSL_do_handshake(server.get());
3970 int server_err = SSL_get_error(server.get(), server_ret);
3971 ASSERT_EQ(server_err, SSL_ERROR_HANDOFF);
3972
3973 ScopedCBB cbb;
3974 Array<uint8_t> handoff;
3975 ASSERT_TRUE(CBB_init(cbb.get(), 256));
3976 ASSERT_TRUE(SSL_serialize_handoff(server.get(), cbb.get()));
3977 ASSERT_TRUE(CBBFinishArray(cbb.get(), &handoff));
3978
3979 bssl::UniquePtr<SSL> handshaker(SSL_new(handshaker_ctx.get()));
3980 ASSERT_TRUE(SSL_apply_handoff(handshaker.get(), handoff));
3981
3982 MoveBIOs(handshaker.get(), server.get());
3983
3984 int handshake_ret = SSL_do_handshake(handshaker.get());
3985 int handshake_err = SSL_get_error(handshaker.get(), handshake_ret);
3986 ASSERT_EQ(handshake_err, SSL_ERROR_WANT_READ);
3987
3988 ASSERT_TRUE(CompleteHandshakes(client.get(), handshaker.get()));
3989
3990 ScopedCBB cbb_handback;
3991 Array<uint8_t> handback;
3992 ASSERT_TRUE(CBB_init(cbb_handback.get(), 1024));
3993 ASSERT_TRUE(SSL_serialize_handback(handshaker.get(), cbb_handback.get()));
3994 ASSERT_TRUE(CBBFinishArray(cbb_handback.get(), &handback));
3995
3996 bssl::UniquePtr<SSL> server2(SSL_new(server_ctx.get()));
3997 ASSERT_TRUE(SSL_apply_handback(server2.get(), handback));
3998
3999 MoveBIOs(server2.get(), handshaker.get());
4000
4001 uint8_t byte = 42;
4002 EXPECT_EQ(SSL_write(client.get(), &byte, 1), 1);
4003 EXPECT_EQ(SSL_read(server2.get(), &byte, 1), 1);
4004 EXPECT_EQ(42, byte);
4005
4006 byte = 43;
4007 EXPECT_EQ(SSL_write(server2.get(), &byte, 1), 1);
4008 EXPECT_EQ(SSL_read(client.get(), &byte, 1), 1);
4009 EXPECT_EQ(43, byte);
4010}
4011
4012TEST(SSLTest, HandoffDeclined) {
4013 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
4014 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
4015 ASSERT_TRUE(client_ctx);
4016 ASSERT_TRUE(server_ctx);
4017
4018 SSL_CTX_set_handoff_mode(server_ctx.get(), 1);
4019 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_2_VERSION));
4020
4021 bssl::UniquePtr<X509> cert = GetTestCertificate();
4022 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
4023 ASSERT_TRUE(cert);
4024 ASSERT_TRUE(key);
4025 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
4026 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
4027
4028 bssl::UniquePtr<SSL> client, server;
4029 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
4030 server_ctx.get(), ClientConfig(),
4031 false /* don't handshake */));
4032
4033 int client_ret = SSL_do_handshake(client.get());
4034 int client_err = SSL_get_error(client.get(), client_ret);
4035 ASSERT_EQ(client_err, SSL_ERROR_WANT_READ);
4036
4037 int server_ret = SSL_do_handshake(server.get());
4038 int server_err = SSL_get_error(server.get(), server_ret);
4039 ASSERT_EQ(server_err, SSL_ERROR_HANDOFF);
4040
4041 ScopedCBB cbb;
4042 ASSERT_TRUE(CBB_init(cbb.get(), 256));
4043 ASSERT_TRUE(SSL_serialize_handoff(server.get(), cbb.get()));
4044
4045 ASSERT_TRUE(SSL_decline_handoff(server.get()));
4046
4047 ASSERT_TRUE(CompleteHandshakes(client.get(), server.get()));
4048
4049 uint8_t byte = 42;
4050 EXPECT_EQ(SSL_write(client.get(), &byte, 1), 1);
4051 EXPECT_EQ(SSL_read(server.get(), &byte, 1), 1);
4052 EXPECT_EQ(42, byte);
4053
4054 byte = 43;
4055 EXPECT_EQ(SSL_write(server.get(), &byte, 1), 1);
4056 EXPECT_EQ(SSL_read(client.get(), &byte, 1), 1);
4057 EXPECT_EQ(43, byte);
4058}
4059
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]4060// TODO(davidben): Convert this file to GTest properly.
4061TEST(SSLTest, AllTests) {
David Benjamine11726a2017-04-23 12:14:28 -0400[diff] [blame]4062 if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]4063 !TestSSL_SESSIONEncoding(kCustomSession) ||
4064 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
4065 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
4066 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
4067 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]4068 // Test the padding extension at TLS 1.2.
4069 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
4070 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
4071 // will be no PSK binder after the padding extension.
4072 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
4073 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
4074 // will be a PSK binder after the padding extension.
Steven Valdez74666da2018-01-09 06:18:36 -0500[diff] [blame]4075 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT23_VERSION)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]4076 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]4077 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]4078}
Martin Kreichgauer72912d22017-08-04 12:06:43 -0700[diff] [blame]4079
4080} // namespace
4081} // namespace bssl