Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / f0d8e22078e146ae0e4df03edbf236b3727dd414 / . / ssl / ssl_test.cc
blob: 304aa0ca660daa7ca81d051146cf77c0dc81c5a1 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]62};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]63
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]64struct CurveTest {
65 // The rule string to apply.
66 const char *rule;
67 // The list of expected curves, in order.
68 std::vector<uint16_t> expected;
69};
70
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]71static const CipherTest kCipherTests[] = {
72 // Selecting individual ciphers should work.
73 {
74 "ECDHE-ECDSA-CHACHA20-POLY1305:"
75 "ECDHE-RSA-CHACHA20-POLY1305:"
76 "ECDHE-ECDSA-AES128-GCM-SHA256:"
77 "ECDHE-RSA-AES128-GCM-SHA256",
78 {
79 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]80 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]94 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
95 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]96 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
97 },
98 },
99 // ! banishes ciphers from future selections.
100 {
101 "!aRSA:"
102 "ECDHE-ECDSA-CHACHA20-POLY1305:"
103 "ECDHE-RSA-CHACHA20-POLY1305:"
104 "ECDHE-ECDSA-AES128-GCM-SHA256:"
105 "ECDHE-RSA-AES128-GCM-SHA256",
106 {
107 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]108 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
109 },
110 },
111 // Multiple masks can be ANDed in a single rule.
112 {
113 "kRSA+AESGCM+AES128",
114 {
115 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
116 },
117 },
118 // - removes selected ciphers, but preserves their order for future
119 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
120 // ECDHE_RSA.
121 {
122 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
123 "AESGCM+AES128+aRSA",
124 {
125 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
126 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
127 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
128 },
129 },
130 // Unknown selectors are no-ops.
131 {
132 "ECDHE-ECDSA-CHACHA20-POLY1305:"
133 "ECDHE-RSA-CHACHA20-POLY1305:"
134 "ECDHE-ECDSA-AES128-GCM-SHA256:"
135 "ECDHE-RSA-AES128-GCM-SHA256:"
136 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
137 {
138 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]139 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]140 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
141 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
142 },
143 },
144 // Square brackets specify equi-preference groups.
145 {
146 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
147 "[ECDHE-RSA-CHACHA20-POLY1305]:"
148 "ECDHE-RSA-AES128-GCM-SHA256",
149 {
150 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]151 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]152 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]153 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
154 },
155 },
156 // @STRENGTH performs a stable strength-sort of the selected ciphers and
157 // only the selected ciphers.
158 {
159 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]160 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
162 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]163 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]164 // Select ECDHE ones and sort them by strength. Ties should resolve
165 // based on the order above.
166 "kECDHE:@STRENGTH:-ALL:"
167 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
168 // by strength. Then RSA, backwards by strength.
169 "aRSA",
170 {
171 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
172 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]173 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
175 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
176 },
177 },
178 // Exact ciphers may not be used in multi-part rules; they are treated
179 // as unknown aliases.
180 {
181 "ECDHE-ECDSA-AES128-GCM-SHA256:"
182 "ECDHE-RSA-AES128-GCM-SHA256:"
183 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
184 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
185 {
186 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
187 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
188 },
189 },
190 // SSLv3 matches everything that existed before TLS 1.2.
191 {
192 "AES128-SHA:AES128-SHA256:!SSLv3",
193 {
194 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
195 },
196 },
197 // TLSv1.2 matches everything added in TLS 1.2.
198 {
199 "AES128-SHA:AES128-SHA256:!TLSv1.2",
200 {
201 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
202 },
203 },
204 // The two directives have no intersection.
205 {
206 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
207 {
208 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
209 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
210 },
211 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]212};
213
214static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]215 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]216 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
217 "RSA]",
218 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]219 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]220 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]221 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]222 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]223 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]224 "",
225 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]226 // COMPLEMENTOFDEFAULT is empty.
227 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]228 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]229 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]230 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]231 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
232 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
233 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
234 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]235 // Opcode supplied, but missing selector.
236 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]237};
238
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]239static const char *kMustNotIncludeNull[] = {
240 "ALL",
241 "DEFAULT",
242 "ALL:!eNULL",
243 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]244 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]245 "FIPS",
246 "SHA",
247 "SHA1",
248 "RSA",
249 "SSLv3",
250 "TLSv1",
251 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]252};
253
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]254static const CurveTest kCurveTests[] = {
255 {
256 "P-256",
257 { SSL_CURVE_SECP256R1 },
258 },
259 {
260 "P-256:P-384:P-521:X25519",
261 {
262 SSL_CURVE_SECP256R1,
263 SSL_CURVE_SECP384R1,
264 SSL_CURVE_SECP521R1,
265 SSL_CURVE_X25519,
266 },
267 },
268};
269
270static const char *kBadCurvesLists[] = {
271 "",
272 ":",
273 "::",
274 "P-256::X25519",
275 "RSA:P-256",
276 "P-256:RSA",
277 "X25519:P-256:",
278 ":X25519:P-256",
279};
280
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]281static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
282 bool in_group = false;
283 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]284 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
285 if (!in_group && list->in_group_flags[i]) {
286 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]287 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]288 }
289 fprintf(stderr, "\t");
290 if (in_group) {
291 fprintf(stderr, " ");
292 }
293 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
294 if (in_group && !list->in_group_flags[i]) {
295 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]296 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]297 }
298 }
299}
300
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]301static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]302 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]303 if (!ctx) {
304 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]305 }
306
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]307 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
308 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]309 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]310 }
311
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]312 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]313 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
314 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
315 PrintCipherPreferenceList(ctx->cipher_list);
316 return false;
317 }
318
319 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]320 const SSL_CIPHER *cipher =
321 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]322 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
323 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
324 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]325 PrintCipherPreferenceList(ctx->cipher_list);
326 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]327 }
328 }
329
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]330 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331}
332
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]333static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]334 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]335 if (!ctx) {
336 return false;
337 }
338 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
339 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
340 return false;
341 }
342 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
343 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
344 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
345 return false;
346 }
347 }
348 return true;
349}
350
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]351static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]352 for (const CipherTest &test : kCipherTests) {
353 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]354 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]355 }
356 }
357
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]358 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]359 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]360 if (!ctx) {
361 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]362 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]363 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
364 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]365 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]366 }
367 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]368 }
369
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]370 for (const char *rule : kMustNotIncludeNull) {
371 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]372 return false;
373 }
374 }
375
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]376 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]377}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]378
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]379static bool TestCurveRule(const CurveTest &t) {
380 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
381 if (!ctx) {
382 return false;
383 }
384
385 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
386 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
387 return false;
388 }
389
390 // Compare the two lists.
391 if (ctx->supported_group_list_len != t.expected.size()) {
392 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
393 return false;
394 }
395
396 for (size_t i = 0; i < t.expected.size(); i++) {
397 if (t.expected[i] != ctx->supported_group_list[i]) {
398 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
399 return false;
400 }
401 }
402
403 return true;
404}
405
406static bool TestCurveRules() {
407 for (const CurveTest &test : kCurveTests) {
408 if (!TestCurveRule(test)) {
409 return false;
410 }
411 }
412
413 for (const char *rule : kBadCurvesLists) {
414 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
415 if (!ctx) {
416 return false;
417 }
418 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
419 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
420 return false;
421 }
422 ERR_clear_error();
423 }
424
425 return true;
426}
427
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]428// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]429static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]430 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]431 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
432 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
433 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
434 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
435 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
436 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
437 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
438 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
439 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
440 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
441 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
442 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
443 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
444 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
445 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
446 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
447 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
448 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
449 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
450 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
451 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
452 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
453 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
454 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
455 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
456 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
457 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
458 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
459 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]460 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]461
462// kCustomSession is a custom serialized SSL_SESSION generated by
463// filling in missing fields from |kOpenSSLSession|. This includes
464// providing |peer_sha256|, so |peer| is not serialized.
465static const char kCustomSession[] =
466 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
467 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
468 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
469 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
470 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
471 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
472 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
473 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
474
475// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
476static const char kBoringSSLSession[] =
477 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
478 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
479 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
480 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
481 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
482 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
483 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
484 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
485 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
486 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
487 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
488 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
489 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
490 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
491 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
492 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
493 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
494 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
495 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
496 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
497 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
498 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
499 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
500 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
501 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
502 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
503 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
504 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
505 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
506 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
507 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
508 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
509 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
510 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
511 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
512 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
513 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
514 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
515 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
516 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
517 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
518 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
519 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
520 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
521 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
522 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
523 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
524 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
525 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
526 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
527 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
528 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
529 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
530 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
531 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
532 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
533 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
534 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
535 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
536 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
537 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
538 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
539 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
540 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
541 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
542 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
543 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
544 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
545 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
546 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
547 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
548 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
549 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
550 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
551 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
552 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
553 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
554 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
555 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
556 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
557 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
558 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
559 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
560 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
561 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
562 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
563 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
564 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
565 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
566 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
567 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
568 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
569 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
570 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
571 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
572
573// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
574// the final (optional) element of |kCustomSession| with tag number 30.
575static const char kBadSessionExtraField[] =
576 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
577 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
578 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
579 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
580 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
581 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
582 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
583 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
584
585// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
586// the version of |kCustomSession| with 2.
587static const char kBadSessionVersion[] =
588 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
589 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
590 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
591 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
592 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
593 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
594 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
595 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
596
597// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
598// appended.
599static const char kBadSessionTrailingData[] =
600 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
601 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
602 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
603 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
604 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
605 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
606 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
607 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
608
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]609static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]610 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]611 if (!EVP_DecodedLength(&len, strlen(in))) {
612 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]613 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]614 }
615
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]616 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]617 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]618 strlen(in))) {
619 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]620 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]621 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]622 out->resize(len);
623 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]624}
625
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]626static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]627 const uint8_t *cptr;
628 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]629
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]630 // Decode the input.
631 std::vector<uint8_t> input;
632 if (!DecodeBase64(&input, input_b64)) {
633 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]634 }
635
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]636 // Verify the SSL_SESSION decodes.
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]637 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]638 if (!session) {
639 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]640 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]641 }
642
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]643 // Verify the SSL_SESSION encoding round-trips.
644 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]645 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]646 uint8_t *encoded_raw;
647 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]648 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]649 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]650 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]651 encoded.reset(encoded_raw);
652 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]653 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]654 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]655 hexdump(stderr, "Before: ", input.data(), input.size());
656 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]657 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]658 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]659
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]660 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]661 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]662 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]663 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]664 fprintf(stderr, "d2i_SSL_SESSION failed\n");
665 return false;
666 }
667
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]668 // Verify the SSL_SESSION encoding round-trips via the legacy API.
669 int len = i2d_SSL_SESSION(session.get(), NULL);
670 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]671 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]672 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]673 }
674
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]675 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
676 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]677 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]678 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]679 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]680
681 ptr = encoded.get();
682 len = i2d_SSL_SESSION(session.get(), &ptr);
683 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]684 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]686 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]687 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]688 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]689 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]690 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]691 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]692 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]693 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]694 }
695
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]696 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]697}
698
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]699static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
700 std::vector<uint8_t> input;
701 if (!DecodeBase64(&input, input_b64)) {
702 return false;
703 }
704
705 // Verify that the SSL_SESSION fails to decode.
Adam Langleyc0fc7a12016-12-09 15:05:34 -0800[diff] [blame]706 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(input.data(), input.size()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]707 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]708 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]709 return false;
710 }
711 ERR_clear_error();
712 return true;
713}
714
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]715static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]716 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]717 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]718 if (!ctx) {
719 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]720 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]721 if (ctx->min_version != min_version || ctx->max_version != max_version) {
722 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
723 ctx->min_version, ctx->max_version, min_version, max_version);
724 return false;
725 }
726 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]727}
728
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]729static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]730 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
731 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]732 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]733 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]734 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]735 if (!rfc_name) {
736 return false;
737 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]738 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]740}
741
742typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]743 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]744 const char *rfc_name;
745} CIPHER_RFC_NAME_TEST;
746
747static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]748 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
749 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
750 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
751 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
752 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
753 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
754 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
755 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
756 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
757 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
758 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
759 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
760 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
761 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
762 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
763 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
764 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
765 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
766 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
767 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
768 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
769 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]770};
771
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]772static bool TestCipherGetRFCName(void) {
773 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]774 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]775 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]776 std::string rfc_name;
777 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
778 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
779 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]780 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]781 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]782 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]783 rfc_name.c_str(), test->rfc_name);
784 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]785 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]786 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]787 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]788}
789
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]790// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
791// version and ticket length or nullptr on failure.
792static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
793 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]794 std::vector<uint8_t> der;
795 if (!DecodeBase64(&der, kOpenSSLSession)) {
796 return nullptr;
797 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]798 bssl::UniquePtr<SSL_SESSION> session(
799 SSL_SESSION_from_bytes(der.data(), der.size()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]800 if (!session) {
801 return nullptr;
802 }
803
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]804 session->ssl_version = version;
805
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]806 // Swap out the ticket for a garbage one.
807 OPENSSL_free(session->tlsext_tick);
808 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
809 if (session->tlsext_tick == nullptr) {
810 return nullptr;
811 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]812 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]813 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]814
815 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]816#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
817 session->time = 1234;
818#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]819 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]820#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]821 return session;
822}
823
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]824static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]825 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]826 if (!bio) {
827 return false;
828 }
829 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]830 BIO_up_ref(bio.get());
831 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]832 int ret = SSL_connect(ssl);
833 if (ret > 0) {
834 // SSL_connect should fail without a BIO to write to.
835 return false;
836 }
837 ERR_clear_error();
838
839 const uint8_t *client_hello;
840 size_t client_hello_len;
841 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
842 return false;
843 }
844 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
845 return true;
846}
847
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]848// GetClientHelloLen creates a client SSL connection with the specified version
849// and ticket length. It returns the length of the ClientHello, not including
850// the record header, on success and zero on error.
851static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
852 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]853 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]854 bssl::UniquePtr<SSL_SESSION> session =
855 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]856 if (!ctx || !session) {
857 return 0;
858 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]859
860 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]861 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]862 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]863 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
864 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]865 return 0;
866 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]867
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]868 std::vector<uint8_t> client_hello;
869 if (!GetClientHello(ssl.get(), &client_hello) ||
870 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]871 return 0;
872 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]873
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]874 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]875}
876
877struct PaddingTest {
878 size_t input_len, padded_len;
879};
880
881static const PaddingTest kPaddingTests[] = {
882 // ClientHellos of length below 0x100 do not require padding.
883 {0xfe, 0xfe},
884 {0xff, 0xff},
885 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
886 {0x100, 0x200},
887 {0x123, 0x200},
888 {0x1fb, 0x200},
889 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
890 // padding extension takes a minimum of four bytes plus one required content
891 // byte. (To work around yet more server bugs, we avoid empty final
892 // extensions.)
893 {0x1fc, 0x201},
894 {0x1fd, 0x202},
895 {0x1fe, 0x203},
896 {0x1ff, 0x204},
897 // Finally, larger ClientHellos need no padding.
898 {0x200, 0x200},
899 {0x201, 0x201},
900};
901
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]902static bool TestPaddingExtension(uint16_t max_version,
903 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]904 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]905 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]906 if (base_len == 0) {
907 return false;
908 }
909
910 for (const PaddingTest &test : kPaddingTests) {
911 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]912 fprintf(stderr,
913 "Baseline ClientHello too long (max_version = %04x, "
914 "session_version = %04x).\n",
915 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]916 return false;
917 }
918
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]919 size_t padded_len = GetClientHelloLen(max_version, session_version,
920 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]921 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]922 fprintf(stderr,
923 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
924 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]925 static_cast<unsigned>(test.input_len),
926 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]927 static_cast<unsigned>(test.padded_len), max_version,
928 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]929 return false;
930 }
931 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]932
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]933 return true;
934}
935
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]936// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
937// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]938TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]939 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]940 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]941 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]942 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]943
944 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]945 ASSERT_TRUE(stack);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]946 // |SSL_set_client_CA_list| takes ownership.
947 SSL_set_client_CA_list(ssl.get(), stack);
948
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]949 EXPECT_EQ(stack, SSL_get_client_CA_list(ssl.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]950}
951
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]952static void AppendSession(SSL_SESSION *session, void *arg) {
953 std::vector<SSL_SESSION*> *out =
954 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
955 out->push_back(session);
956}
957
958// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
959// order.
960static bool ExpectCache(SSL_CTX *ctx,
961 const std::vector<SSL_SESSION*> &expected) {
962 // Check the linked list.
963 SSL_SESSION *ptr = ctx->session_cache_head;
964 for (SSL_SESSION *session : expected) {
965 if (ptr != session) {
966 return false;
967 }
968 // TODO(davidben): This is an absurd way to denote the end of the list.
969 if (ptr->next ==
970 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
971 ptr = nullptr;
972 } else {
973 ptr = ptr->next;
974 }
975 }
976 if (ptr != nullptr) {
977 return false;
978 }
979
980 // Check the hash table.
981 std::vector<SSL_SESSION*> actual, expected_copy;
982 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
983 expected_copy = expected;
984
985 std::sort(actual.begin(), actual.end());
986 std::sort(expected_copy.begin(), expected_copy.end());
987
988 return actual == expected_copy;
989}
990
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]991static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
992 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new());
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]993 if (!ret) {
994 return nullptr;
995 }
996
997 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]998 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
999 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1000 return ret;
1001}
1002
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1003// Test that the internal session cache behaves as expected.
1004static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1005 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1006 if (!ctx) {
1007 return false;
1008 }
1009
1010 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1011 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1012 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1013 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1014 if (!session) {
1015 return false;
1016 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1017 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1018 }
1019
1020 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1021
1022 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1023 for (const auto &session : sessions) {
1024 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1025 return false;
1026 }
1027 }
1028
1029 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1030 std::vector<SSL_SESSION*> expected = {
1031 sessions[9].get(),
1032 sessions[8].get(),
1033 sessions[7].get(),
1034 sessions[6].get(),
1035 sessions[5].get(),
1036 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1037 if (!ExpectCache(ctx.get(), expected)) {
1038 return false;
1039 }
1040
1041 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1042 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1043 !ExpectCache(ctx.get(), expected)) {
1044 return false;
1045 }
1046
1047 // Although collisions should be impossible (256-bit session IDs), the cache
1048 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1049 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1050 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1051 return false;
1052 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1053 expected = {
1054 collision.get(),
1055 sessions[9].get(),
1056 sessions[8].get(),
1057 sessions[6].get(),
1058 sessions[5].get(),
1059 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1060 if (!ExpectCache(ctx.get(), expected)) {
1061 return false;
1062 }
1063
1064 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1065 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1066 return false;
1067 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1068 expected = {
1069 collision.get(),
1070 sessions[9].get(),
1071 sessions[8].get(),
1072 sessions[5].get(),
1073 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1074 if (!ExpectCache(ctx.get(), expected)) {
1075 return false;
1076 }
1077
1078 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1079 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1080 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1081 !ExpectCache(ctx.get(), expected)) {
1082 return false;
1083 }
1084
1085 return true;
1086}
1087
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1088static uint16_t EpochFromSequence(uint64_t seq) {
1089 return static_cast<uint16_t>(seq >> 48);
1090}
1091
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1092static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1093 static const char kCertPEM[] =
1094 "-----BEGIN CERTIFICATE-----\n"
1095 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1096 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1097 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1098 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1099 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1100 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1101 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1102 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1103 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1104 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1105 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1106 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1107 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1108 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1109 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1110 return bssl::UniquePtr<X509>(
1111 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1112}
1113
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1114static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1115 static const char kKeyPEM[] =
1116 "-----BEGIN RSA PRIVATE KEY-----\n"
1117 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1118 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1119 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1120 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1121 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1122 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1123 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1124 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1125 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1126 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1127 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1128 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1129 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1130 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1131 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1132 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1133 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1134}
1135
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1136static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1137 static const char kCertPEM[] =
1138 "-----BEGIN CERTIFICATE-----\n"
1139 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1140 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1141 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1142 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1143 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1144 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1145 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1146 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1147 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1148 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1149 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1150 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1151 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1152}
1153
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1154static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1155 static const char kKeyPEM[] =
1156 "-----BEGIN PRIVATE KEY-----\n"
1157 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1158 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1159 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1160 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1161 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1162 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1163 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1164}
1165
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1166static bssl::UniquePtr<X509> GetChainTestCertificate() {
1167 static const char kCertPEM[] =
1168 "-----BEGIN CERTIFICATE-----\n"
1169 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1170 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1171 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1172 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1173 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1174 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1175 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1176 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1177 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1178 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1179 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1180 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1181 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1182 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1183 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1184 "1ngWZ7Ih\n"
1185 "-----END CERTIFICATE-----\n";
1186 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1187 return bssl::UniquePtr<X509>(
1188 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1189}
1190
1191static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1192 static const char kCertPEM[] =
1193 "-----BEGIN CERTIFICATE-----\n"
1194 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1195 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1196 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1197 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1198 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1199 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1200 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1201 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1202 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1203 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1204 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1205 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1206 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1207 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1208 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1209 "-----END CERTIFICATE-----\n";
1210 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1211 return bssl::UniquePtr<X509>(
1212 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1213}
1214
1215static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1216 static const char kKeyPEM[] =
1217 "-----BEGIN PRIVATE KEY-----\n"
1218 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1219 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1220 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1221 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1222 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1223 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1224 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1225 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1226 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1227 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1228 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1229 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1230 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1231 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1232 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1233 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1234 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1235 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1236 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1237 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1238 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1239 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1240 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1241 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1242 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1243 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1244 "-----END PRIVATE KEY-----\n";
1245 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1246 return bssl::UniquePtr<EVP_PKEY>(
1247 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1248}
1249
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1250static bool CompleteHandshakes(SSL *client, SSL *server) {
1251 // Drive both their handshakes to completion.
1252 for (;;) {
1253 int client_ret = SSL_do_handshake(client);
1254 int client_err = SSL_get_error(client, client_ret);
1255 if (client_err != SSL_ERROR_NONE &&
1256 client_err != SSL_ERROR_WANT_READ &&
1257 client_err != SSL_ERROR_WANT_WRITE) {
1258 fprintf(stderr, "Client error: %d\n", client_err);
1259 return false;
1260 }
1261
1262 int server_ret = SSL_do_handshake(server);
1263 int server_err = SSL_get_error(server, server_ret);
1264 if (server_err != SSL_ERROR_NONE &&
1265 server_err != SSL_ERROR_WANT_READ &&
1266 server_err != SSL_ERROR_WANT_WRITE) {
1267 fprintf(stderr, "Server error: %d\n", server_err);
1268 return false;
1269 }
1270
1271 if (client_ret == 1 && server_ret == 1) {
1272 break;
1273 }
1274 }
1275
1276 return true;
1277}
1278
1279static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1280 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1281 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1282 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1283 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1284 if (!client || !server) {
1285 return false;
1286 }
1287 SSL_set_connect_state(client.get());
1288 SSL_set_accept_state(server.get());
1289
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1290 SSL_set_session(client.get(), session);
1291
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1292 BIO *bio1, *bio2;
1293 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1294 return false;
1295 }
1296 // SSL_set_bio takes ownership.
1297 SSL_set_bio(client.get(), bio1, bio1);
1298 SSL_set_bio(server.get(), bio2, bio2);
1299
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1300 if (!CompleteHandshakes(client.get(), server.get())) {
1301 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1302 }
1303
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1304 *out_client = std::move(client);
1305 *out_server = std::move(server);
1306 return true;
1307}
1308
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1309static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1310 uint16_t version) {
1311 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1312 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1313 if (!server_ctx || !client_ctx ||
1314 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1315 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1316 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1317 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1318 return false;
1319 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1320
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1321 bssl::UniquePtr<X509> cert = GetTestCertificate();
1322 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1323 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1324 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1325 return false;
1326 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1327
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1328 bssl::UniquePtr<SSL> client, server;
1329 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1330 server_ctx.get(), nullptr /* no session */)) {
1331 return false;
1332 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1333
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1334 // Drain any post-handshake messages to ensure there are no unread records
1335 // on either end.
1336 uint8_t byte = 0;
1337 if (SSL_read(client.get(), &byte, 1) > 0 ||
1338 SSL_read(server.get(), &byte, 1) > 0) {
1339 fprintf(stderr, "Received unexpected data.\n");
1340 return false;
1341 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1342
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1343 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1344 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1345 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1346 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1347
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1348 if (is_dtls) {
1349 // Both client and server must be at epoch 1.
1350 if (EpochFromSequence(client_read_seq) != 1 ||
1351 EpochFromSequence(client_write_seq) != 1 ||
1352 EpochFromSequence(server_read_seq) != 1 ||
1353 EpochFromSequence(server_write_seq) != 1) {
1354 fprintf(stderr, "Bad epochs.\n");
1355 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1356 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1357
1358 // The next record to be written should exceed the largest received.
1359 if (client_write_seq <= server_read_seq ||
1360 server_write_seq <= client_read_seq) {
1361 fprintf(stderr, "Inconsistent sequence numbers.\n");
1362 return false;
1363 }
1364 } else {
1365 // The next record to be written should equal the next to be received.
1366 if (client_write_seq != server_read_seq ||
1367 server_write_seq != client_read_seq) {
1368 fprintf(stderr, "Inconsistent sequence numbers.\n");
1369 return false;
1370 }
1371 }
1372
1373 // Send a record from client to server.
1374 if (SSL_write(client.get(), &byte, 1) != 1 ||
1375 SSL_read(server.get(), &byte, 1) != 1) {
1376 fprintf(stderr, "Could not send byte.\n");
1377 return false;
1378 }
1379
1380 // The client write and server read sequence numbers should have
1381 // incremented.
1382 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1383 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1384 fprintf(stderr, "Sequence numbers did not increment.\n");
1385 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1386 }
1387
1388 return true;
1389}
1390
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1391static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1392 uint16_t version) {
1393 // SSL_shutdown is a no-op in DTLS.
1394 if (is_dtls) {
1395 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1396 }
1397
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1398 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1399 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1400 bssl::UniquePtr<X509> cert = GetTestCertificate();
1401 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1402 if (!client_ctx || !server_ctx || !cert || !key ||
1403 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1404 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1405 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1406 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1407 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1408 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1409 return false;
1410 }
1411
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1412 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1413 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1414 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1415 return false;
1416 }
1417
1418 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1419 // one side has shut down.
1420 if (SSL_shutdown(client.get()) != 0) {
1421 fprintf(stderr, "Could not shutdown.\n");
1422 return false;
1423 }
1424
1425 // Reading from the server should consume the EOF.
1426 uint8_t byte;
1427 if (SSL_read(server.get(), &byte, 1) != 0 ||
1428 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1429 fprintf(stderr, "Connection was not shut down cleanly.\n");
1430 return false;
1431 }
1432
1433 // However, the server may continue to write data and then shut down the
1434 // connection.
1435 byte = 42;
1436 if (SSL_write(server.get(), &byte, 1) != 1 ||
1437 SSL_read(client.get(), &byte, 1) != 1 ||
1438 byte != 42) {
1439 fprintf(stderr, "Could not send byte.\n");
1440 return false;
1441 }
1442
1443 // The server may then shutdown the connection.
1444 if (SSL_shutdown(server.get()) != 1 ||
1445 SSL_shutdown(client.get()) != 1) {
1446 fprintf(stderr, "Could not complete shutdown.\n");
1447 return false;
1448 }
1449
1450 return true;
1451}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1452
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1453TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1454 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1455 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1456 ASSERT_TRUE(client_ctx);
1457 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1458
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1459 bssl::UniquePtr<X509> cert = GetTestCertificate();
1460 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1461 ASSERT_TRUE(cert);
1462 ASSERT_TRUE(key);
1463 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1464 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1465
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1466 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1467 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1468 server_ctx.get(),
1469 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1470
1471 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1472 bssl::UniquePtr<SSL_SESSION> session1(
1473 SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
1474 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1475
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1476 session1->not_resumable = 0;
1477
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1478 uint8_t *s0_bytes, *s1_bytes;
1479 size_t s0_len, s1_len;
1480
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1481 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1482 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1483
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1484 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1485 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1486
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1487 ASSERT_EQ(s0_len, s1_len);
1488 EXPECT_EQ(0, OPENSSL_memcmp(s0_bytes, s1_bytes, s0_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1489}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1490
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1491static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1492 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1493 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1494
1495 // The wrapper BIOs are always equal when fds are equal, even if set
1496 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1497 if (rfd == wfd) {
1498 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1499 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1500}
1501
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1502TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1503 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1504 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1505
1506 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1507 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1508 ASSERT_TRUE(ssl);
1509 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1510 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1511 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1512
1513 // Test setting the same FD.
1514 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1515 ASSERT_TRUE(ssl);
1516 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1517 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1518
1519 // Test setting the same FD one side at a time.
1520 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1521 ASSERT_TRUE(ssl);
1522 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1523 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1524 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1525
1526 // Test setting the same FD in the other order.
1527 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1528 ASSERT_TRUE(ssl);
1529 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1530 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1531 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1532
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1533 // Test changing the read FD partway through.
1534 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1535 ASSERT_TRUE(ssl);
1536 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1537 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1538 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1539
1540 // Test changing the write FD partway through.
1541 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1542 ASSERT_TRUE(ssl);
1543 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1544 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1545 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1546
1547 // Test a no-op change to the read FD partway through.
1548 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1549 ASSERT_TRUE(ssl);
1550 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1551 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1552 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1553
1554 // Test a no-op change to the write FD partway through.
1555 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1556 ASSERT_TRUE(ssl);
1557 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1558 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1559 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1560
1561 // ASan builds will implicitly test that the internal |BIO| reference-counting
1562 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1563}
1564
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1565TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1566 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1567 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1568
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1569 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1570 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1571 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]1572 ASSERT_TRUE(ssl);
1573 ASSERT_TRUE(bio1);
1574 ASSERT_TRUE(bio2);
1575 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1576
1577 // SSL_set_bio takes one reference when the parameters are the same.
1578 BIO_up_ref(bio1.get());
1579 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1580
1581 // Repeating the call does nothing.
1582 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1583
1584 // It takes one reference each when the parameters are different.
1585 BIO_up_ref(bio2.get());
1586 BIO_up_ref(bio3.get());
1587 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1588
1589 // Repeating the call does nothing.
1590 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1591
1592 // It takes one reference when changing only wbio.
1593 BIO_up_ref(bio1.get());
1594 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1595
1596 // It takes one reference when changing only rbio and the two are different.
1597 BIO_up_ref(bio3.get());
1598 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1599
1600 // If setting wbio to rbio, it takes no additional references.
1601 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1602
1603 // From there, wbio may be switched to something else.
1604 BIO_up_ref(bio1.get());
1605 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1606
1607 // If setting rbio to wbio, it takes no additional references.
1608 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1609
1610 // From there, rbio may be switched to something else, but, for historical
1611 // reasons, it takes a reference to both parameters.
1612 BIO_up_ref(bio1.get());
1613 BIO_up_ref(bio2.get());
1614 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1615
1616 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1617 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1618}
1619
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1620static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1621
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1622static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1623 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1624 bssl::UniquePtr<X509> cert = GetTestCertificate();
1625 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1626 if (!cert || !key) {
1627 return false;
1628 }
1629
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1630 // Configure both client and server to accept any certificate.
1631 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1632 if (!ctx ||
1633 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1634 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1635 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1636 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1637 return false;
1638 }
1639 SSL_CTX_set_verify(
1640 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1641 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1642
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1643 bssl::UniquePtr<SSL> client, server;
1644 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1645 nullptr /* no session */)) {
1646 return false;
1647 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1648
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1649 // Client and server should both see the leaf certificate.
1650 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1651 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1652 fprintf(stderr, "Server peer certificate did not match.\n");
1653 return false;
1654 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1655
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1656 peer.reset(SSL_get_peer_certificate(client.get()));
1657 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1658 fprintf(stderr, "Client peer certificate did not match.\n");
1659 return false;
1660 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1661
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1662 // However, for historical reasons, the chain includes the leaf on the
1663 // client, but does not on the server.
1664 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1665 fprintf(stderr, "Client peer chain was incorrect.\n");
1666 return false;
1667 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1668
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1669 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1670 fprintf(stderr, "Server peer chain was incorrect.\n");
1671 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1672 }
1673
1674 return true;
1675}
1676
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1677static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1678 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1679 bssl::UniquePtr<X509> cert = GetTestCertificate();
1680 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1681 if (!cert || !key) {
1682 return false;
1683 }
1684
1685 uint8_t *cert_der = NULL;
1686 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1687 if (cert_der_len < 0) {
1688 return false;
1689 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1690 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1691
1692 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1693 SHA256(cert_der, cert_der_len, cert_sha256);
1694
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1695 // Configure both client and server to accept any certificate, but the
1696 // server must retain only the SHA-256 of the peer.
1697 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1698 if (!ctx ||
1699 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1700 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1701 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1702 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1703 return false;
1704 }
1705 SSL_CTX_set_verify(
1706 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1707 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1708 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1709
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1710 bssl::UniquePtr<SSL> client, server;
1711 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1712 nullptr /* no session */)) {
1713 return false;
1714 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1715
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1716 // The peer certificate has been dropped.
1717 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1718 if (peer) {
1719 fprintf(stderr, "Peer certificate was retained.\n");
1720 return false;
1721 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1722
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1723 SSL_SESSION *session = SSL_get_session(server.get());
1724 if (!session->peer_sha256_valid) {
1725 fprintf(stderr, "peer_sha256_valid was not set.\n");
1726 return false;
1727 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1728
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1729 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1730 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1731 fprintf(stderr, "peer_sha256 did not match.\n");
1732 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1733 }
1734
1735 return true;
1736}
1737
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1738static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1739 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1740 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1741 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1742 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1743 // Our default cipher list varies by CPU capabilities, so manually place
1744 // the ChaCha20 ciphers in front.
1745 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1746 return false;
1747 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1748
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1749 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1750 if (!ssl) {
1751 return false;
1752 }
1753 std::vector<uint8_t> client_hello;
1754 if (!GetClientHello(ssl.get(), &client_hello)) {
1755 return false;
1756 }
1757
1758 // Zero the client_random.
1759 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1760 1 + 3 + // handshake message header
1761 2; // client_version
1762 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1763 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1764 return false;
1765 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1766 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1767
1768 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1769 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1770 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1771 fprintf(stderr, "Got:\n\t");
1772 for (size_t i = 0; i < client_hello.size(); i++) {
1773 fprintf(stderr, "0x%02x, ", client_hello[i]);
1774 }
1775 fprintf(stderr, "\nWanted:\n\t");
1776 for (size_t i = 0; i < expected_len; i++) {
1777 fprintf(stderr, "0x%02x, ", expected[i]);
1778 }
1779 fprintf(stderr, "\n");
1780 return false;
1781 }
1782
1783 return true;
1784}
1785
1786// Tests that our ClientHellos do not change unexpectedly.
1787static bool TestClientHello() {
1788 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1789 0x16,
1790 0x03, 0x00,
1791 0x00, 0x3f,
1792 0x01,
1793 0x00, 0x00, 0x3b,
1794 0x03, 0x00,
1795 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1796 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1797 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1798 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1799 0x00,
1800 0x00, 0x14,
1801 0xc0, 0x09,
1802 0xc0, 0x13,
1803 0x00, 0x33,
1804 0xc0, 0x0a,
1805 0xc0, 0x14,
1806 0x00, 0x39,
1807 0x00, 0x2f,
1808 0x00, 0x35,
1809 0x00, 0x0a,
1810 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1811 };
1812 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1813 sizeof(kSSL3ClientHello))) {
1814 return false;
1815 }
1816
1817 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1818 0x16,
1819 0x03, 0x01,
1820 0x00, 0x5e,
1821 0x01,
1822 0x00, 0x00, 0x5a,
1823 0x03, 0x01,
1824 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1825 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1826 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1827 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1828 0x00,
1829 0x00, 0x12,
1830 0xc0, 0x09,
1831 0xc0, 0x13,
1832 0x00, 0x33,
1833 0xc0, 0x0a,
1834 0xc0, 0x14,
1835 0x00, 0x39,
1836 0x00, 0x2f,
1837 0x00, 0x35,
1838 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1839 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1840 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1841 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1842 };
1843 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1844 sizeof(kTLS1ClientHello))) {
1845 return false;
1846 }
1847
1848 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1849 0x16,
1850 0x03, 0x01,
1851 0x00, 0x5e,
1852 0x01,
1853 0x00, 0x00, 0x5a,
1854 0x03, 0x02,
1855 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1856 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1857 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1858 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1859 0x00,
1860 0x00, 0x12,
1861 0xc0, 0x09,
1862 0xc0, 0x13,
1863 0x00, 0x33,
1864 0xc0, 0x0a,
1865 0xc0, 0x14,
1866 0x00, 0x39,
1867 0x00, 0x2f,
1868 0x00, 0x35,
1869 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1870 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1871 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1872 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1873 };
1874 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1875 sizeof(kTLS11ClientHello))) {
1876 return false;
1877 }
1878
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1879 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1880 // builds.
1881#if defined(BORINGSSL_ANDROID_SYSTEM)
1882 return true;
1883#endif
1884
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1885 static const uint8_t kTLS12ClientHello[] = {
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1886 0x16, 0x03, 0x01, 0x00, 0x9a, 0x01, 0x00, 0x00, 0x96, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1887 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1888 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1889 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0xcc, 0xa9,
1890 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x2c, 0xc0, 0x30,
1891 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0x00, 0x33,
1892 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x28, 0x00, 0x39,
1893 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
1894 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
1895 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1896 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
1897 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
1898 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
1899 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1900 };
1901 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1902 sizeof(kTLS12ClientHello))) {
1903 return false;
1904 }
1905
1906 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1907 // implementation has settled enough that it won't change.
1908
1909 return true;
1910}
1911
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1912static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1913
1914static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1915 // Save the most recent session.
1916 g_last_session.reset(session);
1917 return 1;
1918}
1919
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1920static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1921 SSL_CTX *server_ctx) {
1922 g_last_session = nullptr;
1923 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1924
1925 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1926 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1927 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1928 nullptr /* no session */)) {
1929 fprintf(stderr, "Failed to connect client and server.\n");
1930 return nullptr;
1931 }
1932
1933 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1934 SSL_read(client.get(), nullptr, 0);
1935
1936 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1937
1938 if (!g_last_session) {
1939 fprintf(stderr, "Client did not receive a session.\n");
1940 return nullptr;
1941 }
1942 return std::move(g_last_session);
1943}
1944
1945static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1946 SSL_SESSION *session,
1947 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1948 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1949 if (!ConnectClientAndServer(&client, &server, client_ctx,
1950 server_ctx, session)) {
1951 fprintf(stderr, "Failed to connect client and server.\n");
1952 return false;
1953 }
1954
1955 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1956 fprintf(stderr, "Client and server were inconsistent.\n");
1957 return false;
1958 }
1959
1960 bool was_reused = !!SSL_session_reused(client.get());
1961 if (was_reused != reused) {
1962 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1963 was_reused ? "" : " not");
1964 return false;
1965 }
1966
1967 return true;
1968}
1969
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]1970static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
1971 SSL_CTX *server_ctx,
1972 SSL_SESSION *session) {
1973 g_last_session = nullptr;
1974 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1975
1976 bssl::UniquePtr<SSL> client, server;
1977 if (!ConnectClientAndServer(&client, &server, client_ctx,
1978 server_ctx, session)) {
1979 fprintf(stderr, "Failed to connect client and server.\n");
1980 return nullptr;
1981 }
1982
1983 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1984 fprintf(stderr, "Client and server were inconsistent.\n");
1985 return nullptr;
1986 }
1987
1988 if (!SSL_session_reused(client.get())) {
1989 fprintf(stderr, "Session was not reused.\n");
1990 return nullptr;
1991 }
1992
1993 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1994 SSL_read(client.get(), nullptr, 0);
1995
1996 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1997
1998 if (!g_last_session) {
1999 fprintf(stderr, "Client did not receive a renewed session.\n");
2000 return nullptr;
2001 }
2002 return std::move(g_last_session);
2003}
2004
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2005static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2006 static const uint8_t kContext[] = {3};
2007
2008 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2009 return SSL_TLSEXT_ERR_ALERT_FATAL;
2010 }
2011
2012 return SSL_TLSEXT_ERR_OK;
2013}
2014
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2015static int SwitchSessionIDContextEarly(const SSL_CLIENT_HELLO *client_hello) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2016 static const uint8_t kContext[] = {3};
2017
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2018 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2019 sizeof(kContext))) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2020 return -1;
2021 }
2022
2023 return 1;
2024}
2025
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2026static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2027 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2028 bssl::UniquePtr<X509> cert = GetTestCertificate();
2029 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2030 if (!cert || !key) {
2031 return false;
2032 }
2033
2034 static const uint8_t kContext1[] = {1};
2035 static const uint8_t kContext2[] = {2};
2036
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2037 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2038 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2039 if (!server_ctx || !client_ctx ||
2040 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2041 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2042 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2043 sizeof(kContext1)) ||
2044 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2045 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2046 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2047 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2048 return false;
2049 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2050
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2051 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2052 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2053
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2054 bssl::UniquePtr<SSL_SESSION> session =
2055 CreateClientSession(client_ctx.get(), server_ctx.get());
2056 if (!session) {
2057 fprintf(stderr, "Error getting session.\n");
2058 return false;
2059 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2060
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2061 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2062 true /* expect session reused */)) {
2063 fprintf(stderr, "Error resuming session.\n");
2064 return false;
2065 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2066
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2067 // Change the session ID context.
2068 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2069 sizeof(kContext2))) {
2070 return false;
2071 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2072
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2073 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2074 false /* expect session not reused */)) {
2075 fprintf(stderr, "Error connecting with a different context.\n");
2076 return false;
2077 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2078
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2079 // Change the session ID context back and install an SNI callback to switch
2080 // it.
2081 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2082 sizeof(kContext1))) {
2083 return false;
2084 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2085
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2086 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2087 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2088
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2089 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2090 false /* expect session not reused */)) {
2091 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2092 return false;
2093 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2094
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2095 // Switch the session ID context with the early callback instead.
2096 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2097 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2098 SwitchSessionIDContextEarly);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2099
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2100 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2101 false /* expect session not reused */)) {
2102 fprintf(stderr,
2103 "Error connecting with a context switch on early callback.\n");
2104 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2105 }
2106
2107 return true;
2108}
2109
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2110static timeval g_current_time;
2111
2112static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2113 *out_clock = g_current_time;
2114}
2115
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2116static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2117 out_clock->tv_sec = 1000;
2118 out_clock->tv_usec = 0;
2119}
2120
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2121static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2122 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2123 int encrypt) {
2124 static const uint8_t kZeros[16] = {0};
2125
2126 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2127 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2128 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2129 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2130 return 0;
2131 }
2132
2133 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2134 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2135 return -1;
2136 }
2137
2138 // Returning two from the callback in decrypt mode renews the
2139 // session in TLS 1.2 and below.
2140 return encrypt ? 1 : 2;
2141}
2142
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2143static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2144 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2145 return false;
2146 }
2147
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2148 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2149 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2150 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2151
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2152#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2153 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2154 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2155#else
2156 static const uint8_t kZeros[16] = {0};
2157 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2158 bssl::ScopedEVP_CIPHER_CTX ctx;
2159 int len1, len2;
2160 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2161 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2162 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2163 return false;
2164 }
2165
2166 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2167#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2168
2169 bssl::UniquePtr<SSL_SESSION> server_session(
2170 SSL_SESSION_from_bytes(plaintext.get(), len));
2171 if (!server_session) {
2172 return false;
2173 }
2174
2175 *out = server_session->time;
2176 return true;
2177}
2178
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2179static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2180 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2181 bssl::UniquePtr<X509> cert = GetTestCertificate();
2182 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2183 if (!cert || !key) {
2184 return false;
2185 }
2186
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2187 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2188 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2189 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2190
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2191 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2192 // resumptions still perform ECDHE.
2193 const time_t timeout = version == TLS1_3_VERSION
2194 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2195 : SSL_DEFAULT_SESSION_TIMEOUT;
2196
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2197 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2198 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2199 if (!server_ctx || !client_ctx ||
2200 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2201 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2202 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2203 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2204 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2205 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2206 return false;
2207 }
2208
2209 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2210 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2211
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2212 // Both client and server must enforce session timeouts. We configure the
2213 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2214 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2215 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2216 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2217 } else {
2218 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2219 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2220 }
2221
2222 // Configure a ticket callback which renews tickets.
2223 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2224
2225 bssl::UniquePtr<SSL_SESSION> session =
2226 CreateClientSession(client_ctx.get(), server_ctx.get());
2227 if (!session) {
2228 fprintf(stderr, "Error getting session.\n");
2229 return false;
2230 }
2231
2232 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2233 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2234
2235 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2236 true /* expect session reused */)) {
2237 fprintf(stderr, "Error resuming session.\n");
2238 return false;
2239 }
2240
2241 // Advance the clock one more second.
2242 g_current_time.tv_sec++;
2243
2244 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2245 false /* expect session not reused */)) {
2246 fprintf(stderr, "Error resuming session.\n");
2247 return false;
2248 }
2249
2250 // Rewind the clock to before the session was minted.
2251 g_current_time.tv_sec = kStartTime - 1;
2252
2253 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2254 false /* expect session not reused */)) {
2255 fprintf(stderr, "Error resuming session.\n");
2256 return false;
2257 }
2258
2259 // SSL 3.0 cannot renew sessions.
2260 if (version == SSL3_VERSION) {
2261 continue;
2262 }
2263
2264 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2265 time_t new_start_time = kStartTime + timeout - 10;
2266 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2267 bssl::UniquePtr<SSL_SESSION> new_session =
2268 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2269 if (!new_session) {
2270 fprintf(stderr, "Error renewing session.\n");
2271 return false;
2272 }
2273
2274 // This new session is not the same object as before.
2275 if (session.get() == new_session.get()) {
2276 fprintf(stderr, "New and old sessions alias.\n");
2277 return false;
2278 }
2279
2280 // Check the sessions have timestamps measured from issuance.
2281 long session_time = 0;
2282 if (server_test) {
2283 if (!GetServerTicketTime(&session_time, new_session.get())) {
2284 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2285 return false;
2286 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2287 } else {
2288 session_time = new_session->time;
2289 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2290
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2291 if (session_time != g_current_time.tv_sec) {
2292 fprintf(stderr, "New session is not measured from issuance.\n");
2293 return false;
2294 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2295
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2296 if (version == TLS1_3_VERSION) {
2297 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2298 // lifetime TLS 1.3.
2299 g_current_time.tv_sec = new_start_time + timeout - 1;
2300 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2301 new_session.get(),
2302 true /* expect session reused */)) {
2303 fprintf(stderr, "Error resuming renewed session.\n");
2304 return false;
2305 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2306
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2307 // The new session expires after the new timeout.
2308 g_current_time.tv_sec = new_start_time + timeout + 1;
2309 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2310 new_session.get(),
2311 false /* expect session ot reused */)) {
2312 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2313 return false;
2314 }
2315
2316 // Renew the session until it begins just past the auth timeout.
2317 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2318 while (new_start_time < auth_end_time - 1000) {
2319 // Get as close as possible to target start time.
2320 new_start_time =
2321 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2322 g_current_time.tv_sec = new_start_time;
2323 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2324 new_session.get());
2325 if (!new_session) {
2326 fprintf(stderr, "Error renewing session.\n");
2327 return false;
2328 }
2329 }
2330
2331 // Now the session's lifetime is bound by the auth timeout.
2332 g_current_time.tv_sec = auth_end_time - 1;
2333 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2334 new_session.get(),
2335 true /* expect session reused */)) {
2336 fprintf(stderr, "Error resuming renewed session.\n");
2337 return false;
2338 }
2339
2340 g_current_time.tv_sec = auth_end_time + 1;
2341 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2342 new_session.get(),
2343 false /* expect session ot reused */)) {
2344 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2345 return false;
2346 }
2347 } else {
2348 // The new session is usable just before the old expiration.
2349 g_current_time.tv_sec = kStartTime + timeout - 1;
2350 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2351 new_session.get(),
2352 true /* expect session reused */)) {
2353 fprintf(stderr, "Error resuming renewed session.\n");
2354 return false;
2355 }
2356
2357 // Renewal does not extend the lifetime, so it is not usable beyond the
2358 // old expiration.
2359 g_current_time.tv_sec = kStartTime + timeout + 1;
2360 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2361 new_session.get(),
2362 false /* expect session not reused */)) {
2363 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2364 return false;
2365 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2366 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2367 }
2368
2369 return true;
2370}
2371
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2372static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2373 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2374 SSL_set_SSL_CTX(ssl, ctx);
2375 return SSL_TLSEXT_ERR_OK;
2376}
2377
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2378static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2379 uint16_t version) {
2380 // SSL 3.0 lacks extensions.
2381 if (version == SSL3_VERSION) {
2382 return true;
2383 }
2384
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2385 bssl::UniquePtr<X509> cert = GetTestCertificate();
2386 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2387 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2388 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2389 if (!cert || !key || !cert2 || !key2) {
2390 return false;
2391 }
2392
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2393 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2394 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2395
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2396 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2397 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2398 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2399 if (!server_ctx || !server_ctx2 || !client_ctx ||
2400 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2401 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2402 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2403 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
2404 // Historically signing preferences would be lost in some cases with the
2405 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2406 // this doesn't happen when |version| is TLS 1.2, configure the private
2407 // key to only sign SHA-256.
2408 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2409 1) ||
2410 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2411 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2412 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2413 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2414 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2415 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2416 return false;
2417 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2418
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2419 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2420 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2421
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2422 bssl::UniquePtr<SSL> client, server;
2423 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2424 server_ctx.get(), nullptr)) {
2425 fprintf(stderr, "Handshake failed.\n");
2426 return false;
2427 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2428
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2429 // The client should have received |cert2|.
2430 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2431 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2432 fprintf(stderr, "Incorrect certificate received.\n");
2433 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2434 }
2435
2436 return true;
2437}
2438
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2439// Test that the early callback can swap the maximum version.
2440TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2441 bssl::UniquePtr<X509> cert = GetTestCertificate();
2442 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2443 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2444 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2445 ASSERT_TRUE(cert);
2446 ASSERT_TRUE(key);
2447 ASSERT_TRUE(server_ctx);
2448 ASSERT_TRUE(client_ctx);
2449 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2450 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2451 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2452 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2453
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2454 SSL_CTX_set_select_certificate_cb(
2455 server_ctx.get(), [](const SSL_CLIENT_HELLO *client_hello) -> int {
2456 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
2457 return -1;
2458 }
2459
2460 return 1;
2461 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2462
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2463 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2464 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2465 server_ctx.get(), nullptr));
2466 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2467}
2468
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2469TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2470 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2471 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2472
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2473 // Set valid TLS versions.
2474 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2475 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2476 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2477 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2478
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2479 // Invalid TLS versions are rejected.
2480 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2481 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2482 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2483 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2484 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2485 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2486
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2487 // Zero is the default version.
2488 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2489 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2490 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2491 EXPECT_EQ(SSL3_VERSION, ctx->min_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2492
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2493 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2494 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2495
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2496 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2497 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2498 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2499 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2500
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2501 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2502 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2503 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2504 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2505 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2506 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2507 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2508 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2509
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame^]2510 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2511 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2512 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2513 EXPECT_EQ(TLS1_1_VERSION, ctx->min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2514}
2515
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2516static const char *GetVersionName(uint16_t version) {
2517 switch (version) {
2518 case SSL3_VERSION:
2519 return "SSLv3";
2520 case TLS1_VERSION:
2521 return "TLSv1";
2522 case TLS1_1_VERSION:
2523 return "TLSv1.1";
2524 case TLS1_2_VERSION:
2525 return "TLSv1.2";
2526 case TLS1_3_VERSION:
2527 return "TLSv1.3";
2528 case DTLS1_VERSION:
2529 return "DTLSv1";
2530 case DTLS1_2_VERSION:
2531 return "DTLSv1.2";
2532 default:
2533 return "???";
2534 }
2535}
2536
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2537static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2538 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2539 bssl::UniquePtr<X509> cert = GetTestCertificate();
2540 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2541 if (!cert || !key) {
2542 return false;
2543 }
2544
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2545 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2546 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2547 bssl::UniquePtr<SSL> client, server;
2548 if (!server_ctx || !client_ctx ||
2549 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2550 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2551 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2552 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2553 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2554 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2555 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2556 server_ctx.get(), nullptr /* no session */)) {
2557 fprintf(stderr, "Failed to connect.\n");
2558 return false;
2559 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2560
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2561 if (SSL_version(client.get()) != version ||
2562 SSL_version(server.get()) != version) {
2563 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2564 SSL_version(client.get()), SSL_version(server.get()), version);
2565 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2566 }
2567
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2568 // Test the version name is reported as expected.
2569 const char *version_name = GetVersionName(version);
2570 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2571 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2572 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2573 SSL_get_version(client.get()), SSL_get_version(server.get()),
2574 version_name);
2575 return false;
2576 }
2577
2578 // Test SSL_SESSION reports the same name.
2579 const char *client_name =
2580 SSL_SESSION_get_version(SSL_get_session(client.get()));
2581 const char *server_name =
2582 SSL_SESSION_get_version(SSL_get_session(server.get()));
2583 if (strcmp(version_name, client_name) != 0 ||
2584 strcmp(version_name, server_name) != 0) {
2585 fprintf(stderr,
2586 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2587 client_name, server_name, version_name);
2588 return false;
2589 }
2590
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2591 return true;
2592}
2593
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2594// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2595// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2596static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2597 uint16_t version) {
2598 // SSL 3.0 lacks extensions.
2599 if (version == SSL3_VERSION) {
2600 return true;
2601 }
2602
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2603 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2604
2605 bssl::UniquePtr<X509> cert = GetTestCertificate();
2606 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2607 if (!cert || !key) {
2608 return false;
2609 }
2610
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2611 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2612 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2613 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2614 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2615 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2616 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2617 0) {
2618 return false;
2619 }
2620
2621 // The ALPN callback does not fail the handshake on error, so have the
2622 // callback write a boolean.
2623 std::pair<uint16_t, bool> callback_state(version, false);
2624 SSL_CTX_set_alpn_select_cb(
2625 ctx.get(),
2626 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2627 unsigned in_len, void *arg) -> int {
2628 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2629 if (SSL_get_pending_cipher(ssl) != nullptr &&
2630 SSL_version(ssl) == state->first) {
2631 state->second = true;
2632 }
2633 return SSL_TLSEXT_ERR_NOACK;
2634 },
2635 &callback_state);
2636
2637 bssl::UniquePtr<SSL> client, server;
2638 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2639 nullptr /* no session */)) {
2640 return false;
2641 }
2642
2643 if (!callback_state.second) {
2644 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2645 return false;
2646 }
2647
2648 return true;
2649}
2650
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2651static bool TestSSLClearSessionResumption(bool is_dtls,
2652 const SSL_METHOD *method,
2653 uint16_t version) {
2654 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2655 // API pattern.
2656 if (version == TLS1_3_VERSION) {
2657 return true;
2658 }
2659
2660 bssl::UniquePtr<X509> cert = GetTestCertificate();
2661 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2662 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2663 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2664 if (!cert || !key || !server_ctx || !client_ctx ||
2665 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2666 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2667 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2668 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2669 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2670 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2671 return false;
2672 }
2673
2674 // Connect a client and a server.
2675 bssl::UniquePtr<SSL> client, server;
2676 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2677 server_ctx.get(), nullptr /* no session */)) {
2678 return false;
2679 }
2680
2681 if (SSL_session_reused(client.get()) ||
2682 SSL_session_reused(server.get())) {
2683 fprintf(stderr, "Session unexpectedly reused.\n");
2684 return false;
2685 }
2686
2687 // Reset everything.
2688 if (!SSL_clear(client.get()) ||
2689 !SSL_clear(server.get())) {
2690 fprintf(stderr, "SSL_clear failed.\n");
2691 return false;
2692 }
2693
2694 // Attempt to connect a second time.
2695 if (!CompleteHandshakes(client.get(), server.get())) {
2696 fprintf(stderr, "Could not reuse SSL objects.\n");
2697 return false;
2698 }
2699
2700 // |SSL_clear| should implicitly offer the previous session to the server.
2701 if (!SSL_session_reused(client.get()) ||
2702 !SSL_session_reused(server.get())) {
2703 fprintf(stderr, "Session was not reused in second try.\n");
2704 return false;
2705 }
2706
2707 return true;
2708}
2709
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2710static bool ChainsEqual(STACK_OF(X509) *chain,
2711 const std::vector<X509 *> &expected) {
2712 if (sk_X509_num(chain) != expected.size()) {
2713 return false;
2714 }
2715
2716 for (size_t i = 0; i < expected.size(); i++) {
2717 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2718 return false;
2719 }
2720 }
2721
2722 return true;
2723}
2724
2725static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2726 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2727 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2728 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2729 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2730 if (!cert || !intermediate || !key) {
2731 return false;
2732 }
2733
2734 // Configure both client and server to accept any certificate. Add
2735 // |intermediate| to the cert store.
2736 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2737 if (!ctx ||
2738 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2739 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2740 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2741 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2742 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2743 intermediate.get())) {
2744 return false;
2745 }
2746 SSL_CTX_set_verify(
2747 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2748 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2749
2750 // By default, the client and server should each only send the leaf.
2751 bssl::UniquePtr<SSL> client, server;
2752 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2753 nullptr /* no session */)) {
2754 return false;
2755 }
2756
2757 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2758 fprintf(stderr, "Client-received chain did not match.\n");
2759 return false;
2760 }
2761
2762 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2763 fprintf(stderr, "Server-received chain did not match.\n");
2764 return false;
2765 }
2766
2767 // If auto-chaining is enabled, then the intermediate is sent.
2768 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2769 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2770 nullptr /* no session */)) {
2771 return false;
2772 }
2773
2774 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2775 {cert.get(), intermediate.get()})) {
2776 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
2777 return false;
2778 }
2779
2780 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2781 {cert.get(), intermediate.get()})) {
2782 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
2783 return false;
2784 }
2785
2786 // Auto-chaining does not override explicitly-configured intermediates.
2787 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
2788 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2789 nullptr /* no session */)) {
2790 return false;
2791 }
2792
2793 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2794 {cert.get(), cert.get()})) {
2795 fprintf(stderr,
2796 "Client-received chain did not match (auto-chaining, explicit "
2797 "intermediate).\n");
2798 return false;
2799 }
2800
2801 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2802 {cert.get(), cert.get()})) {
2803 fprintf(stderr,
2804 "Server-received chain did not match (auto-chaining, explicit "
2805 "intermediate).\n");
2806 return false;
2807 }
2808
2809 return true;
2810}
2811
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2812static bool ExpectBadWriteRetry() {
2813 int err = ERR_get_error();
2814 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2815 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2816 char buf[ERR_ERROR_STRING_BUF_LEN];
2817 ERR_error_string_n(err, buf, sizeof(buf));
2818 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2819 return false;
2820 }
2821
2822 if (ERR_peek_error() != 0) {
2823 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2824 return false;
2825 }
2826
2827 return true;
2828}
2829
2830static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
2831 uint16_t version) {
2832 if (is_dtls) {
2833 return true;
2834 }
2835
2836 for (bool enable_partial_write : std::vector<bool>{false, true}) {
2837 // Connect a client and server.
2838 bssl::UniquePtr<X509> cert = GetTestCertificate();
2839 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2840 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2841 bssl::UniquePtr<SSL> client, server;
2842 if (!cert || !key || !ctx ||
2843 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2844 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2845 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2846 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2847 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2848 nullptr /* no session */)) {
2849 return false;
2850 }
2851
2852 if (enable_partial_write) {
2853 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
2854 }
2855
2856 // Write without reading until the buffer is full and we have an unfinished
2857 // write. Keep a count so we may reread it again later. "hello!" will be
2858 // written in two chunks, "hello" and "!".
2859 char data[] = "hello!";
2860 static const int kChunkLen = 5; // The length of "hello".
2861 unsigned count = 0;
2862 for (;;) {
2863 int ret = SSL_write(client.get(), data, kChunkLen);
2864 if (ret <= 0) {
2865 int err = SSL_get_error(client.get(), ret);
2866 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
2867 break;
2868 }
2869 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
2870 return false;
2871 }
2872
2873 if (ret != 5) {
2874 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
2875 return false;
2876 }
2877
2878 count++;
2879 }
2880
2881 // Retrying with the same parameters is legal.
2882 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
2883 SSL_ERROR_WANT_WRITE) {
2884 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2885 return false;
2886 }
2887
2888 // Retrying with the same buffer but shorter length is not legal.
2889 if (SSL_get_error(client.get(),
2890 SSL_write(client.get(), data, kChunkLen - 1)) !=
2891 SSL_ERROR_SSL ||
2892 !ExpectBadWriteRetry()) {
2893 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2894 return false;
2895 }
2896
2897 // Retrying with a different buffer pointer is not legal.
2898 char data2[] = "hello";
2899 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
2900 kChunkLen)) != SSL_ERROR_SSL ||
2901 !ExpectBadWriteRetry()) {
2902 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2903 return false;
2904 }
2905
2906 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
2907 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2908 if (SSL_get_error(client.get(),
2909 SSL_write(client.get(), data2, kChunkLen)) !=
2910 SSL_ERROR_WANT_WRITE) {
2911 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2912 return false;
2913 }
2914
2915 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
2916 if (SSL_get_error(client.get(),
2917 SSL_write(client.get(), data2, kChunkLen - 1)) !=
2918 SSL_ERROR_SSL ||
2919 !ExpectBadWriteRetry()) {
2920 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2921 return false;
2922 }
2923
2924 // Retrying with a larger buffer is legal.
2925 if (SSL_get_error(client.get(),
2926 SSL_write(client.get(), data, kChunkLen + 1)) !=
2927 SSL_ERROR_WANT_WRITE) {
2928 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2929 return false;
2930 }
2931
2932 // Drain the buffer.
2933 char buf[20];
2934 for (unsigned i = 0; i < count; i++) {
2935 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
2936 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
2937 fprintf(stderr, "Failed to read initial records.\n");
2938 return false;
2939 }
2940 }
2941
2942 // Now that there is space, a retry with a larger buffer should flush the
2943 // pending record, skip over that many bytes of input (on assumption they
2944 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
2945 // is set, this will complete in two steps.
2946 char data3[] = "_____!";
2947 if (enable_partial_write) {
2948 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
2949 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
2950 fprintf(stderr, "SSL_write retry failed.\n");
2951 return false;
2952 }
2953 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
2954 fprintf(stderr, "SSL_write retry failed.\n");
2955 return false;
2956 }
2957
2958 // Check the last write was correct. The data will be spread over two
2959 // records, so SSL_read returns twice.
2960 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
2961 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
2962 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
2963 buf[0] != '!') {
2964 fprintf(stderr, "Failed to read write retry.\n");
2965 return false;
2966 }
2967 }
2968
2969 return true;
2970}
2971
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2972static bool ForEachVersion(bool (*test_func)(bool is_dtls,
2973 const SSL_METHOD *method,
2974 uint16_t version)) {
2975 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]2976 SSL3_VERSION,
2977 TLS1_VERSION,
2978 TLS1_1_VERSION,
2979 TLS1_2_VERSION,
2980// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
2981#if !defined(BORINGSSL_ANDROID_SYSTEM)
2982 TLS1_3_VERSION,
2983#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2984 };
2985
2986 static uint16_t kDTLSVersions[] = {
2987 DTLS1_VERSION, DTLS1_2_VERSION,
2988 };
2989
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2990 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2991 if (!test_func(false, TLS_method(), version)) {
2992 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2993 return false;
2994 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2995 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2996
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2997 for (uint16_t version : kDTLSVersions) {
2998 if (!test_func(true, DTLS_method(), version)) {
2999 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3000 return false;
3001 }
3002 }
3003
3004 return true;
3005}
3006
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3007TEST(SSLTest, AddChainCertHack) {
3008 // Ensure that we don't accidently break the hack that we have in place to
3009 // keep curl and serf happy when they use an |X509| even after transfering
3010 // ownership.
3011
3012 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3013 ASSERT_TRUE(ctx);
3014 X509 *cert = GetTestCertificate().release();
3015 ASSERT_TRUE(cert);
3016 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3017
3018 // This should not trigger a use-after-free.
3019 X509_cmp(cert, cert);
3020}
3021
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3022TEST(SSLTest, GetCertificate) {
3023 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3024 ASSERT_TRUE(ctx);
3025 bssl::UniquePtr<X509> cert = GetTestCertificate();
3026 ASSERT_TRUE(cert);
3027 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3028 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3029 ASSERT_TRUE(ssl);
3030
3031 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3032 ASSERT_TRUE(cert2);
3033 X509 *cert3 = SSL_get_certificate(ssl.get());
3034 ASSERT_TRUE(cert3);
3035
3036 // The old and new certificates must be identical.
3037 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3038 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3039
3040 uint8_t *der = nullptr;
3041 long der_len = i2d_X509(cert.get(), &der);
3042 ASSERT_LT(0, der_len);
3043 bssl::UniquePtr<uint8_t> free_der(der);
3044
3045 uint8_t *der2 = nullptr;
3046 long der2_len = i2d_X509(cert2, &der2);
3047 ASSERT_LT(0, der2_len);
3048 bssl::UniquePtr<uint8_t> free_der2(der2);
3049
3050 uint8_t *der3 = nullptr;
3051 long der3_len = i2d_X509(cert3, &der3);
3052 ASSERT_LT(0, der3_len);
3053 bssl::UniquePtr<uint8_t> free_der3(der3);
3054
3055 // They must also encode identically.
3056 ASSERT_EQ(der2_len, der_len);
3057 EXPECT_EQ(0, OPENSSL_memcmp(der, der2, static_cast<size_t>(der_len)));
3058 ASSERT_EQ(der3_len, der_len);
3059 EXPECT_EQ(0, OPENSSL_memcmp(der, der3, static_cast<size_t>(der_len)));
3060}
3061
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3062// TODO(davidben): Convert this file to GTest properly.
3063TEST(SSLTest, AllTests) {
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3064 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]3065 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3066 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
3067 !TestSSL_SESSIONEncoding(kCustomSession) ||
3068 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3069 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3070 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3071 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]3072 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3073 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
3074 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
3075 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
3076 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
3077 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
3078 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
3079 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
3080 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
3081 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3082 // Test the padding extension at TLS 1.2.
3083 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3084 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3085 // will be no PSK binder after the padding extension.
3086 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3087 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3088 // will be a PSK binder after the padding extension.
3089 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3090 !TestInternalSessionCache() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3091 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3092 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3093 !ForEachVersion(TestGetPeerCertificate) ||
3094 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3095 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3096 !ForEachVersion(TestSessionIDContext) ||
3097 !ForEachVersion(TestSessionTimeout) ||
3098 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3099 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3100 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3101 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3102 !ForEachVersion(TestAutoChain) ||
3103 !ForEachVersion(TestSSLWriteRetry)) {
Brian Smith83a82982015-04-09 16:21:10 -1000[diff] [blame]3104 ERR_print_errors_fp(stderr);
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3105 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3106 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3107}