Google Git
Sign in
boringssl / boringssl.git / 83a321231b35088dd81d51e34af1346cb3050dcd / . / ssl / ssl_test.cc
blob: 4e0c2747b901613166cc20d1aca07576a14a12c9 [file] [log] [blame]
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]16#include <string.h>
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]17#include <time.h>
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]18
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]19#include <algorithm>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]20#include <string>
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]21#include <utility>
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]22#include <vector>
23
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]24#include <gtest/gtest.h>
25
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]26#include <openssl/base64.h>
27#include <openssl/bio.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]28#include <openssl/cipher.h>
David Benjamin7a1eefd2015-10-17 23:39:22 -0400[diff] [blame]29#include <openssl/crypto.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]30#include <openssl/err.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]31#include <openssl/hmac.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]32#include <openssl/pem.h>
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]33#include <openssl/sha.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]34#include <openssl/ssl.h>
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]35#include <openssl/rand.h>
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]36#include <openssl/x509.h>
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]37
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]38#include "internal.h"
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]39#include "../crypto/internal.h"
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]40#include "../crypto/test/test_util.h"
41
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]42#if defined(OPENSSL_WINDOWS)
43/* Windows defines struct timeval in winsock2.h. */
44OPENSSL_MSVC_PRAGMA(warning(push, 3))
45#include <winsock2.h>
46OPENSSL_MSVC_PRAGMA(warning(pop))
47#else
48#include <sys/time.h>
49#endif
50
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]51
52struct ExpectedCipher {
53 unsigned long id;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]54 int in_group_flag;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]55};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]56
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]57struct CipherTest {
58 // The rule string to apply.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]59 const char *rule;
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]60 // The list of expected ciphers, in order.
61 std::vector<ExpectedCipher> expected;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]62};
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]63
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]64struct CurveTest {
65 // The rule string to apply.
66 const char *rule;
67 // The list of expected curves, in order.
68 std::vector<uint16_t> expected;
69};
70
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]71static const CipherTest kCipherTests[] = {
72 // Selecting individual ciphers should work.
73 {
74 "ECDHE-ECDSA-CHACHA20-POLY1305:"
75 "ECDHE-RSA-CHACHA20-POLY1305:"
76 "ECDHE-ECDSA-AES128-GCM-SHA256:"
77 "ECDHE-RSA-AES128-GCM-SHA256",
78 {
79 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]80 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]81 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
82 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
83 },
84 },
85 // + reorders selected ciphers to the end, keeping their relative order.
86 {
87 "ECDHE-ECDSA-CHACHA20-POLY1305:"
88 "ECDHE-RSA-CHACHA20-POLY1305:"
89 "ECDHE-ECDSA-AES128-GCM-SHA256:"
90 "ECDHE-RSA-AES128-GCM-SHA256:"
91 "+aRSA",
92 {
93 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]94 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
95 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]96 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
97 },
98 },
99 // ! banishes ciphers from future selections.
100 {
101 "!aRSA:"
102 "ECDHE-ECDSA-CHACHA20-POLY1305:"
103 "ECDHE-RSA-CHACHA20-POLY1305:"
104 "ECDHE-ECDSA-AES128-GCM-SHA256:"
105 "ECDHE-RSA-AES128-GCM-SHA256",
106 {
107 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]108 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
109 },
110 },
111 // Multiple masks can be ANDed in a single rule.
112 {
113 "kRSA+AESGCM+AES128",
114 {
115 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
116 },
117 },
118 // - removes selected ciphers, but preserves their order for future
119 // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
120 // ECDHE_RSA.
121 {
122 "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
123 "AESGCM+AES128+aRSA",
124 {
125 {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
126 {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
127 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
128 },
129 },
130 // Unknown selectors are no-ops.
131 {
132 "ECDHE-ECDSA-CHACHA20-POLY1305:"
133 "ECDHE-RSA-CHACHA20-POLY1305:"
134 "ECDHE-ECDSA-AES128-GCM-SHA256:"
135 "ECDHE-RSA-AES128-GCM-SHA256:"
136 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4",
137 {
138 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]139 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]140 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
141 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
142 },
143 },
144 // Square brackets specify equi-preference groups.
145 {
146 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
147 "[ECDHE-RSA-CHACHA20-POLY1305]:"
148 "ECDHE-RSA-AES128-GCM-SHA256",
149 {
150 {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]151 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]152 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]153 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
154 },
155 },
156 // @STRENGTH performs a stable strength-sort of the selected ciphers and
157 // only the selected ciphers.
158 {
159 // To simplify things, banish all but {ECDHE_RSA,RSA} x
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]160 // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]161 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
162 // Order some ciphers backwards by strength.
Matthew Braithwaite8aaa9e12016-09-07 15:09:58 -0700[diff] [blame]163 "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]164 // Select ECDHE ones and sort them by strength. Ties should resolve
165 // based on the order above.
166 "kECDHE:@STRENGTH:-ALL:"
167 // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted
168 // by strength. Then RSA, backwards by strength.
169 "aRSA",
170 {
171 {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0},
172 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]173 {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0},
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]174 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
175 {TLS1_CK_RSA_WITH_AES_256_SHA, 0},
176 },
177 },
178 // Exact ciphers may not be used in multi-part rules; they are treated
179 // as unknown aliases.
180 {
181 "ECDHE-ECDSA-AES128-GCM-SHA256:"
182 "ECDHE-RSA-AES128-GCM-SHA256:"
183 "!ECDHE-RSA-AES128-GCM-SHA256+RSA:"
184 "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256",
185 {
186 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
187 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
188 },
189 },
190 // SSLv3 matches everything that existed before TLS 1.2.
191 {
192 "AES128-SHA:AES128-SHA256:!SSLv3",
193 {
194 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
195 },
196 },
197 // TLSv1.2 matches everything added in TLS 1.2.
198 {
199 "AES128-SHA:AES128-SHA256:!TLSv1.2",
200 {
201 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
202 },
203 },
204 // The two directives have no intersection.
205 {
206 "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3",
207 {
208 {TLS1_CK_RSA_WITH_AES_128_SHA, 0},
209 {TLS1_CK_RSA_WITH_AES_128_SHA256, 0},
210 },
211 },
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]212};
213
214static const char *kBadRules[] = {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]215 // Invalid brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]216 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
217 "RSA]",
218 "[[RSA]]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]219 // Operators inside brackets.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]220 "[+RSA]",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]221 // Unknown directive.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]222 "@BOGUS",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]223 // Empty cipher lists error at SSL_CTX_set_cipher_list.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]224 "",
225 "BOGUS",
David Benjamin32fbdf22015-04-07 01:14:06 -0400[diff] [blame]226 // COMPLEMENTOFDEFAULT is empty.
227 "COMPLEMENTOFDEFAULT",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]228 // Invalid command.
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]229 "?BAR",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]230 // Special operators are not allowed if groups are used.
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]231 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
232 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
233 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
234 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
Adam Langleyf99f2442016-10-02 09:53:38 -0700[diff] [blame]235 // Opcode supplied, but missing selector.
236 "+",
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]237};
238
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]239static const char *kMustNotIncludeNull[] = {
240 "ALL",
241 "DEFAULT",
242 "ALL:!eNULL",
243 "ALL:!NULL",
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]244 "HIGH",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]245 "FIPS",
246 "SHA",
247 "SHA1",
248 "RSA",
249 "SSLv3",
250 "TLSv1",
251 "TLSv1.2",
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]252};
253
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]254static const CurveTest kCurveTests[] = {
255 {
256 "P-256",
257 { SSL_CURVE_SECP256R1 },
258 },
259 {
260 "P-256:P-384:P-521:X25519",
261 {
262 SSL_CURVE_SECP256R1,
263 SSL_CURVE_SECP384R1,
264 SSL_CURVE_SECP521R1,
265 SSL_CURVE_X25519,
266 },
267 },
268};
269
270static const char *kBadCurvesLists[] = {
271 "",
272 ":",
273 "::",
274 "P-256::X25519",
275 "RSA:P-256",
276 "P-256:RSA",
277 "X25519:P-256:",
278 ":X25519:P-256",
279};
280
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]281static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
282 bool in_group = false;
283 for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]284 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
285 if (!in_group && list->in_group_flags[i]) {
286 fprintf(stderr, "\t[\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]287 in_group = true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]288 }
289 fprintf(stderr, "\t");
290 if (in_group) {
291 fprintf(stderr, " ");
292 }
293 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
294 if (in_group && !list->in_group_flags[i]) {
295 fprintf(stderr, "\t]\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]296 in_group = false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]297 }
298 }
299}
300
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]301static bool TestCipherRule(const CipherTest &t) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]302 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]303 if (!ctx) {
304 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]305 }
306
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]307 if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
308 fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]309 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]310 }
311
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]312 // Compare the two lists.
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]313 if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
314 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
315 PrintCipherPreferenceList(ctx->cipher_list);
316 return false;
317 }
318
319 for (size_t i = 0; i < t.expected.size(); i++) {
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]320 const SSL_CIPHER *cipher =
321 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]322 if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
323 t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
324 fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]325 PrintCipherPreferenceList(ctx->cipher_list);
326 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]327 }
328 }
329
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]330 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]331}
332
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]333static bool TestRuleDoesNotIncludeNull(const char *rule) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]334 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]335 if (!ctx) {
336 return false;
337 }
338 if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) {
339 fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
340 return false;
341 }
342 for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
343 if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
344 fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
345 return false;
346 }
347 }
348 return true;
349}
350
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]351static bool TestCipherRules() {
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]352 for (const CipherTest &test : kCipherTests) {
353 if (!TestCipherRule(test)) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]354 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]355 }
356 }
357
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]358 for (const char *rule : kBadRules) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]359 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]360 if (!ctx) {
361 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]362 }
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]363 if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
364 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]365 return false;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]366 }
367 ERR_clear_error();
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]368 }
369
David Benjaminfb974e62015-12-16 19:34:22 -0500[diff] [blame]370 for (const char *rule : kMustNotIncludeNull) {
371 if (!TestRuleDoesNotIncludeNull(rule)) {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]372 return false;
373 }
374 }
375
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]376 return true;
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]377}
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]378
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]379static bool TestCurveRule(const CurveTest &t) {
380 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
381 if (!ctx) {
382 return false;
383 }
384
385 if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
386 fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
387 return false;
388 }
389
390 // Compare the two lists.
391 if (ctx->supported_group_list_len != t.expected.size()) {
392 fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
393 return false;
394 }
395
396 for (size_t i = 0; i < t.expected.size(); i++) {
397 if (t.expected[i] != ctx->supported_group_list[i]) {
398 fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
399 return false;
400 }
401 }
402
403 return true;
404}
405
406static bool TestCurveRules() {
407 for (const CurveTest &test : kCurveTests) {
408 if (!TestCurveRule(test)) {
409 return false;
410 }
411 }
412
413 for (const char *rule : kBadCurvesLists) {
414 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
415 if (!ctx) {
416 return false;
417 }
418 if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
419 fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
420 return false;
421 }
422 ERR_clear_error();
423 }
424
425 return true;
426}
427
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]428// kOpenSSLSession is a serialized SSL_SESSION.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]429static const char kOpenSSLSession[] =
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]430 "MIIFqgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]431 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
432 "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"
433 "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
434 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"
435 "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
436 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
437 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
438 "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"
439 "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"
440 "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"
441 "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"
442 "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"
443 "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"
444 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
445 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
446 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
447 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"
448 "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
449 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
450 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"
451 "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"
452 "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"
453 "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"
454 "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"
455 "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"
456 "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"
457 "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"
458 "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"
459 "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"
Adam Langley364f7a62016-12-12 10:51:00 -0800[diff] [blame]460 "i4gv7Y5oliyntgMBAQA=";
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]461
462// kCustomSession is a custom serialized SSL_SESSION generated by
463// filling in missing fields from |kOpenSSLSession|. This includes
464// providing |peer_sha256|, so |peer| is not serialized.
465static const char kCustomSession[] =
466 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
467 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
468 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
469 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
470 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
471 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
472 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
473 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
474
475// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client.
476static const char kBoringSSLSession[] =
477 "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R"
478 "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf"
479 "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ"
480 "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"
481 "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy"
482 "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"
483 "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"
484 "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"
485 "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo"
486 "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU"
487 "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce"
488 "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/"
489 "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL"
490 "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd"
491 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"
492 "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"
493 "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"
494 "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG"
495 "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"
496 "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"
497 "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb"
498 "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE"
499 "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd"
500 "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+"
501 "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a"
502 "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y"
503 "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH"
504 "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH"
505 "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s"
506 "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE"
507 "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC"
508 "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL"
509 "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds"
510 "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw"
511 "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG"
512 "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE"
513 "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
514 "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np"
515 "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If"
516 "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S"
517 "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531"
518 "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn"
519 "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF"
520 "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB"
521 "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB"
522 "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v"
523 "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA"
524 "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK"
525 "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j"
526 "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S"
527 "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+"
528 "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl"
529 "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi"
530 "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95"
531 "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh"
532 "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT"
533 "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i"
534 "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG"
535 "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy"
536 "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
537 "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP"
538 "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv"
539 "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE"
540 "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ"
541 "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC"
542 "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7"
543 "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD"
544 "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov"
545 "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig"
546 "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ"
547 "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+"
548 "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI"
549 "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI"
550 "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X"
551 "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm"
552 "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40"
553 "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG"
554 "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg"
555 "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0"
556 "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ"
557 "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP"
558 "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI"
559 "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t"
560 "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN"
561 "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3"
562 "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE"
563 "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW"
564 "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9"
565 "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw"
566 "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j"
567 "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3"
568 "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF"
569 "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV"
570 "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D"
571 "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg==";
572
573// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing
574// the final (optional) element of |kCustomSession| with tag number 30.
575static const char kBadSessionExtraField[] =
576 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
577 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
578 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
579 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
580 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
581 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
582 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
583 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF";
584
585// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing
586// the version of |kCustomSession| with 2.
587static const char kBadSessionVersion[] =
588 "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
589 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
590 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
591 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
592 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
593 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
594 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
595 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";
596
597// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data
598// appended.
599static const char kBadSessionTrailingData[] =
600 "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"
601 "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"
602 "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"
603 "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"
604 "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"
605 "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"
606 "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"
607 "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA";
608
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]609static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]610 size_t len;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]611 if (!EVP_DecodedLength(&len, strlen(in))) {
612 fprintf(stderr, "EVP_DecodedLength failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]613 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]614 }
615
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]616 out->resize(len);
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]617 if (!EVP_DecodeBase64(out->data(), &len, len, (const uint8_t *)in,
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]618 strlen(in))) {
619 fprintf(stderr, "EVP_DecodeBase64 failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]620 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]621 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]622 out->resize(len);
623 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]624}
625
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]626static bool TestSSL_SESSIONEncoding(const char *input_b64) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]627 const uint8_t *cptr;
628 uint8_t *ptr;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]629
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]630 // Decode the input.
631 std::vector<uint8_t> input;
632 if (!DecodeBase64(&input, input_b64)) {
633 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]634 }
635
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]636 // Verify the SSL_SESSION decodes.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]637 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
638 if (!ssl_ctx) {
639 return false;
640 }
641 bssl::UniquePtr<SSL_SESSION> session(
642 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]643 if (!session) {
644 fprintf(stderr, "SSL_SESSION_from_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]645 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]646 }
647
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]648 // Verify the SSL_SESSION encoding round-trips.
649 size_t encoded_len;
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]650 bssl::UniquePtr<uint8_t> encoded;
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]651 uint8_t *encoded_raw;
652 if (!SSL_SESSION_to_bytes(session.get(), &encoded_raw, &encoded_len)) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]653 fprintf(stderr, "SSL_SESSION_to_bytes failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]654 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]655 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]656 encoded.reset(encoded_raw);
657 if (encoded_len != input.size() ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]658 OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]659 fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
Sigbjorn Vik2b23d242015-06-29 15:07:26 +0200[diff] [blame]660 hexdump(stderr, "Before: ", input.data(), input.size());
661 hexdump(stderr, "After: ", encoded_raw, encoded_len);
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]662 return false;
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]663 }
David Benjamin3cac4502014-10-21 01:46:30 -0400[diff] [blame]664
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]665 // Verify the SSL_SESSION also decodes with the legacy API.
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]666 cptr = input.data();
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]667 session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size()));
David Benjaminef14b2d2015-11-11 14:01:27 -0800[diff] [blame]668 if (!session || cptr != input.data() + input.size()) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]669 fprintf(stderr, "d2i_SSL_SESSION failed\n");
670 return false;
671 }
672
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]673 // Verify the SSL_SESSION encoding round-trips via the legacy API.
674 int len = i2d_SSL_SESSION(session.get(), NULL);
675 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]676 fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]677 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]678 }
679
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]680 encoded.reset((uint8_t *)OPENSSL_malloc(input.size()));
681 if (!encoded) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]682 fprintf(stderr, "malloc failed\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]683 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]684 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]685
686 ptr = encoded.get();
687 len = i2d_SSL_SESSION(session.get(), &ptr);
688 if (len < 0 || (size_t)len != input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]689 fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]690 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]691 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]692 if (ptr != encoded.get() + input.size()) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]693 fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]694 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]695 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]696 if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]697 fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]698 return false;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]699 }
700
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]701 return true;
David Benjamin751e8892014-10-19 00:59:36 -0400[diff] [blame]702}
703
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]704static bool TestBadSSL_SESSIONEncoding(const char *input_b64) {
705 std::vector<uint8_t> input;
706 if (!DecodeBase64(&input, input_b64)) {
707 return false;
708 }
709
710 // Verify that the SSL_SESSION fails to decode.
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]711 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
712 if (!ssl_ctx) {
713 return false;
714 }
715 bssl::UniquePtr<SSL_SESSION> session(
716 SSL_SESSION_from_bytes(input.data(), input.size(), ssl_ctx.get()));
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]717 if (session) {
David Benjaminfd67aa82015-06-15 19:41:48 -0400[diff] [blame]718 fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n");
David Benjaminf297e022015-05-28 19:55:29 -0400[diff] [blame]719 return false;
720 }
721 ERR_clear_error();
722 return true;
723}
724
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]725static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]726 const SSL_METHOD *(*method)(void)) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]727 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]728 if (!ctx) {
729 return false;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]730 }
David Benjaminb6a0a512016-06-21 10:33:21 -0400[diff] [blame]731 if (ctx->min_version != min_version || ctx->max_version != max_version) {
732 fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
733 ctx->min_version, ctx->max_version, min_version, max_version);
734 return false;
735 }
736 return true;
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]737}
738
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]739static bool CipherGetRFCName(std::string *out, uint16_t value) {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]740 const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
741 if (cipher == NULL) {
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]742 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]743 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]744 bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
David Benjamin3fa65f02015-05-15 19:11:57 -0400[diff] [blame]745 if (!rfc_name) {
746 return false;
747 }
David Benjamin67be0482015-04-20 16:19:00 -0400[diff] [blame]748 out->assign(rfc_name.get());
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]749 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]750}
751
752typedef struct {
David Benjamin2bdb35c2015-02-21 11:03:06 -0500[diff] [blame]753 int id;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]754 const char *rfc_name;
755} CIPHER_RFC_NAME_TEST;
756
757static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]758 {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
759 {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
760 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
761 {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
762 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
763 {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
764 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
765 {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
766 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
767 {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
768 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
769 {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
770 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
771 {TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
772 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
773 {TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
774 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
775 {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
776 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
777 {TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
778 {TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
779 {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]780};
781
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]782static bool TestCipherGetRFCName(void) {
783 for (size_t i = 0;
Steven Valdezcb966542016-08-17 16:56:14 -0400[diff] [blame]784 i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]785 const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]786 std::string rfc_name;
787 if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
788 fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
789 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]790 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]791 if (rfc_name != test->rfc_name) {
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]792 fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]793 rfc_name.c_str(), test->rfc_name);
794 return false;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]795 }
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]796 }
David Benjamin1d77e562015-03-22 17:22:08 -0400[diff] [blame]797 return true;
David Benjamin65226252015-02-05 16:49:47 -0500[diff] [blame]798}
799
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]800// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
801// version and ticket length or nullptr on failure.
802static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version,
803 size_t ticket_len) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]804 std::vector<uint8_t> der;
805 if (!DecodeBase64(&der, kOpenSSLSession)) {
806 return nullptr;
807 }
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]808
809 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
810 if (!ssl_ctx) {
811 return nullptr;
812 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]813 bssl::UniquePtr<SSL_SESSION> session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]814 SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get()));
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]815 if (!session) {
816 return nullptr;
817 }
818
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]819 session->ssl_version = version;
820
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]821 // Swap out the ticket for a garbage one.
822 OPENSSL_free(session->tlsext_tick);
823 session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len));
824 if (session->tlsext_tick == nullptr) {
825 return nullptr;
826 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]827 OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]828 session->tlsext_ticklen = ticket_len;
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]829
830 // Fix up the timeout.
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]831#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
832 session->time = 1234;
833#else
David Benjamin1269ddd2015-10-18 15:18:55 -0400[diff] [blame]834 session->time = time(NULL);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]835#endif
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]836 return session;
837}
838
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]839static bool GetClientHello(SSL *ssl, std::vector<uint8_t> *out) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]840 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]841 if (!bio) {
842 return false;
843 }
844 // Do not configure a reading BIO, but record what's written to a memory BIO.
David Benjamin96a16cd2016-08-11 12:14:47 -0400[diff] [blame]845 BIO_up_ref(bio.get());
846 SSL_set_bio(ssl, nullptr /* rbio */, bio.get());
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]847 int ret = SSL_connect(ssl);
848 if (ret > 0) {
849 // SSL_connect should fail without a BIO to write to.
850 return false;
851 }
852 ERR_clear_error();
853
854 const uint8_t *client_hello;
855 size_t client_hello_len;
856 if (!BIO_mem_contents(bio.get(), &client_hello, &client_hello_len)) {
857 return false;
858 }
859 *out = std::vector<uint8_t>(client_hello, client_hello + client_hello_len);
860 return true;
861}
862
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]863// GetClientHelloLen creates a client SSL connection with the specified version
864// and ticket length. It returns the length of the ClientHello, not including
865// the record header, on success and zero on error.
866static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version,
867 size_t ticket_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]868 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]869 bssl::UniquePtr<SSL_SESSION> session =
870 CreateSessionWithTicket(session_version, ticket_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]871 if (!ctx || !session) {
872 return 0;
873 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]874
875 // Set a one-element cipher list so the baseline ClientHello is unpadded.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]876 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]877 if (!ssl || !SSL_set_session(ssl.get(), session.get()) ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]878 !SSL_set_cipher_list(ssl.get(), "ECDHE-RSA-AES128-GCM-SHA256") ||
879 !SSL_set_max_proto_version(ssl.get(), max_version)) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]880 return 0;
881 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]882
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]883 std::vector<uint8_t> client_hello;
884 if (!GetClientHello(ssl.get(), &client_hello) ||
885 client_hello.size() <= SSL3_RT_HEADER_LENGTH) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]886 return 0;
887 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]888
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]889 return client_hello.size() - SSL3_RT_HEADER_LENGTH;
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]890}
891
892struct PaddingTest {
893 size_t input_len, padded_len;
894};
895
896static const PaddingTest kPaddingTests[] = {
897 // ClientHellos of length below 0x100 do not require padding.
898 {0xfe, 0xfe},
899 {0xff, 0xff},
900 // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200.
901 {0x100, 0x200},
902 {0x123, 0x200},
903 {0x1fb, 0x200},
904 // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The
905 // padding extension takes a minimum of four bytes plus one required content
906 // byte. (To work around yet more server bugs, we avoid empty final
907 // extensions.)
908 {0x1fc, 0x201},
909 {0x1fd, 0x202},
910 {0x1fe, 0x203},
911 {0x1ff, 0x204},
912 // Finally, larger ClientHellos need no padding.
913 {0x200, 0x200},
914 {0x201, 0x201},
915};
916
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]917static bool TestPaddingExtension(uint16_t max_version,
918 uint16_t session_version) {
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]919 // Sample a baseline length.
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]920 size_t base_len = GetClientHelloLen(max_version, session_version, 1);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]921 if (base_len == 0) {
922 return false;
923 }
924
925 for (const PaddingTest &test : kPaddingTests) {
926 if (base_len > test.input_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]927 fprintf(stderr,
928 "Baseline ClientHello too long (max_version = %04x, "
929 "session_version = %04x).\n",
930 max_version, session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]931 return false;
932 }
933
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]934 size_t padded_len = GetClientHelloLen(max_version, session_version,
935 1 + test.input_len - base_len);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]936 if (padded_len != test.padded_len) {
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]937 fprintf(stderr,
938 "%u-byte ClientHello padded to %u bytes, not %u (max_version = "
939 "%04x, session_version = %04x).\n",
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]940 static_cast<unsigned>(test.input_len),
941 static_cast<unsigned>(padded_len),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]942 static_cast<unsigned>(test.padded_len), max_version,
943 session_version);
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]944 return false;
945 }
946 }
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]947
David Benjamin422fe082015-07-21 22:03:43 -0400[diff] [blame]948 return true;
949}
950
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]951// Test that |SSL_get_client_CA_list| echoes back the configured parameter even
952// before configuring as a server.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]953TEST(SSLTest, ClientCAList) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]954 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]955 ASSERT_TRUE(ctx);
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]956 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]957 ASSERT_TRUE(ssl);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]958
959 STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]960 ASSERT_TRUE(stack);
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]961 // |SSL_set_client_CA_list| takes ownership.
962 SSL_set_client_CA_list(ssl.get(), stack);
963
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]964 EXPECT_EQ(stack, SSL_get_client_CA_list(ssl.get()));
David Benjamin1d128f32015-09-08 17:41:40 -0400[diff] [blame]965}
966
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]967static void AppendSession(SSL_SESSION *session, void *arg) {
968 std::vector<SSL_SESSION*> *out =
969 reinterpret_cast<std::vector<SSL_SESSION*>*>(arg);
970 out->push_back(session);
971}
972
973// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
974// order.
975static bool ExpectCache(SSL_CTX *ctx,
976 const std::vector<SSL_SESSION*> &expected) {
977 // Check the linked list.
978 SSL_SESSION *ptr = ctx->session_cache_head;
979 for (SSL_SESSION *session : expected) {
980 if (ptr != session) {
981 return false;
982 }
983 // TODO(davidben): This is an absurd way to denote the end of the list.
984 if (ptr->next ==
985 reinterpret_cast<SSL_SESSION *>(&ctx->session_cache_tail)) {
986 ptr = nullptr;
987 } else {
988 ptr = ptr->next;
989 }
990 }
991 if (ptr != nullptr) {
992 return false;
993 }
994
995 // Check the hash table.
996 std::vector<SSL_SESSION*> actual, expected_copy;
997 lh_SSL_SESSION_doall_arg(SSL_CTX_sessions(ctx), AppendSession, &actual);
998 expected_copy = expected;
999
1000 std::sort(actual.begin(), actual.end());
1001 std::sort(expected_copy.begin(), expected_copy.end());
1002
1003 return actual == expected_copy;
1004}
1005
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1006static bssl::UniquePtr<SSL_SESSION> CreateTestSession(uint32_t number) {
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]1007 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
1008 if (!ssl_ctx) {
1009 return nullptr;
1010 }
1011 bssl::UniquePtr<SSL_SESSION> ret(SSL_SESSION_new(ssl_ctx.get()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1012 if (!ret) {
1013 return nullptr;
1014 }
1015
1016 ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1017 OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
1018 OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1019 return ret;
1020}
1021
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1022// Test that the internal session cache behaves as expected.
1023static bool TestInternalSessionCache() {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1024 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1025 if (!ctx) {
1026 return false;
1027 }
1028
1029 // Prepare 10 test sessions.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1030 std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1031 for (int i = 0; i < 10; i++) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1032 bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1033 if (!session) {
1034 return false;
1035 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1036 sessions.push_back(std::move(session));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1037 }
1038
1039 SSL_CTX_sess_set_cache_size(ctx.get(), 5);
1040
1041 // Insert all the test sessions.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1042 for (const auto &session : sessions) {
1043 if (!SSL_CTX_add_session(ctx.get(), session.get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1044 return false;
1045 }
1046 }
1047
1048 // Only the last five should be in the list.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1049 std::vector<SSL_SESSION*> expected = {
1050 sessions[9].get(),
1051 sessions[8].get(),
1052 sessions[7].get(),
1053 sessions[6].get(),
1054 sessions[5].get(),
1055 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1056 if (!ExpectCache(ctx.get(), expected)) {
1057 return false;
1058 }
1059
1060 // Inserting an element already in the cache should fail.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1061 if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1062 !ExpectCache(ctx.get(), expected)) {
1063 return false;
1064 }
1065
1066 // Although collisions should be impossible (256-bit session IDs), the cache
1067 // must handle them gracefully.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1068 bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1069 if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
1070 return false;
1071 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1072 expected = {
1073 collision.get(),
1074 sessions[9].get(),
1075 sessions[8].get(),
1076 sessions[6].get(),
1077 sessions[5].get(),
1078 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1079 if (!ExpectCache(ctx.get(), expected)) {
1080 return false;
1081 }
1082
1083 // Removing sessions behaves correctly.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1084 if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1085 return false;
1086 }
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1087 expected = {
1088 collision.get(),
1089 sessions[9].get(),
1090 sessions[8].get(),
1091 sessions[5].get(),
1092 };
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1093 if (!ExpectCache(ctx.get(), expected)) {
1094 return false;
1095 }
1096
1097 // Removing sessions requires an exact match.
David Benjamin4f6acaf2015-11-21 03:00:50 -0500[diff] [blame]1098 if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
1099 SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
David Benjamin0f653952015-10-18 14:28:01 -0400[diff] [blame]1100 !ExpectCache(ctx.get(), expected)) {
1101 return false;
1102 }
1103
1104 return true;
1105}
1106
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1107static uint16_t EpochFromSequence(uint64_t seq) {
1108 return static_cast<uint16_t>(seq >> 48);
1109}
1110
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1111static bssl::UniquePtr<X509> GetTestCertificate() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1112 static const char kCertPEM[] =
1113 "-----BEGIN CERTIFICATE-----\n"
1114 "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n"
1115 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
1116 "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n"
1117 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
1118 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
1119 "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n"
1120 "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n"
1121 "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n"
1122 "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n"
1123 "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n"
1124 "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n"
1125 "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n"
1126 "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n"
1127 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1128 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1129 return bssl::UniquePtr<X509>(
1130 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1131}
1132
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1133static bssl::UniquePtr<EVP_PKEY> GetTestKey() {
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1134 static const char kKeyPEM[] =
1135 "-----BEGIN RSA PRIVATE KEY-----\n"
1136 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
1137 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
1138 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
1139 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
1140 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
1141 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
1142 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
1143 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
1144 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
1145 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
1146 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
1147 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
1148 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
1149 "-----END RSA PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1150 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1151 return bssl::UniquePtr<EVP_PKEY>(
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1152 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1153}
1154
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1155static bssl::UniquePtr<X509> GetECDSATestCertificate() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1156 static const char kCertPEM[] =
1157 "-----BEGIN CERTIFICATE-----\n"
1158 "MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n"
1159 "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n"
1160 "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n"
1161 "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n"
1162 "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n"
1163 "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n"
1164 "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n"
1165 "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n"
1166 "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
1167 "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
1168 "-----END CERTIFICATE-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1169 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1170 return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1171}
1172
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1173static bssl::UniquePtr<EVP_PKEY> GetECDSATestKey() {
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1174 static const char kKeyPEM[] =
1175 "-----BEGIN PRIVATE KEY-----\n"
1176 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n"
1177 "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n"
1178 "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n"
1179 "-----END PRIVATE KEY-----\n";
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1180 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1181 return bssl::UniquePtr<EVP_PKEY>(
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]1182 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1183}
1184
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]1185static bssl::UniquePtr<X509> GetChainTestCertificate() {
1186 static const char kCertPEM[] =
1187 "-----BEGIN CERTIFICATE-----\n"
1188 "MIIC0jCCAbqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEQiBD\n"
1189 "QTAeFw0xNjAyMjgyMDI3MDNaFw0yNjAyMjUyMDI3MDNaMBgxFjAUBgNVBAMMDUNs\n"
1190 "aWVudCBDZXJ0IEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRvaz8\n"
1191 "CC/cshpCafJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/\n"
1192 "kLRcH89M/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3\n"
1193 "tHb+xs2PSs8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+c\n"
1194 "IDs2rQ+lP7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1\n"
1195 "z7C8jU50Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9V\n"
1196 "iLeXANgZi+Xx9KgfAgMBAAGjLzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI\n"
1197 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBFEVbmYl+2RtNw\n"
1198 "rDftRDF1v2QUbcN2ouSnQDHxeDQdSgasLzT3ui8iYu0Rw2WWcZ0DV5e0ztGPhWq7\n"
1199 "AO0B120aFRMOY+4+bzu9Q2FFkQqc7/fKTvTDzIJI5wrMnFvUfzzvxh3OHWMYSs/w\n"
1200 "giq33hTKeHEq6Jyk3btCny0Ycecyc3yGXH10sizUfiHlhviCkDuESk8mFDwDDzqW\n"
1201 "ZF0IipzFbEDHoIxLlm3GQxpiLoEV4k8KYJp3R5KBLFyxM6UGPz8h72mIPCJp2RuK\n"
1202 "MYgF91UDvVzvnYm6TfseM2+ewKirC00GOrZ7rEcFvtxnKSqYf4ckqfNdSU1Y+RRC\n"
1203 "1ngWZ7Ih\n"
1204 "-----END CERTIFICATE-----\n";
1205 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1206 return bssl::UniquePtr<X509>(
1207 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1208}
1209
1210static bssl::UniquePtr<X509> GetChainTestIntermediate() {
1211 static const char kCertPEM[] =
1212 "-----BEGIN CERTIFICATE-----\n"
1213 "MIICwjCCAaqgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJQyBS\n"
1214 "b290IENBMB4XDTE2MDIyODIwMjcwM1oXDTI2MDIyNTIwMjcwM1owDzENMAsGA1UE\n"
1215 "AwwEQiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsSCYmDip2D\n"
1216 "GkjFxw7ykz26JSjELkl6ArlYjFJ3aT/SCh8qbS4gln7RH8CPBd78oFdfhIKQrwtZ\n"
1217 "3/q21ykD9BAS3qHe2YdcJfm8/kWAy5DvXk6NXU4qX334KofBAEpgdA/igEFq1P1l\n"
1218 "HAuIfZCpMRfT+i5WohVsGi8f/NgpRvVaMONLNfgw57mz1lbtFeBEISmX0kbsuJxF\n"
1219 "Qj/Bwhi5/0HAEXG8e7zN4cEx0yPRvmOATRdVb/8dW2pwOHRJq9R5M0NUkIsTSnL7\n"
1220 "6N/z8hRAHMsV3IudC5Yd7GXW1AGu9a+iKU+Q4xcZCoj0DC99tL4VKujrV1kAeqsM\n"
1221 "cz5/dKzi6+cCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
1222 "AQYwDQYJKoZIhvcNAQELBQADggEBAIIeZiEeNhWWQ8Y4D+AGDwqUUeG8NjCbKrXQ\n"
1223 "BlHg5wZ8xftFaiP1Dp/UAezmx2LNazdmuwrYB8lm3FVTyaPDTKEGIPS4wJKHgqH1\n"
1224 "QPDhqNm85ey7TEtI9oYjsNim/Rb+iGkIAMXaxt58SzxbjvP0kMr1JfJIZbic9vye\n"
1225 "NwIspMFIpP3FB8ywyu0T0hWtCQgL4J47nigCHpOu58deP88fS/Nyz/fyGVWOZ76b\n"
1226 "WhWwgM3P3X95fQ3d7oFPR/bVh0YV+Cf861INwplokXgXQ3/TCQ+HNXeAMWn3JLWv\n"
1227 "XFwk8owk9dq/kQGdndGgy3KTEW4ctPX5GNhf3LJ9Q7dLji4ReQ4=\n"
1228 "-----END CERTIFICATE-----\n";
1229 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
1230 return bssl::UniquePtr<X509>(
1231 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1232}
1233
1234static bssl::UniquePtr<EVP_PKEY> GetChainTestKey() {
1235 static const char kKeyPEM[] =
1236 "-----BEGIN PRIVATE KEY-----\n"
1237 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRvaz8CC/cshpC\n"
1238 "afJo4jLkHEoBqDLhdgFelJoAiQUyIqyWl2O7YHPnpJH+TgR7oelzNzt/kLRcH89M\n"
1239 "/TszB6zqyLTC4aqmvzKL0peD/jL2LWBucR0WXIvjA3zoRuF/x86+rYH3tHb+xs2P\n"
1240 "Ss8EGL/Ev+ss+qTzTGEn26fuGNHkNw6tOwPpc+o8+wUtzf/kAthamo+cIDs2rQ+l\n"
1241 "P7+aLZTLeU/q4gcLutlzcK5imex5xy2jPkweq48kijK0kIzl1cPlA5d1z7C8jU50\n"
1242 "Pj9X9sQDJTN32j7UYRisJeeYQF8GaaN8SbrDI6zHgKzrRLyxDt/KQa9ViLeXANgZ\n"
1243 "i+Xx9KgfAgMBAAECggEBAK0VjSJzkyPaamcyTVSWjo7GdaBGcK60lk657RjR+lK0\n"
1244 "YJ7pkej4oM2hdsVZFsP8Cs4E33nXLa/0pDsRov/qrp0WQm2skwqGMC1I/bZ0WRPk\n"
1245 "wHaDrBBfESWnJDX/AGpVtlyOjPmgmK6J2usMPihQUDkKdAYrVWJePrMIxt1q6BMe\n"
1246 "iczs3qriMmtY3bUc4UyUwJ5fhDLjshHvfuIpYQyI6EXZM6dZksn9LylXJnigY6QJ\n"
1247 "HxOYO0BDwOsZ8yQ8J8afLk88i0GizEkgE1z3REtQUwgWfxr1WV/ud+T6/ZhSAgH9\n"
1248 "042mQvSFZnIUSEsmCvjhWuAunfxHKCTcAoYISWfzWpkCgYEA7gpf3HHU5Tn+CgUn\n"
1249 "1X5uGpG3DmcMgfeGgs2r2f/IIg/5Ac1dfYILiybL1tN9zbyLCJfcbFpWBc9hJL6f\n"
1250 "CPc5hUiwWFJqBJewxQkC1Ae/HakHbip+IZ+Jr0842O4BAArvixk4Lb7/N2Ct9sTE\n"
1251 "NJO6RtK9lbEZ5uK61DglHy8CS2UCgYEA4ZC1o36kPAMQBggajgnucb2yuUEelk0f\n"
1252 "AEr+GI32MGE+93xMr7rAhBoqLg4AITyIfEnOSQ5HwagnIHonBbv1LV/Gf9ursx8Z\n"
1253 "YOGbvT8zzzC+SU1bkDzdjAYnFQVGIjMtKOBJ3K07++ypwX1fr4QsQ8uKL8WSOWwt\n"
1254 "Z3Bym6XiZzMCgYADnhy+2OwHX85AkLt+PyGlPbmuelpyTzS4IDAQbBa6jcuW/2wA\n"
1255 "UE2km75VUXmD+u2R/9zVuLm99NzhFhSMqlUxdV1YukfqMfP5yp1EY6m/5aW7QuIP\n"
1256 "2MDa7TVL9rIFMiVZ09RKvbBbQxjhuzPQKL6X/PPspnhiTefQ+dl2k9xREQKBgHDS\n"
1257 "fMfGNEeAEKezrfSVqxphE9/tXms3L+ZpnCaT+yu/uEr5dTIAawKoQ6i9f/sf1/Sy\n"
1258 "xedsqR+IB+oKrzIDDWMgoJybN4pkZ8E5lzhVQIjFjKgFdWLzzqyW9z1gYfABQPlN\n"
1259 "FiS20WX0vgP1vcKAjdNrHzc9zyHBpgQzDmAj3NZZAoGBAI8vKCKdH7w3aL5CNkZQ\n"
1260 "2buIeWNA2HZazVwAGG5F2TU/LmXfRKnG6dX5bkU+AkBZh56jNZy//hfFSewJB4Kk\n"
1261 "buB7ERSdaNbO21zXt9FEA3+z0RfMd/Zv2vlIWOSB5nzl/7UKti3sribK6s9ZVLfi\n"
1262 "SxpiPQ8d/hmSGwn4ksrWUsJD\n"
1263 "-----END PRIVATE KEY-----\n";
1264 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
1265 return bssl::UniquePtr<EVP_PKEY>(
1266 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1267}
1268
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1269static bool CompleteHandshakes(SSL *client, SSL *server) {
1270 // Drive both their handshakes to completion.
1271 for (;;) {
1272 int client_ret = SSL_do_handshake(client);
1273 int client_err = SSL_get_error(client, client_ret);
1274 if (client_err != SSL_ERROR_NONE &&
1275 client_err != SSL_ERROR_WANT_READ &&
1276 client_err != SSL_ERROR_WANT_WRITE) {
1277 fprintf(stderr, "Client error: %d\n", client_err);
1278 return false;
1279 }
1280
1281 int server_ret = SSL_do_handshake(server);
1282 int server_err = SSL_get_error(server, server_ret);
1283 if (server_err != SSL_ERROR_NONE &&
1284 server_err != SSL_ERROR_WANT_READ &&
1285 server_err != SSL_ERROR_WANT_WRITE) {
1286 fprintf(stderr, "Server error: %d\n", server_err);
1287 return false;
1288 }
1289
1290 if (client_ret == 1 && server_ret == 1) {
1291 break;
1292 }
1293 }
1294
1295 return true;
1296}
1297
1298static bool ConnectClientAndServer(bssl::UniquePtr<SSL> *out_client,
1299 bssl::UniquePtr<SSL> *out_server,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1300 SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1301 SSL_SESSION *session) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1302 bssl::UniquePtr<SSL> client(SSL_new(client_ctx)), server(SSL_new(server_ctx));
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1303 if (!client || !server) {
1304 return false;
1305 }
1306 SSL_set_connect_state(client.get());
1307 SSL_set_accept_state(server.get());
1308
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1309 SSL_set_session(client.get(), session);
1310
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1311 BIO *bio1, *bio2;
1312 if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) {
1313 return false;
1314 }
1315 // SSL_set_bio takes ownership.
1316 SSL_set_bio(client.get(), bio1, bio1);
1317 SSL_set_bio(server.get(), bio2, bio2);
1318
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]1319 if (!CompleteHandshakes(client.get(), server.get())) {
1320 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1321 }
1322
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1323 *out_client = std::move(client);
1324 *out_server = std::move(server);
1325 return true;
1326}
1327
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1328static bool TestSequenceNumber(bool is_dtls, const SSL_METHOD *method,
1329 uint16_t version) {
1330 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1331 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
1332 if (!server_ctx || !client_ctx ||
1333 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1334 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
1335 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1336 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
1337 return false;
1338 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1339
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1340 bssl::UniquePtr<X509> cert = GetTestCertificate();
1341 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
1342 if (!cert || !key || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1343 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1344 return false;
1345 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1346
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1347 bssl::UniquePtr<SSL> client, server;
1348 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
1349 server_ctx.get(), nullptr /* no session */)) {
1350 return false;
1351 }
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1352
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1353 // Drain any post-handshake messages to ensure there are no unread records
1354 // on either end.
1355 uint8_t byte = 0;
1356 if (SSL_read(client.get(), &byte, 1) > 0 ||
1357 SSL_read(server.get(), &byte, 1) > 0) {
1358 fprintf(stderr, "Received unexpected data.\n");
1359 return false;
1360 }
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1361
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1362 uint64_t client_read_seq = SSL_get_read_sequence(client.get());
1363 uint64_t client_write_seq = SSL_get_write_sequence(client.get());
1364 uint64_t server_read_seq = SSL_get_read_sequence(server.get());
1365 uint64_t server_write_seq = SSL_get_write_sequence(server.get());
Steven Valdez2c62fe92016-10-14 12:08:12 -0400[diff] [blame]1366
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1367 if (is_dtls) {
1368 // Both client and server must be at epoch 1.
1369 if (EpochFromSequence(client_read_seq) != 1 ||
1370 EpochFromSequence(client_write_seq) != 1 ||
1371 EpochFromSequence(server_read_seq) != 1 ||
1372 EpochFromSequence(server_write_seq) != 1) {
1373 fprintf(stderr, "Bad epochs.\n");
1374 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1375 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1376
1377 // The next record to be written should exceed the largest received.
1378 if (client_write_seq <= server_read_seq ||
1379 server_write_seq <= client_read_seq) {
1380 fprintf(stderr, "Inconsistent sequence numbers.\n");
1381 return false;
1382 }
1383 } else {
1384 // The next record to be written should equal the next to be received.
1385 if (client_write_seq != server_read_seq ||
1386 server_write_seq != client_read_seq) {
1387 fprintf(stderr, "Inconsistent sequence numbers.\n");
1388 return false;
1389 }
1390 }
1391
1392 // Send a record from client to server.
1393 if (SSL_write(client.get(), &byte, 1) != 1 ||
1394 SSL_read(server.get(), &byte, 1) != 1) {
1395 fprintf(stderr, "Could not send byte.\n");
1396 return false;
1397 }
1398
1399 // The client write and server read sequence numbers should have
1400 // incremented.
1401 if (client_write_seq + 1 != SSL_get_write_sequence(client.get()) ||
1402 server_read_seq + 1 != SSL_get_read_sequence(server.get())) {
1403 fprintf(stderr, "Sequence numbers did not increment.\n");
1404 return false;
David Benjaminde942382016-02-11 12:02:01 -0500[diff] [blame]1405 }
1406
1407 return true;
1408}
1409
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1410static bool TestOneSidedShutdown(bool is_dtls, const SSL_METHOD *method,
1411 uint16_t version) {
1412 // SSL_shutdown is a no-op in DTLS.
1413 if (is_dtls) {
1414 return true;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1415 }
1416
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1417 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
1418 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1419 bssl::UniquePtr<X509> cert = GetTestCertificate();
1420 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1421 if (!client_ctx || !server_ctx || !cert || !key ||
1422 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
1423 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
1424 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
1425 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1426 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
1427 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())) {
1428 return false;
1429 }
1430
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1431 bssl::UniquePtr<SSL> client, server;
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1432 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1433 server_ctx.get(), nullptr /* no session */)) {
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1434 return false;
1435 }
1436
1437 // Shut down half the connection. SSL_shutdown will return 0 to signal only
1438 // one side has shut down.
1439 if (SSL_shutdown(client.get()) != 0) {
1440 fprintf(stderr, "Could not shutdown.\n");
1441 return false;
1442 }
1443
1444 // Reading from the server should consume the EOF.
1445 uint8_t byte;
1446 if (SSL_read(server.get(), &byte, 1) != 0 ||
1447 SSL_get_error(server.get(), 0) != SSL_ERROR_ZERO_RETURN) {
1448 fprintf(stderr, "Connection was not shut down cleanly.\n");
1449 return false;
1450 }
1451
1452 // However, the server may continue to write data and then shut down the
1453 // connection.
1454 byte = 42;
1455 if (SSL_write(server.get(), &byte, 1) != 1 ||
1456 SSL_read(client.get(), &byte, 1) != 1 ||
1457 byte != 42) {
1458 fprintf(stderr, "Could not send byte.\n");
1459 return false;
1460 }
1461
1462 // The server may then shutdown the connection.
1463 if (SSL_shutdown(server.get()) != 1 ||
1464 SSL_shutdown(client.get()) != 1) {
1465 fprintf(stderr, "Could not complete shutdown.\n");
1466 return false;
1467 }
1468
1469 return true;
1470}
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]1471
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1472TEST(SSLTest, SessionDuplication) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1473 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
1474 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1475 ASSERT_TRUE(client_ctx);
1476 ASSERT_TRUE(server_ctx);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1477
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1478 bssl::UniquePtr<X509> cert = GetTestCertificate();
1479 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1480 ASSERT_TRUE(cert);
1481 ASSERT_TRUE(key);
1482 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
1483 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1484
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1485 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1486 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
1487 server_ctx.get(),
1488 nullptr /* no session */));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1489
1490 SSL_SESSION *session0 = SSL_get_session(client.get());
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1491 bssl::UniquePtr<SSL_SESSION> session1(
1492 SSL_SESSION_dup(session0, SSL_SESSION_DUP_ALL));
1493 ASSERT_TRUE(session1);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1494
Steven Valdez84b5c002016-08-25 16:30:58 -0400[diff] [blame]1495 session1->not_resumable = 0;
1496
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1497 uint8_t *s0_bytes, *s1_bytes;
1498 size_t s0_len, s1_len;
1499
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1500 ASSERT_TRUE(SSL_SESSION_to_bytes(session0, &s0_bytes, &s0_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1501 bssl::UniquePtr<uint8_t> free_s0(s0_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1502
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1503 ASSERT_TRUE(SSL_SESSION_to_bytes(session1.get(), &s1_bytes, &s1_len));
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1504 bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1505
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]1506 EXPECT_EQ(Bytes(s0_bytes, s0_len), Bytes(s1_bytes, s1_len));
Steven Valdez87eab492016-06-27 16:34:59 -0400[diff] [blame]1507}
David Benjamin686bb192016-05-10 15:15:41 -0400[diff] [blame]1508
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1509static void ExpectFDs(const SSL *ssl, int rfd, int wfd) {
1510 EXPECT_EQ(rfd, SSL_get_rfd(ssl));
1511 EXPECT_EQ(wfd, SSL_get_wfd(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1512
1513 // The wrapper BIOs are always equal when fds are equal, even if set
1514 // individually.
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1515 if (rfd == wfd) {
1516 EXPECT_EQ(SSL_get_rbio(ssl), SSL_get_wbio(ssl));
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1517 }
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1518}
1519
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1520TEST(SSLTest, SetFD) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1521 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1522 ASSERT_TRUE(ctx);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1523
1524 // Test setting different read and write FDs.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1525 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1526 ASSERT_TRUE(ssl);
1527 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1528 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1529 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1530
1531 // Test setting the same FD.
1532 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1533 ASSERT_TRUE(ssl);
1534 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1535 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1536
1537 // Test setting the same FD one side at a time.
1538 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1539 ASSERT_TRUE(ssl);
1540 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1541 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1542 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1543
1544 // Test setting the same FD in the other order.
1545 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1546 ASSERT_TRUE(ssl);
1547 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1548 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1549 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1550
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1551 // Test changing the read FD partway through.
1552 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1553 ASSERT_TRUE(ssl);
1554 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1555 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 2));
1556 ExpectFDs(ssl.get(), 2, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1557
1558 // Test changing the write FD partway through.
1559 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1560 ASSERT_TRUE(ssl);
1561 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1562 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 2));
1563 ExpectFDs(ssl.get(), 1, 2);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1564
1565 // Test a no-op change to the read FD partway through.
1566 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1567 ASSERT_TRUE(ssl);
1568 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1569 EXPECT_TRUE(SSL_set_rfd(ssl.get(), 1));
1570 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1571
1572 // Test a no-op change to the write FD partway through.
1573 ssl.reset(SSL_new(ctx.get()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1574 ASSERT_TRUE(ssl);
1575 EXPECT_TRUE(SSL_set_fd(ssl.get(), 1));
1576 EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1));
1577 ExpectFDs(ssl.get(), 1, 1);
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1578
1579 // ASan builds will implicitly test that the internal |BIO| reference-counting
1580 // is correct.
David Benjamin5c0fb882016-06-14 14:03:51 -0400[diff] [blame]1581}
1582
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1583TEST(SSLTest, SetBIO) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1584 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1585 ASSERT_TRUE(ctx);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1586
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1587 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
1588 bssl::UniquePtr<BIO> bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())),
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1589 bio3(BIO_new(BIO_s_mem()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]1590 ASSERT_TRUE(ssl);
1591 ASSERT_TRUE(bio1);
1592 ASSERT_TRUE(bio2);
1593 ASSERT_TRUE(bio3);
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1594
1595 // SSL_set_bio takes one reference when the parameters are the same.
1596 BIO_up_ref(bio1.get());
1597 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1598
1599 // Repeating the call does nothing.
1600 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1601
1602 // It takes one reference each when the parameters are different.
1603 BIO_up_ref(bio2.get());
1604 BIO_up_ref(bio3.get());
1605 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1606
1607 // Repeating the call does nothing.
1608 SSL_set_bio(ssl.get(), bio2.get(), bio3.get());
1609
1610 // It takes one reference when changing only wbio.
1611 BIO_up_ref(bio1.get());
1612 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1613
1614 // It takes one reference when changing only rbio and the two are different.
1615 BIO_up_ref(bio3.get());
1616 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1617
1618 // If setting wbio to rbio, it takes no additional references.
1619 SSL_set_bio(ssl.get(), bio3.get(), bio3.get());
1620
1621 // From there, wbio may be switched to something else.
1622 BIO_up_ref(bio1.get());
1623 SSL_set_bio(ssl.get(), bio3.get(), bio1.get());
1624
1625 // If setting rbio to wbio, it takes no additional references.
1626 SSL_set_bio(ssl.get(), bio1.get(), bio1.get());
1627
1628 // From there, rbio may be switched to something else, but, for historical
1629 // reasons, it takes a reference to both parameters.
1630 BIO_up_ref(bio1.get());
1631 BIO_up_ref(bio2.get());
1632 SSL_set_bio(ssl.get(), bio2.get(), bio1.get());
1633
1634 // ASAN builds will implicitly test that the internal |BIO| reference-counting
1635 // is correct.
David Benjamin4501bd52016-08-01 13:39:41 -0400[diff] [blame]1636}
1637
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1638static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; }
1639
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1640static bool TestGetPeerCertificate(bool is_dtls, const SSL_METHOD *method,
1641 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1642 bssl::UniquePtr<X509> cert = GetTestCertificate();
1643 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1644 if (!cert || !key) {
1645 return false;
1646 }
1647
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1648 // Configure both client and server to accept any certificate.
1649 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1650 if (!ctx ||
1651 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1652 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1653 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1654 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1655 return false;
1656 }
1657 SSL_CTX_set_verify(
1658 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1659 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1660
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1661 bssl::UniquePtr<SSL> client, server;
1662 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1663 nullptr /* no session */)) {
1664 return false;
1665 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1666
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1667 // Client and server should both see the leaf certificate.
1668 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1669 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1670 fprintf(stderr, "Server peer certificate did not match.\n");
1671 return false;
1672 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1673
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1674 peer.reset(SSL_get_peer_certificate(client.get()));
1675 if (!peer || X509_cmp(cert.get(), peer.get()) != 0) {
1676 fprintf(stderr, "Client peer certificate did not match.\n");
1677 return false;
1678 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1679
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1680 // However, for historical reasons, the chain includes the leaf on the
1681 // client, but does not on the server.
1682 if (sk_X509_num(SSL_get_peer_cert_chain(client.get())) != 1) {
1683 fprintf(stderr, "Client peer chain was incorrect.\n");
1684 return false;
1685 }
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1686
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1687 if (sk_X509_num(SSL_get_peer_cert_chain(server.get())) != 0) {
1688 fprintf(stderr, "Server peer chain was incorrect.\n");
1689 return false;
David Benjaminadd5e522016-07-14 00:33:24 -0400[diff] [blame]1690 }
1691
1692 return true;
1693}
1694
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1695static bool TestRetainOnlySHA256OfCerts(bool is_dtls, const SSL_METHOD *method,
1696 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1697 bssl::UniquePtr<X509> cert = GetTestCertificate();
1698 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1699 if (!cert || !key) {
1700 return false;
1701 }
1702
1703 uint8_t *cert_der = NULL;
1704 int cert_der_len = i2d_X509(cert.get(), &cert_der);
1705 if (cert_der_len < 0) {
1706 return false;
1707 }
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1708 bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1709
1710 uint8_t cert_sha256[SHA256_DIGEST_LENGTH];
1711 SHA256(cert_der, cert_der_len, cert_sha256);
1712
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1713 // Configure both client and server to accept any certificate, but the
1714 // server must retain only the SHA-256 of the peer.
1715 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
1716 if (!ctx ||
1717 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
1718 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
1719 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
1720 !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
1721 return false;
1722 }
1723 SSL_CTX_set_verify(
1724 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
1725 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
1726 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx.get(), 1);
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1727
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1728 bssl::UniquePtr<SSL> client, server;
1729 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
1730 nullptr /* no session */)) {
1731 return false;
1732 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1733
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1734 // The peer certificate has been dropped.
1735 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(server.get()));
1736 if (peer) {
1737 fprintf(stderr, "Peer certificate was retained.\n");
1738 return false;
1739 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1740
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1741 SSL_SESSION *session = SSL_get_session(server.get());
1742 if (!session->peer_sha256_valid) {
1743 fprintf(stderr, "peer_sha256_valid was not set.\n");
1744 return false;
1745 }
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1746
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1747 if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
1748 0) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]1749 fprintf(stderr, "peer_sha256 did not match.\n");
1750 return false;
David Benjamin25490f22016-07-14 00:22:54 -0400[diff] [blame]1751 }
1752
1753 return true;
1754}
1755
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1756static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
1757 size_t expected_len) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1758 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1759 if (!ctx ||
David Benjamine4706902016-09-20 15:12:23 -0400[diff] [blame]1760 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1761 // Our default cipher list varies by CPU capabilities, so manually place
1762 // the ChaCha20 ciphers in front.
1763 !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1764 return false;
1765 }
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]1766
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1767 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1768 if (!ssl) {
1769 return false;
1770 }
1771 std::vector<uint8_t> client_hello;
1772 if (!GetClientHello(ssl.get(), &client_hello)) {
1773 return false;
1774 }
1775
1776 // Zero the client_random.
1777 constexpr size_t kRandomOffset = 1 + 2 + 2 + // record header
1778 1 + 3 + // handshake message header
1779 2; // client_version
1780 if (client_hello.size() < kRandomOffset + SSL3_RANDOM_SIZE) {
1781 fprintf(stderr, "ClientHello for version %04x too short.\n", version);
1782 return false;
1783 }
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1784 OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1785
1786 if (client_hello.size() != expected_len ||
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]1787 OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1788 fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
1789 fprintf(stderr, "Got:\n\t");
1790 for (size_t i = 0; i < client_hello.size(); i++) {
1791 fprintf(stderr, "0x%02x, ", client_hello[i]);
1792 }
1793 fprintf(stderr, "\nWanted:\n\t");
1794 for (size_t i = 0; i < expected_len; i++) {
1795 fprintf(stderr, "0x%02x, ", expected[i]);
1796 }
1797 fprintf(stderr, "\n");
1798 return false;
1799 }
1800
1801 return true;
1802}
1803
1804// Tests that our ClientHellos do not change unexpectedly.
1805static bool TestClientHello() {
1806 static const uint8_t kSSL3ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1807 0x16,
1808 0x03, 0x00,
1809 0x00, 0x3f,
1810 0x01,
1811 0x00, 0x00, 0x3b,
1812 0x03, 0x00,
1813 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1814 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1815 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1816 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1817 0x00,
1818 0x00, 0x14,
1819 0xc0, 0x09,
1820 0xc0, 0x13,
1821 0x00, 0x33,
1822 0xc0, 0x0a,
1823 0xc0, 0x14,
1824 0x00, 0x39,
1825 0x00, 0x2f,
1826 0x00, 0x35,
1827 0x00, 0x0a,
1828 0x00, 0xff, 0x01, 0x00,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1829 };
1830 if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello,
1831 sizeof(kSSL3ClientHello))) {
1832 return false;
1833 }
1834
1835 static const uint8_t kTLS1ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1836 0x16,
1837 0x03, 0x01,
1838 0x00, 0x5e,
1839 0x01,
1840 0x00, 0x00, 0x5a,
1841 0x03, 0x01,
1842 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1843 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1844 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1845 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1846 0x00,
1847 0x00, 0x12,
1848 0xc0, 0x09,
1849 0xc0, 0x13,
1850 0x00, 0x33,
1851 0xc0, 0x0a,
1852 0xc0, 0x14,
1853 0x00, 0x39,
1854 0x00, 0x2f,
1855 0x00, 0x35,
1856 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1857 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1858 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1859 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1860 };
1861 if (!ClientHelloMatches(TLS1_VERSION, kTLS1ClientHello,
1862 sizeof(kTLS1ClientHello))) {
1863 return false;
1864 }
1865
1866 static const uint8_t kTLS11ClientHello[] = {
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]1867 0x16,
1868 0x03, 0x01,
1869 0x00, 0x5e,
1870 0x01,
1871 0x00, 0x00, 0x5a,
1872 0x03, 0x02,
1873 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1874 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1875 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1876 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1877 0x00,
1878 0x00, 0x12,
1879 0xc0, 0x09,
1880 0xc0, 0x13,
1881 0x00, 0x33,
1882 0xc0, 0x0a,
1883 0xc0, 0x14,
1884 0x00, 0x39,
1885 0x00, 0x2f,
1886 0x00, 0x35,
1887 0x00, 0x0a,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1888 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
1889 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
1890 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
1891 };
1892 if (!ClientHelloMatches(TLS1_1_VERSION, kTLS11ClientHello,
1893 sizeof(kTLS11ClientHello))) {
1894 return false;
1895 }
1896
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]1897 // kTLS12ClientHello assumes RSA-PSS, which is disabled for Android system
1898 // builds.
1899#if defined(BORINGSSL_ANDROID_SYSTEM)
1900 return true;
1901#endif
1902
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1903 static const uint8_t kTLS12ClientHello[] = {
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1904 0x16, 0x03, 0x01, 0x00, 0x9a, 0x01, 0x00, 0x00, 0x96, 0x03, 0x03, 0x00,
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]1905 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1906 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Adam Langley2e839242017-01-19 15:12:44 -0800[diff] [blame]1907 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0xcc, 0xa9,
1908 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x2c, 0xc0, 0x30,
1909 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0x00, 0x33,
1910 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x28, 0x00, 0x39,
1911 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
1912 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
1913 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
1914 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
1915 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
1916 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
1917 0x17, 0x00, 0x18,
David Benjaminafc64de2016-07-19 17:12:41 +0200[diff] [blame]1918 };
1919 if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
1920 sizeof(kTLS12ClientHello))) {
1921 return false;
1922 }
1923
1924 // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
1925 // implementation has settled enough that it won't change.
1926
1927 return true;
1928}
1929
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1930static bssl::UniquePtr<SSL_SESSION> g_last_session;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1931
1932static int SaveLastSession(SSL *ssl, SSL_SESSION *session) {
1933 // Save the most recent session.
1934 g_last_session.reset(session);
1935 return 1;
1936}
1937
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1938static bssl::UniquePtr<SSL_SESSION> CreateClientSession(SSL_CTX *client_ctx,
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1939 SSL_CTX *server_ctx) {
1940 g_last_session = nullptr;
1941 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1942
1943 // Connect client and server to get a session.
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1944 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1945 if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx,
1946 nullptr /* no session */)) {
1947 fprintf(stderr, "Failed to connect client and server.\n");
1948 return nullptr;
1949 }
1950
1951 // Run the read loop to account for post-handshake tickets in TLS 1.3.
1952 SSL_read(client.get(), nullptr, 0);
1953
1954 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
1955
1956 if (!g_last_session) {
1957 fprintf(stderr, "Client did not receive a session.\n");
1958 return nullptr;
1959 }
1960 return std::move(g_last_session);
1961}
1962
1963static bool ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx,
1964 SSL_SESSION *session,
1965 bool reused) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]1966 bssl::UniquePtr<SSL> client, server;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]1967 if (!ConnectClientAndServer(&client, &server, client_ctx,
1968 server_ctx, session)) {
1969 fprintf(stderr, "Failed to connect client and server.\n");
1970 return false;
1971 }
1972
1973 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
1974 fprintf(stderr, "Client and server were inconsistent.\n");
1975 return false;
1976 }
1977
1978 bool was_reused = !!SSL_session_reused(client.get());
1979 if (was_reused != reused) {
1980 fprintf(stderr, "Session was%s reused, but we expected the opposite.\n",
1981 was_reused ? "" : " not");
1982 return false;
1983 }
1984
1985 return true;
1986}
1987
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]1988static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
1989 SSL_CTX *server_ctx,
1990 SSL_SESSION *session) {
1991 g_last_session = nullptr;
1992 SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession);
1993
1994 bssl::UniquePtr<SSL> client, server;
1995 if (!ConnectClientAndServer(&client, &server, client_ctx,
1996 server_ctx, session)) {
1997 fprintf(stderr, "Failed to connect client and server.\n");
1998 return nullptr;
1999 }
2000
2001 if (SSL_session_reused(client.get()) != SSL_session_reused(server.get())) {
2002 fprintf(stderr, "Client and server were inconsistent.\n");
2003 return nullptr;
2004 }
2005
2006 if (!SSL_session_reused(client.get())) {
2007 fprintf(stderr, "Session was not reused.\n");
2008 return nullptr;
2009 }
2010
2011 // Run the read loop to account for post-handshake tickets in TLS 1.3.
2012 SSL_read(client.get(), nullptr, 0);
2013
2014 SSL_CTX_sess_set_new_cb(client_ctx, nullptr);
2015
2016 if (!g_last_session) {
2017 fprintf(stderr, "Client did not receive a renewed session.\n");
2018 return nullptr;
2019 }
2020 return std::move(g_last_session);
2021}
2022
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2023static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
2024 static const uint8_t kContext[] = {3};
2025
2026 if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
2027 return SSL_TLSEXT_ERR_ALERT_FATAL;
2028 }
2029
2030 return SSL_TLSEXT_ERR_OK;
2031}
2032
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2033static int SwitchSessionIDContextEarly(const SSL_CLIENT_HELLO *client_hello) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2034 static const uint8_t kContext[] = {3};
2035
David Benjamin731058e2016-12-03 23:15:13 -0500[diff] [blame]2036 if (!SSL_set_session_id_context(client_hello->ssl, kContext,
2037 sizeof(kContext))) {
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2038 return -1;
2039 }
2040
2041 return 1;
2042}
2043
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2044static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
2045 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2046 bssl::UniquePtr<X509> cert = GetTestCertificate();
2047 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2048 if (!cert || !key) {
2049 return false;
2050 }
2051
2052 static const uint8_t kContext1[] = {1};
2053 static const uint8_t kContext2[] = {2};
2054
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2055 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2056 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2057 if (!server_ctx || !client_ctx ||
2058 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2059 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2060 !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2061 sizeof(kContext1)) ||
2062 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2063 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2064 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2065 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2066 return false;
2067 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2068
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2069 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2070 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2071
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2072 bssl::UniquePtr<SSL_SESSION> session =
2073 CreateClientSession(client_ctx.get(), server_ctx.get());
2074 if (!session) {
2075 fprintf(stderr, "Error getting session.\n");
2076 return false;
2077 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2078
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2079 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2080 true /* expect session reused */)) {
2081 fprintf(stderr, "Error resuming session.\n");
2082 return false;
2083 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2084
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2085 // Change the session ID context.
2086 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext2,
2087 sizeof(kContext2))) {
2088 return false;
2089 }
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2090
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2091 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2092 false /* expect session not reused */)) {
2093 fprintf(stderr, "Error connecting with a different context.\n");
2094 return false;
2095 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2096
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2097 // Change the session ID context back and install an SNI callback to switch
2098 // it.
2099 if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
2100 sizeof(kContext1))) {
2101 return false;
2102 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2103
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2104 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
2105 SwitchSessionIDContextSNI);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2106
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2107 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2108 false /* expect session not reused */)) {
2109 fprintf(stderr, "Error connecting with a context switch on SNI callback.\n");
2110 return false;
2111 }
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2112
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2113 // Switch the session ID context with the early callback instead.
2114 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
2115 SSL_CTX_set_select_certificate_cb(server_ctx.get(),
2116 SwitchSessionIDContextEarly);
David Benjamina933c382016-10-28 00:10:03 -0400[diff] [blame]2117
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2118 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2119 false /* expect session not reused */)) {
2120 fprintf(stderr,
2121 "Error connecting with a context switch on early callback.\n");
2122 return false;
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]2123 }
2124
2125 return true;
2126}
2127
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2128static timeval g_current_time;
2129
2130static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
2131 *out_clock = g_current_time;
2132}
2133
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2134static void FrozenTimeCallback(const SSL *ssl, timeval *out_clock) {
2135 out_clock->tv_sec = 1000;
2136 out_clock->tv_usec = 0;
2137}
2138
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2139static int RenewTicketCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2140 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
2141 int encrypt) {
2142 static const uint8_t kZeros[16] = {0};
2143
2144 if (encrypt) {
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2145 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2146 RAND_bytes(iv, 16);
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2147 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
David Benjamin3c51d9b2016-11-01 17:50:42 -0400[diff] [blame]2148 return 0;
2149 }
2150
2151 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
2152 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
2153 return -1;
2154 }
2155
2156 // Returning two from the callback in decrypt mode renews the
2157 // session in TLS 1.2 and below.
2158 return encrypt ? 1 : 2;
2159}
2160
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2161static bool GetServerTicketTime(long *out, const SSL_SESSION *session) {
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2162 if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) {
2163 return false;
2164 }
2165
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2166 const uint8_t *ciphertext = session->tlsext_tick + 16 + 16;
2167 size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH;
2168 std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]);
2169
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2170#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2171 // Fuzzer-mode tickets are unencrypted.
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]2172 OPENSSL_memcpy(plaintext.get(), ciphertext, len);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2173#else
2174 static const uint8_t kZeros[16] = {0};
2175 const uint8_t *iv = session->tlsext_tick + 16;
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2176 bssl::ScopedEVP_CIPHER_CTX ctx;
2177 int len1, len2;
2178 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) ||
2179 !EVP_DecryptUpdate(ctx.get(), plaintext.get(), &len1, ciphertext, len) ||
2180 !EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + len1, &len2)) {
2181 return false;
2182 }
2183
2184 len = static_cast<size_t>(len1 + len2);
David Benjamin9b63f292016-11-15 00:44:05 -0500[diff] [blame]2185#endif
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2186
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2187 bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_method()));
2188 if (!ssl_ctx) {
2189 return false;
2190 }
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2191 bssl::UniquePtr<SSL_SESSION> server_session(
Adam Langley46db7af2017-02-01 15:49:37 -0800[diff] [blame]2192 SSL_SESSION_from_bytes(plaintext.get(), len, ssl_ctx.get()));
David Benjamin123db572016-11-03 16:59:25 -0400[diff] [blame]2193 if (!server_session) {
2194 return false;
2195 }
2196
2197 *out = server_session->time;
2198 return true;
2199}
2200
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2201static bool TestSessionTimeout(bool is_dtls, const SSL_METHOD *method,
2202 uint16_t version) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2203 bssl::UniquePtr<X509> cert = GetTestCertificate();
2204 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2205 if (!cert || !key) {
2206 return false;
2207 }
2208
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2209 for (bool server_test : std::vector<bool>{false, true}) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2210 static const time_t kStartTime = 1000;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2211 g_current_time.tv_sec = kStartTime;
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2212
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2213 // We are willing to use a longer lifetime for TLS 1.3 sessions as
2214 // resumptions still perform ECDHE.
2215 const time_t timeout = version == TLS1_3_VERSION
2216 ? SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT
2217 : SSL_DEFAULT_SESSION_TIMEOUT;
2218
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2219 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2220 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2221 if (!server_ctx || !client_ctx ||
2222 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2223 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2224 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2225 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2226 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2227 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2228 return false;
2229 }
2230
2231 SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
2232 SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
2233
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2234 // Both client and server must enforce session timeouts. We configure the
2235 // other side with a frozen clock so it never expires tickets.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2236 if (server_test) {
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2237 SSL_CTX_set_current_time_cb(client_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2238 SSL_CTX_set_current_time_cb(server_ctx.get(), CurrentTimeCallback);
2239 } else {
2240 SSL_CTX_set_current_time_cb(client_ctx.get(), CurrentTimeCallback);
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2241 SSL_CTX_set_current_time_cb(server_ctx.get(), FrozenTimeCallback);
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2242 }
2243
2244 // Configure a ticket callback which renews tickets.
2245 SSL_CTX_set_tlsext_ticket_key_cb(server_ctx.get(), RenewTicketCallback);
2246
2247 bssl::UniquePtr<SSL_SESSION> session =
2248 CreateClientSession(client_ctx.get(), server_ctx.get());
2249 if (!session) {
2250 fprintf(stderr, "Error getting session.\n");
2251 return false;
2252 }
2253
2254 // Advance the clock just behind the timeout.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2255 g_current_time.tv_sec += timeout - 1;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2256
2257 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2258 true /* expect session reused */)) {
2259 fprintf(stderr, "Error resuming session.\n");
2260 return false;
2261 }
2262
2263 // Advance the clock one more second.
2264 g_current_time.tv_sec++;
2265
2266 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2267 false /* expect session not reused */)) {
2268 fprintf(stderr, "Error resuming session.\n");
2269 return false;
2270 }
2271
2272 // Rewind the clock to before the session was minted.
2273 g_current_time.tv_sec = kStartTime - 1;
2274
2275 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
2276 false /* expect session not reused */)) {
2277 fprintf(stderr, "Error resuming session.\n");
2278 return false;
2279 }
2280
2281 // SSL 3.0 cannot renew sessions.
2282 if (version == SSL3_VERSION) {
2283 continue;
2284 }
2285
2286 // Renew the session 10 seconds before expiration.
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2287 time_t new_start_time = kStartTime + timeout - 10;
2288 g_current_time.tv_sec = new_start_time;
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2289 bssl::UniquePtr<SSL_SESSION> new_session =
2290 ExpectSessionRenewed(client_ctx.get(), server_ctx.get(), session.get());
2291 if (!new_session) {
2292 fprintf(stderr, "Error renewing session.\n");
2293 return false;
2294 }
2295
2296 // This new session is not the same object as before.
2297 if (session.get() == new_session.get()) {
2298 fprintf(stderr, "New and old sessions alias.\n");
2299 return false;
2300 }
2301
2302 // Check the sessions have timestamps measured from issuance.
2303 long session_time = 0;
2304 if (server_test) {
2305 if (!GetServerTicketTime(&session_time, new_session.get())) {
2306 fprintf(stderr, "Failed to decode session ticket.\n");
David Benjaminb2e2e322016-11-01 17:32:54 -0400[diff] [blame]2307 return false;
2308 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2309 } else {
2310 session_time = new_session->time;
2311 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2312
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2313 if (session_time != g_current_time.tv_sec) {
2314 fprintf(stderr, "New session is not measured from issuance.\n");
2315 return false;
2316 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2317
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2318 if (version == TLS1_3_VERSION) {
2319 // Renewal incorporates fresh key material in TLS 1.3, so we extend the
2320 // lifetime TLS 1.3.
2321 g_current_time.tv_sec = new_start_time + timeout - 1;
2322 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2323 new_session.get(),
2324 true /* expect session reused */)) {
2325 fprintf(stderr, "Error resuming renewed session.\n");
2326 return false;
2327 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2328
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]2329 // The new session expires after the new timeout.
2330 g_current_time.tv_sec = new_start_time + timeout + 1;
2331 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2332 new_session.get(),
2333 false /* expect session ot reused */)) {
2334 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2335 return false;
2336 }
2337
2338 // Renew the session until it begins just past the auth timeout.
2339 time_t auth_end_time = kStartTime + SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
2340 while (new_start_time < auth_end_time - 1000) {
2341 // Get as close as possible to target start time.
2342 new_start_time =
2343 std::min(auth_end_time - 1000, new_start_time + timeout - 1);
2344 g_current_time.tv_sec = new_start_time;
2345 new_session = ExpectSessionRenewed(client_ctx.get(), server_ctx.get(),
2346 new_session.get());
2347 if (!new_session) {
2348 fprintf(stderr, "Error renewing session.\n");
2349 return false;
2350 }
2351 }
2352
2353 // Now the session's lifetime is bound by the auth timeout.
2354 g_current_time.tv_sec = auth_end_time - 1;
2355 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2356 new_session.get(),
2357 true /* expect session reused */)) {
2358 fprintf(stderr, "Error resuming renewed session.\n");
2359 return false;
2360 }
2361
2362 g_current_time.tv_sec = auth_end_time + 1;
2363 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2364 new_session.get(),
2365 false /* expect session ot reused */)) {
2366 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2367 return false;
2368 }
2369 } else {
2370 // The new session is usable just before the old expiration.
2371 g_current_time.tv_sec = kStartTime + timeout - 1;
2372 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2373 new_session.get(),
2374 true /* expect session reused */)) {
2375 fprintf(stderr, "Error resuming renewed session.\n");
2376 return false;
2377 }
2378
2379 // Renewal does not extend the lifetime, so it is not usable beyond the
2380 // old expiration.
2381 g_current_time.tv_sec = kStartTime + timeout + 1;
2382 if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
2383 new_session.get(),
2384 false /* expect session not reused */)) {
2385 fprintf(stderr, "Renewed session's lifetime is too long.\n");
2386 return false;
2387 }
David Benjamin1b22f852016-10-27 16:36:32 -0400[diff] [blame]2388 }
David Benjamin721e8b72016-08-03 13:13:17 -0400[diff] [blame]2389 }
2390
2391 return true;
2392}
2393
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2394static int SwitchContext(SSL *ssl, int *out_alert, void *arg) {
2395 SSL_CTX *ctx = reinterpret_cast<SSL_CTX*>(arg);
2396 SSL_set_SSL_CTX(ssl, ctx);
2397 return SSL_TLSEXT_ERR_OK;
2398}
2399
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2400static bool TestSNICallback(bool is_dtls, const SSL_METHOD *method,
2401 uint16_t version) {
2402 // SSL 3.0 lacks extensions.
2403 if (version == SSL3_VERSION) {
2404 return true;
2405 }
2406
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2407 bssl::UniquePtr<X509> cert = GetTestCertificate();
2408 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2409 bssl::UniquePtr<X509> cert2 = GetECDSATestCertificate();
2410 bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey();
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2411 if (!cert || !key || !cert2 || !key2) {
2412 return false;
2413 }
2414
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2415 // Test that switching the |SSL_CTX| at the SNI callback behaves correctly.
2416 static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2417
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame^]2418 static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8};
2419 static const uint8_t kOCSPResponse[] = {1, 2, 3, 4};
2420
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2421 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2422 bssl::UniquePtr<SSL_CTX> server_ctx2(SSL_CTX_new(method));
2423 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2424 if (!server_ctx || !server_ctx2 || !client_ctx ||
2425 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2426 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2427 !SSL_CTX_use_certificate(server_ctx2.get(), cert2.get()) ||
2428 !SSL_CTX_use_PrivateKey(server_ctx2.get(), key2.get()) ||
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame^]2429 !SSL_CTX_set_signed_cert_timestamp_list(server_ctx2.get(), kSCTList,
2430 sizeof(kSCTList)) ||
2431 !SSL_CTX_set_ocsp_response(server_ctx2.get(), kOCSPResponse,
2432 sizeof(kOCSPResponse)) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2433 // Historically signing preferences would be lost in some cases with the
2434 // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure
2435 // this doesn't happen when |version| is TLS 1.2, configure the private
2436 // key to only sign SHA-256.
2437 !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256,
2438 1) ||
2439 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2440 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2441 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2442 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2443 !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
2444 !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
2445 return false;
2446 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2447
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2448 SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), SwitchContext);
2449 SSL_CTX_set_tlsext_servername_arg(server_ctx.get(), server_ctx2.get());
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2450
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame^]2451 SSL_CTX_enable_signed_cert_timestamps(client_ctx.get());
2452 SSL_CTX_enable_ocsp_stapling(client_ctx.get());
2453
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2454 bssl::UniquePtr<SSL> client, server;
2455 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2456 server_ctx.get(), nullptr)) {
2457 fprintf(stderr, "Handshake failed.\n");
2458 return false;
2459 }
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2460
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2461 // The client should have received |cert2|.
2462 bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
2463 if (!peer || X509_cmp(peer.get(), cert2.get()) != 0) {
2464 fprintf(stderr, "Incorrect certificate received.\n");
2465 return false;
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2466 }
2467
David Benjamin83a32122017-02-14 18:34:54 -0500[diff] [blame^]2468 // The client should have received |server_ctx2|'s SCT list.
2469 const uint8_t *data;
2470 size_t len;
2471 SSL_get0_signed_cert_timestamp_list(client.get(), &data, &len);
2472 if (Bytes(kSCTList) != Bytes(data, len)) {
2473 fprintf(stderr, "Incorrect SCT list received.\n");
2474 return false;
2475 }
2476
2477 // The client should have received |server_ctx2|'s OCSP response.
2478 SSL_get0_ocsp_response(client.get(), &data, &len);
2479 if (Bytes(kOCSPResponse) != Bytes(data, len)) {
2480 fprintf(stderr, "Incorrect OCSP response received.\n");
2481 return false;
2482 }
2483
David Benjamin0fc37ef2016-08-17 15:29:46 -0400[diff] [blame]2484 return true;
2485}
2486
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2487// Test that the early callback can swap the maximum version.
2488TEST(SSLTest, EarlyCallbackVersionSwitch) {
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2489 bssl::UniquePtr<X509> cert = GetTestCertificate();
2490 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2491 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method()));
2492 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2493 ASSERT_TRUE(cert);
2494 ASSERT_TRUE(key);
2495 ASSERT_TRUE(server_ctx);
2496 ASSERT_TRUE(client_ctx);
2497 ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
2498 ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
2499 ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION));
2500 ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2501
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2502 SSL_CTX_set_select_certificate_cb(
2503 server_ctx.get(), [](const SSL_CLIENT_HELLO *client_hello) -> int {
2504 if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
2505 return -1;
2506 }
2507
2508 return 1;
2509 });
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2510
Matt Braithwaited17d74d2016-08-17 20:10:28 -0700[diff] [blame]2511 bssl::UniquePtr<SSL> client, server;
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2512 ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
2513 server_ctx.get(), nullptr));
2514 EXPECT_EQ(TLS1_2_VERSION, SSL_version(client.get()));
David Benjamin99620572016-08-30 00:35:36 -0400[diff] [blame]2515}
2516
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2517TEST(SSLTest, SetVersion) {
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2518 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2519 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2520
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2521 // Set valid TLS versions.
2522 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2523 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
2524 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2525 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2526
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2527 // Invalid TLS versions are rejected.
2528 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2529 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x0200));
2530 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2531 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2532 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x0200));
2533 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2534
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2535 // Zero is the default version.
2536 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2537 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2538 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2539 EXPECT_EQ(SSL3_VERSION, ctx->min_version);
David Benjamine34bcc92016-09-21 16:53:09 -0400[diff] [blame]2540
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2541 ctx.reset(SSL_CTX_new(DTLS_method()));
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2542 ASSERT_TRUE(ctx);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2543
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2544 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION));
2545 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION));
2546 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION));
2547 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2548
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2549 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION));
2550 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2551 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2552 EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), 0x1234));
2553 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION));
2554 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */));
2555 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */));
2556 EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2557
David Benjaminf0d8e222017-02-04 10:58:26 -0500[diff] [blame]2558 EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
2559 EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
2560 EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
2561 EXPECT_EQ(TLS1_1_VERSION, ctx->min_version);
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]2562}
2563
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2564static const char *GetVersionName(uint16_t version) {
2565 switch (version) {
2566 case SSL3_VERSION:
2567 return "SSLv3";
2568 case TLS1_VERSION:
2569 return "TLSv1";
2570 case TLS1_1_VERSION:
2571 return "TLSv1.1";
2572 case TLS1_2_VERSION:
2573 return "TLSv1.2";
2574 case TLS1_3_VERSION:
2575 return "TLSv1.3";
2576 case DTLS1_VERSION:
2577 return "DTLSv1";
2578 case DTLS1_2_VERSION:
2579 return "DTLSv1.2";
2580 default:
2581 return "???";
2582 }
2583}
2584
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2585static bool TestVersion(bool is_dtls, const SSL_METHOD *method,
2586 uint16_t version) {
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2587 bssl::UniquePtr<X509> cert = GetTestCertificate();
2588 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2589 if (!cert || !key) {
2590 return false;
2591 }
2592
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2593 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2594 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2595 bssl::UniquePtr<SSL> client, server;
2596 if (!server_ctx || !client_ctx ||
2597 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2598 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2599 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2600 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2601 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2602 !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
2603 !ConnectClientAndServer(&client, &server, client_ctx.get(),
2604 server_ctx.get(), nullptr /* no session */)) {
2605 fprintf(stderr, "Failed to connect.\n");
2606 return false;
2607 }
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2608
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2609 if (SSL_version(client.get()) != version ||
2610 SSL_version(server.get()) != version) {
2611 fprintf(stderr, "Version mismatch. Got %04x and %04x, wanted %04x.\n",
2612 SSL_version(client.get()), SSL_version(server.get()), version);
2613 return false;
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2614 }
2615
David Benjamin458334a2016-12-15 13:53:25 -0500[diff] [blame]2616 // Test the version name is reported as expected.
2617 const char *version_name = GetVersionName(version);
2618 if (strcmp(version_name, SSL_get_version(client.get())) != 0 ||
2619 strcmp(version_name, SSL_get_version(server.get())) != 0) {
2620 fprintf(stderr, "Version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2621 SSL_get_version(client.get()), SSL_get_version(server.get()),
2622 version_name);
2623 return false;
2624 }
2625
2626 // Test SSL_SESSION reports the same name.
2627 const char *client_name =
2628 SSL_SESSION_get_version(SSL_get_session(client.get()));
2629 const char *server_name =
2630 SSL_SESSION_get_version(SSL_get_session(server.get()));
2631 if (strcmp(version_name, client_name) != 0 ||
2632 strcmp(version_name, server_name) != 0) {
2633 fprintf(stderr,
2634 "Session version name mismatch. Got '%s' and '%s', wanted '%s'.\n",
2635 client_name, server_name, version_name);
2636 return false;
2637 }
2638
David Benjamincb18ac22016-09-27 14:09:15 -0400[diff] [blame]2639 return true;
2640}
2641
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2642// Tests that that |SSL_get_pending_cipher| is available during the ALPN
2643// selection callback.
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2644static bool TestALPNCipherAvailable(bool is_dtls, const SSL_METHOD *method,
2645 uint16_t version) {
2646 // SSL 3.0 lacks extensions.
2647 if (version == SSL3_VERSION) {
2648 return true;
2649 }
2650
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]2651 static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'};
2652
2653 bssl::UniquePtr<X509> cert = GetTestCertificate();
2654 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2655 if (!cert || !key) {
2656 return false;
2657 }
2658
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]2659 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2660 if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2661 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2662 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2663 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2664 SSL_CTX_set_alpn_protos(ctx.get(), kALPNProtos, sizeof(kALPNProtos)) !=
2665 0) {
2666 return false;
2667 }
2668
2669 // The ALPN callback does not fail the handshake on error, so have the
2670 // callback write a boolean.
2671 std::pair<uint16_t, bool> callback_state(version, false);
2672 SSL_CTX_set_alpn_select_cb(
2673 ctx.get(),
2674 [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in,
2675 unsigned in_len, void *arg) -> int {
2676 auto state = reinterpret_cast<std::pair<uint16_t, bool> *>(arg);
2677 if (SSL_get_pending_cipher(ssl) != nullptr &&
2678 SSL_version(ssl) == state->first) {
2679 state->second = true;
2680 }
2681 return SSL_TLSEXT_ERR_NOACK;
2682 },
2683 &callback_state);
2684
2685 bssl::UniquePtr<SSL> client, server;
2686 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2687 nullptr /* no session */)) {
2688 return false;
2689 }
2690
2691 if (!callback_state.second) {
2692 fprintf(stderr, "The pending cipher was not known in the ALPN callback.\n");
2693 return false;
2694 }
2695
2696 return true;
2697}
2698
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]2699static bool TestSSLClearSessionResumption(bool is_dtls,
2700 const SSL_METHOD *method,
2701 uint16_t version) {
2702 // Skip this for TLS 1.3. TLS 1.3's ticket mechanism is incompatible with this
2703 // API pattern.
2704 if (version == TLS1_3_VERSION) {
2705 return true;
2706 }
2707
2708 bssl::UniquePtr<X509> cert = GetTestCertificate();
2709 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2710 bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(method));
2711 bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(method));
2712 if (!cert || !key || !server_ctx || !client_ctx ||
2713 !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
2714 !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
2715 !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
2716 !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
2717 !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
2718 !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
2719 return false;
2720 }
2721
2722 // Connect a client and a server.
2723 bssl::UniquePtr<SSL> client, server;
2724 if (!ConnectClientAndServer(&client, &server, client_ctx.get(),
2725 server_ctx.get(), nullptr /* no session */)) {
2726 return false;
2727 }
2728
2729 if (SSL_session_reused(client.get()) ||
2730 SSL_session_reused(server.get())) {
2731 fprintf(stderr, "Session unexpectedly reused.\n");
2732 return false;
2733 }
2734
2735 // Reset everything.
2736 if (!SSL_clear(client.get()) ||
2737 !SSL_clear(server.get())) {
2738 fprintf(stderr, "SSL_clear failed.\n");
2739 return false;
2740 }
2741
2742 // Attempt to connect a second time.
2743 if (!CompleteHandshakes(client.get(), server.get())) {
2744 fprintf(stderr, "Could not reuse SSL objects.\n");
2745 return false;
2746 }
2747
2748 // |SSL_clear| should implicitly offer the previous session to the server.
2749 if (!SSL_session_reused(client.get()) ||
2750 !SSL_session_reused(server.get())) {
2751 fprintf(stderr, "Session was not reused in second try.\n");
2752 return false;
2753 }
2754
2755 return true;
2756}
2757
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2758static bool ChainsEqual(STACK_OF(X509) *chain,
2759 const std::vector<X509 *> &expected) {
2760 if (sk_X509_num(chain) != expected.size()) {
2761 return false;
2762 }
2763
2764 for (size_t i = 0; i < expected.size(); i++) {
2765 if (X509_cmp(sk_X509_value(chain, i), expected[i]) != 0) {
2766 return false;
2767 }
2768 }
2769
2770 return true;
2771}
2772
2773static bool TestAutoChain(bool is_dtls, const SSL_METHOD *method,
2774 uint16_t version) {
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]2775 bssl::UniquePtr<X509> cert = GetChainTestCertificate();
2776 bssl::UniquePtr<X509> intermediate = GetChainTestIntermediate();
2777 bssl::UniquePtr<EVP_PKEY> key = GetChainTestKey();
2778 if (!cert || !intermediate || !key) {
2779 return false;
2780 }
2781
2782 // Configure both client and server to accept any certificate. Add
2783 // |intermediate| to the cert store.
2784 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2785 if (!ctx ||
2786 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2787 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2788 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2789 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2790 !X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx.get()),
2791 intermediate.get())) {
2792 return false;
2793 }
2794 SSL_CTX_set_verify(
2795 ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
2796 SSL_CTX_set_cert_verify_callback(ctx.get(), VerifySucceed, NULL);
2797
2798 // By default, the client and server should each only send the leaf.
2799 bssl::UniquePtr<SSL> client, server;
2800 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2801 nullptr /* no session */)) {
2802 return false;
2803 }
2804
2805 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()), {cert.get()})) {
2806 fprintf(stderr, "Client-received chain did not match.\n");
2807 return false;
2808 }
2809
2810 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()), {cert.get()})) {
2811 fprintf(stderr, "Server-received chain did not match.\n");
2812 return false;
2813 }
2814
2815 // If auto-chaining is enabled, then the intermediate is sent.
2816 SSL_CTX_clear_mode(ctx.get(), SSL_MODE_NO_AUTO_CHAIN);
2817 if (!ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2818 nullptr /* no session */)) {
2819 return false;
2820 }
2821
2822 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2823 {cert.get(), intermediate.get()})) {
2824 fprintf(stderr, "Client-received chain did not match (auto-chaining).\n");
2825 return false;
2826 }
2827
2828 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2829 {cert.get(), intermediate.get()})) {
2830 fprintf(stderr, "Server-received chain did not match (auto-chaining).\n");
2831 return false;
2832 }
2833
2834 // Auto-chaining does not override explicitly-configured intermediates.
2835 if (!SSL_CTX_add1_chain_cert(ctx.get(), cert.get()) ||
2836 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2837 nullptr /* no session */)) {
2838 return false;
2839 }
2840
2841 if (!ChainsEqual(SSL_get_peer_full_cert_chain(client.get()),
2842 {cert.get(), cert.get()})) {
2843 fprintf(stderr,
2844 "Client-received chain did not match (auto-chaining, explicit "
2845 "intermediate).\n");
2846 return false;
2847 }
2848
2849 if (!ChainsEqual(SSL_get_peer_full_cert_chain(server.get()),
2850 {cert.get(), cert.get()})) {
2851 fprintf(stderr,
2852 "Server-received chain did not match (auto-chaining, explicit "
2853 "intermediate).\n");
2854 return false;
2855 }
2856
2857 return true;
2858}
2859
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]2860static bool ExpectBadWriteRetry() {
2861 int err = ERR_get_error();
2862 if (ERR_GET_LIB(err) != ERR_LIB_SSL ||
2863 ERR_GET_REASON(err) != SSL_R_BAD_WRITE_RETRY) {
2864 char buf[ERR_ERROR_STRING_BUF_LEN];
2865 ERR_error_string_n(err, buf, sizeof(buf));
2866 fprintf(stderr, "Wanted SSL_R_BAD_WRITE_RETRY, got: %s.\n", buf);
2867 return false;
2868 }
2869
2870 if (ERR_peek_error() != 0) {
2871 fprintf(stderr, "Unexpected error following SSL_R_BAD_WRITE_RETRY.\n");
2872 return false;
2873 }
2874
2875 return true;
2876}
2877
2878static bool TestSSLWriteRetry(bool is_dtls, const SSL_METHOD *method,
2879 uint16_t version) {
2880 if (is_dtls) {
2881 return true;
2882 }
2883
2884 for (bool enable_partial_write : std::vector<bool>{false, true}) {
2885 // Connect a client and server.
2886 bssl::UniquePtr<X509> cert = GetTestCertificate();
2887 bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
2888 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
2889 bssl::UniquePtr<SSL> client, server;
2890 if (!cert || !key || !ctx ||
2891 !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
2892 !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
2893 !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
2894 !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
2895 !ConnectClientAndServer(&client, &server, ctx.get(), ctx.get(),
2896 nullptr /* no session */)) {
2897 return false;
2898 }
2899
2900 if (enable_partial_write) {
2901 SSL_set_mode(client.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
2902 }
2903
2904 // Write without reading until the buffer is full and we have an unfinished
2905 // write. Keep a count so we may reread it again later. "hello!" will be
2906 // written in two chunks, "hello" and "!".
2907 char data[] = "hello!";
2908 static const int kChunkLen = 5; // The length of "hello".
2909 unsigned count = 0;
2910 for (;;) {
2911 int ret = SSL_write(client.get(), data, kChunkLen);
2912 if (ret <= 0) {
2913 int err = SSL_get_error(client.get(), ret);
2914 if (SSL_get_error(client.get(), ret) == SSL_ERROR_WANT_WRITE) {
2915 break;
2916 }
2917 fprintf(stderr, "SSL_write failed in unexpected way: %d\n", err);
2918 return false;
2919 }
2920
2921 if (ret != 5) {
2922 fprintf(stderr, "SSL_write wrote %d bytes, expected 5.\n", ret);
2923 return false;
2924 }
2925
2926 count++;
2927 }
2928
2929 // Retrying with the same parameters is legal.
2930 if (SSL_get_error(client.get(), SSL_write(client.get(), data, kChunkLen)) !=
2931 SSL_ERROR_WANT_WRITE) {
2932 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2933 return false;
2934 }
2935
2936 // Retrying with the same buffer but shorter length is not legal.
2937 if (SSL_get_error(client.get(),
2938 SSL_write(client.get(), data, kChunkLen - 1)) !=
2939 SSL_ERROR_SSL ||
2940 !ExpectBadWriteRetry()) {
2941 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2942 return false;
2943 }
2944
2945 // Retrying with a different buffer pointer is not legal.
2946 char data2[] = "hello";
2947 if (SSL_get_error(client.get(), SSL_write(client.get(), data2,
2948 kChunkLen)) != SSL_ERROR_SSL ||
2949 !ExpectBadWriteRetry()) {
2950 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2951 return false;
2952 }
2953
2954 // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move.
2955 SSL_set_mode(client.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
2956 if (SSL_get_error(client.get(),
2957 SSL_write(client.get(), data2, kChunkLen)) !=
2958 SSL_ERROR_WANT_WRITE) {
2959 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2960 return false;
2961 }
2962
2963 // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks.
2964 if (SSL_get_error(client.get(),
2965 SSL_write(client.get(), data2, kChunkLen - 1)) !=
2966 SSL_ERROR_SSL ||
2967 !ExpectBadWriteRetry()) {
2968 fprintf(stderr, "SSL_write retry did not fail as expected.\n");
2969 return false;
2970 }
2971
2972 // Retrying with a larger buffer is legal.
2973 if (SSL_get_error(client.get(),
2974 SSL_write(client.get(), data, kChunkLen + 1)) !=
2975 SSL_ERROR_WANT_WRITE) {
2976 fprintf(stderr, "SSL_write retry unexpectedly failed.\n");
2977 return false;
2978 }
2979
2980 // Drain the buffer.
2981 char buf[20];
2982 for (unsigned i = 0; i < count; i++) {
2983 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
2984 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0) {
2985 fprintf(stderr, "Failed to read initial records.\n");
2986 return false;
2987 }
2988 }
2989
2990 // Now that there is space, a retry with a larger buffer should flush the
2991 // pending record, skip over that many bytes of input (on assumption they
2992 // are the same), and write the remainder. If SSL_MODE_ENABLE_PARTIAL_WRITE
2993 // is set, this will complete in two steps.
2994 char data3[] = "_____!";
2995 if (enable_partial_write) {
2996 if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen ||
2997 SSL_write(client.get(), data3 + kChunkLen, 1) != 1) {
2998 fprintf(stderr, "SSL_write retry failed.\n");
2999 return false;
3000 }
3001 } else if (SSL_write(client.get(), data3, kChunkLen + 1) != kChunkLen + 1) {
3002 fprintf(stderr, "SSL_write retry failed.\n");
3003 return false;
3004 }
3005
3006 // Check the last write was correct. The data will be spread over two
3007 // records, so SSL_read returns twice.
3008 if (SSL_read(server.get(), buf, sizeof(buf)) != kChunkLen ||
3009 OPENSSL_memcmp(buf, "hello", kChunkLen) != 0 ||
3010 SSL_read(server.get(), buf, sizeof(buf)) != 1 ||
3011 buf[0] != '!') {
3012 fprintf(stderr, "Failed to read write retry.\n");
3013 return false;
3014 }
3015 }
3016
3017 return true;
3018}
3019
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3020static bool ForEachVersion(bool (*test_func)(bool is_dtls,
3021 const SSL_METHOD *method,
3022 uint16_t version)) {
3023 static uint16_t kTLSVersions[] = {
David Benjamin3b584332017-01-24 22:47:18 -0500[diff] [blame]3024 SSL3_VERSION,
3025 TLS1_VERSION,
3026 TLS1_1_VERSION,
3027 TLS1_2_VERSION,
3028// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds.
3029#if !defined(BORINGSSL_ANDROID_SYSTEM)
3030 TLS1_3_VERSION,
3031#endif
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3032 };
3033
3034 static uint16_t kDTLSVersions[] = {
3035 DTLS1_VERSION, DTLS1_2_VERSION,
3036 };
3037
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3038 for (uint16_t version : kTLSVersions) {
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3039 if (!test_func(false, TLS_method(), version)) {
3040 fprintf(stderr, "Test failed at TLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3041 return false;
3042 }
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3043 }
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3044
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3045 for (uint16_t version : kDTLSVersions) {
3046 if (!test_func(true, DTLS_method(), version)) {
3047 fprintf(stderr, "Test failed at DTLS version %04x.\n", version);
David Benjamin9ef31f02016-10-31 18:01:13 -0400[diff] [blame]3048 return false;
3049 }
3050 }
3051
3052 return true;
3053}
3054
Adam Langleye1e78132017-01-31 15:24:31 -0800[diff] [blame]3055TEST(SSLTest, AddChainCertHack) {
3056 // Ensure that we don't accidently break the hack that we have in place to
3057 // keep curl and serf happy when they use an |X509| even after transfering
3058 // ownership.
3059
3060 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3061 ASSERT_TRUE(ctx);
3062 X509 *cert = GetTestCertificate().release();
3063 ASSERT_TRUE(cert);
3064 SSL_CTX_add0_chain_cert(ctx.get(), cert);
3065
3066 // This should not trigger a use-after-free.
3067 X509_cmp(cert, cert);
3068}
3069
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3070TEST(SSLTest, GetCertificate) {
3071 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
3072 ASSERT_TRUE(ctx);
3073 bssl::UniquePtr<X509> cert = GetTestCertificate();
3074 ASSERT_TRUE(cert);
3075 ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get()));
3076 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
3077 ASSERT_TRUE(ssl);
3078
3079 X509 *cert2 = SSL_CTX_get0_certificate(ctx.get());
3080 ASSERT_TRUE(cert2);
3081 X509 *cert3 = SSL_get_certificate(ssl.get());
3082 ASSERT_TRUE(cert3);
3083
3084 // The old and new certificates must be identical.
3085 EXPECT_EQ(0, X509_cmp(cert.get(), cert2));
3086 EXPECT_EQ(0, X509_cmp(cert.get(), cert3));
3087
3088 uint8_t *der = nullptr;
3089 long der_len = i2d_X509(cert.get(), &der);
3090 ASSERT_LT(0, der_len);
3091 bssl::UniquePtr<uint8_t> free_der(der);
3092
3093 uint8_t *der2 = nullptr;
3094 long der2_len = i2d_X509(cert2, &der2);
3095 ASSERT_LT(0, der2_len);
3096 bssl::UniquePtr<uint8_t> free_der2(der2);
3097
3098 uint8_t *der3 = nullptr;
3099 long der3_len = i2d_X509(cert3, &der3);
3100 ASSERT_LT(0, der3_len);
3101 bssl::UniquePtr<uint8_t> free_der3(der3);
3102
3103 // They must also encode identically.
David Benjamin7d7554b2017-02-04 11:48:59 -0500[diff] [blame]3104 EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len));
3105 EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len));
David Benjaminb2ff2622017-02-03 17:06:18 -0500[diff] [blame]3106}
3107
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3108// TODO(davidben): Convert this file to GTest properly.
3109TEST(SSLTest, AllTests) {
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3110 if (!TestCipherRules() ||
Alessandro Ghedini5fd18072016-09-28 21:04:25 +0100[diff] [blame]3111 !TestCurveRules() ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3112 !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
3113 !TestSSL_SESSIONEncoding(kCustomSession) ||
3114 !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
3115 !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
3116 !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
3117 !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
David Benjamin10e664b2016-06-20 22:20:47 -0400[diff] [blame]3118 // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3119 !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
3120 !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
3121 !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
3122 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
3123 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
3124 !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
3125 !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
3126 !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
3127 !TestCipherGetRFCName() ||
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]3128 // Test the padding extension at TLS 1.2.
3129 !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
3130 // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
3131 // will be no PSK binder after the padding extension.
3132 !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
3133 // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
3134 // will be a PSK binder after the padding extension.
3135 !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
Adam Langley10f97f32016-07-12 08:09:33 -0700[diff] [blame]3136 !TestInternalSessionCache() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3137 !ForEachVersion(TestSequenceNumber) ||
David Benjamin68f37b72016-11-18 15:14:42 +0900[diff] [blame]3138 !ForEachVersion(TestOneSidedShutdown) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3139 !ForEachVersion(TestGetPeerCertificate) ||
3140 !ForEachVersion(TestRetainOnlySHA256OfCerts) ||
David Benjamina20e5352016-08-02 19:09:41 -0400[diff] [blame]3141 !TestClientHello() ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3142 !ForEachVersion(TestSessionIDContext) ||
3143 !ForEachVersion(TestSessionTimeout) ||
3144 !ForEachVersion(TestSNICallback) ||
David Benjamin0fef3052016-11-18 15:11:10 +0900[diff] [blame]3145 !ForEachVersion(TestVersion) ||
David Benjaminb79cc842016-12-07 15:57:14 -0500[diff] [blame]3146 !ForEachVersion(TestALPNCipherAvailable) ||
David Benjamin1444c3a2016-12-20 17:23:11 -0500[diff] [blame]3147 !ForEachVersion(TestSSLClearSessionResumption) ||
David Benjamin48063c22017-01-01 23:56:36 -0500[diff] [blame]3148 !ForEachVersion(TestAutoChain) ||
3149 !ForEachVersion(TestSSLWriteRetry)) {
David Benjamin96628432017-01-19 19:05:47 -0500[diff] [blame]3150 ADD_FAILURE() << "Tests failed";
David Benjaminbb0a17c2014-09-20 15:35:39 -0400[diff] [blame]3151 }
David Benjamin2e521212014-07-16 14:37:51 -0400[diff] [blame]3152}