]>
Commit | Line | Data |
---|---|---|
92ab7db6 | 1 | /* |
6738bf14 | 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. |
eef977aa | 3 | * |
909f1a2e | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
92ab7db6 MC |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
eef977aa MC |
9 | |
10 | #if !defined(__STDC_FORMAT_MACROS) | |
11 | #define __STDC_FORMAT_MACROS | |
12 | #endif | |
13 | ||
21c79421 | 14 | #include "packeted_bio.h" |
eef977aa MC |
15 | #include <openssl/e_os2.h> |
16 | ||
17 | #if !defined(OPENSSL_SYS_WINDOWS) | |
18 | #include <arpa/inet.h> | |
19 | #include <netinet/in.h> | |
20 | #include <netinet/tcp.h> | |
21 | #include <signal.h> | |
22 | #include <sys/socket.h> | |
23 | #include <sys/time.h> | |
24 | #include <unistd.h> | |
25 | #else | |
26 | #include <io.h> | |
7b73b7be | 27 | OPENSSL_MSVC_PRAGMA(warning(push, 3)) |
eef977aa MC |
28 | #include <winsock2.h> |
29 | #include <ws2tcpip.h> | |
7b73b7be | 30 | OPENSSL_MSVC_PRAGMA(warning(pop)) |
eef977aa | 31 | |
7b73b7be | 32 | OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) |
eef977aa MC |
33 | #endif |
34 | ||
7b73b7be | 35 | #include <assert.h> |
eef977aa MC |
36 | #include <inttypes.h> |
37 | #include <string.h> | |
38 | ||
39 | #include <openssl/bio.h> | |
40 | #include <openssl/buffer.h> | |
bc708af4 | 41 | #include <openssl/bn.h> |
5c01a133 | 42 | #include <openssl/core_names.h> |
eef977aa MC |
43 | #include <openssl/crypto.h> |
44 | #include <openssl/dh.h> | |
45 | #include <openssl/err.h> | |
46 | #include <openssl/evp.h> | |
47 | #include <openssl/hmac.h> | |
48 | #include <openssl/objects.h> | |
49 | #include <openssl/rand.h> | |
50 | #include <openssl/ssl.h> | |
7b73b7be | 51 | #include <openssl/x509.h> |
eef977aa MC |
52 | |
53 | #include <memory> | |
54 | #include <string> | |
55 | #include <vector> | |
56 | ||
eef977aa | 57 | #include "async_bio.h" |
eef977aa MC |
58 | #include "test_config.h" |
59 | ||
7b73b7be | 60 | namespace bssl { |
eef977aa MC |
61 | |
62 | #if !defined(OPENSSL_SYS_WINDOWS) | |
63 | static int closesocket(int sock) { | |
64 | return close(sock); | |
65 | } | |
66 | ||
67 | static void PrintSocketError(const char *func) { | |
68 | perror(func); | |
69 | } | |
70 | #else | |
71 | static void PrintSocketError(const char *func) { | |
72 | fprintf(stderr, "%s: %d\n", func, WSAGetLastError()); | |
73 | } | |
74 | #endif | |
75 | ||
76 | static int Usage(const char *program) { | |
77 | fprintf(stderr, "Usage: %s [flags...]\n", program); | |
78 | return 1; | |
79 | } | |
80 | ||
81 | struct TestState { | |
eef977aa MC |
82 | // async_bio is async BIO which pauses reads and writes. |
83 | BIO *async_bio = nullptr; | |
7b73b7be MC |
84 | // packeted_bio is the packeted BIO which simulates read timeouts. |
85 | BIO *packeted_bio = nullptr; | |
eef977aa | 86 | bool cert_ready = false; |
eef977aa MC |
87 | bool handshake_done = false; |
88 | // private_key is the underlying private key used when testing custom keys. | |
7b73b7be | 89 | bssl::UniquePtr<EVP_PKEY> private_key; |
eef977aa | 90 | bool got_new_session = false; |
7b73b7be MC |
91 | bssl::UniquePtr<SSL_SESSION> new_session; |
92 | bool ticket_decrypt_done = false; | |
93 | bool alpn_select_done = false; | |
eef977aa MC |
94 | }; |
95 | ||
96 | static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | |
97 | int index, long argl, void *argp) { | |
98 | delete ((TestState *)ptr); | |
99 | } | |
100 | ||
101 | static int g_config_index = 0; | |
102 | static int g_state_index = 0; | |
103 | ||
7b73b7be | 104 | static bool SetTestConfig(SSL *ssl, const TestConfig *config) { |
eef977aa MC |
105 | return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1; |
106 | } | |
107 | ||
7b73b7be | 108 | static const TestConfig *GetTestConfig(const SSL *ssl) { |
eef977aa MC |
109 | return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index); |
110 | } | |
111 | ||
112 | static bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) { | |
113 | // |SSL_set_ex_data| takes ownership of |state| only on success. | |
114 | if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) { | |
115 | state.release(); | |
116 | return true; | |
117 | } | |
118 | return false; | |
119 | } | |
120 | ||
121 | static TestState *GetTestState(const SSL *ssl) { | |
122 | return (TestState *)SSL_get_ex_data(ssl, g_state_index); | |
123 | } | |
124 | ||
7b73b7be MC |
125 | static bssl::UniquePtr<X509> LoadCertificate(const std::string &file) { |
126 | bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file())); | |
eef977aa MC |
127 | if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { |
128 | return nullptr; | |
129 | } | |
7b73b7be | 130 | return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), NULL, NULL, NULL)); |
eef977aa MC |
131 | } |
132 | ||
7b73b7be MC |
133 | static bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) { |
134 | bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file())); | |
eef977aa MC |
135 | if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { |
136 | return nullptr; | |
137 | } | |
7b73b7be MC |
138 | return bssl::UniquePtr<EVP_PKEY>( |
139 | PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL)); | |
eef977aa MC |
140 | } |
141 | ||
142 | template<typename T> | |
143 | struct Free { | |
144 | void operator()(T *buf) { | |
145 | free(buf); | |
146 | } | |
147 | }; | |
148 | ||
7b73b7be MC |
149 | static bool GetCertificate(SSL *ssl, bssl::UniquePtr<X509> *out_x509, |
150 | bssl::UniquePtr<EVP_PKEY> *out_pkey) { | |
151 | const TestConfig *config = GetTestConfig(ssl); | |
eef977aa | 152 | |
eef977aa MC |
153 | if (!config->key_file.empty()) { |
154 | *out_pkey = LoadPrivateKey(config->key_file.c_str()); | |
155 | if (!*out_pkey) { | |
156 | return false; | |
157 | } | |
158 | } | |
159 | if (!config->cert_file.empty()) { | |
160 | *out_x509 = LoadCertificate(config->cert_file.c_str()); | |
161 | if (!*out_x509) { | |
162 | return false; | |
163 | } | |
164 | } | |
eef977aa MC |
165 | return true; |
166 | } | |
167 | ||
168 | static bool InstallCertificate(SSL *ssl) { | |
7b73b7be MC |
169 | bssl::UniquePtr<X509> x509; |
170 | bssl::UniquePtr<EVP_PKEY> pkey; | |
eef977aa MC |
171 | if (!GetCertificate(ssl, &x509, &pkey)) { |
172 | return false; | |
173 | } | |
174 | ||
1c8235c9 MC |
175 | if (pkey && !SSL_use_PrivateKey(ssl, pkey.get())) { |
176 | return false; | |
eef977aa MC |
177 | } |
178 | ||
179 | if (x509 && !SSL_use_certificate(ssl, x509.get())) { | |
180 | return false; | |
181 | } | |
182 | ||
183 | return true; | |
184 | } | |
185 | ||
186 | static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) { | |
7b73b7be | 187 | if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) { |
eef977aa MC |
188 | return -1; |
189 | } | |
190 | ||
7b73b7be MC |
191 | bssl::UniquePtr<X509> x509; |
192 | bssl::UniquePtr<EVP_PKEY> pkey; | |
eef977aa MC |
193 | if (!GetCertificate(ssl, &x509, &pkey)) { |
194 | return -1; | |
195 | } | |
196 | ||
197 | // Return zero for no certificate. | |
198 | if (!x509) { | |
199 | return 0; | |
200 | } | |
201 | ||
202 | // Asynchronous private keys are not supported with client_cert_cb. | |
203 | *out_x509 = x509.release(); | |
204 | *out_pkey = pkey.release(); | |
205 | return 1; | |
206 | } | |
207 | ||
208 | static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { | |
209 | return 1; | |
210 | } | |
211 | ||
212 | static int VerifyFail(X509_STORE_CTX *store_ctx, void *arg) { | |
213 | X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_APPLICATION_VERIFICATION); | |
214 | return 0; | |
215 | } | |
216 | ||
217 | static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out, | |
218 | unsigned int *out_len, void *arg) { | |
7b73b7be | 219 | const TestConfig *config = GetTestConfig(ssl); |
eef977aa MC |
220 | if (config->advertise_npn.empty()) { |
221 | return SSL_TLSEXT_ERR_NOACK; | |
222 | } | |
223 | ||
224 | *out = (const uint8_t*)config->advertise_npn.data(); | |
225 | *out_len = config->advertise_npn.size(); | |
226 | return SSL_TLSEXT_ERR_OK; | |
227 | } | |
228 | ||
229 | static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen, | |
230 | const uint8_t* in, unsigned inlen, void* arg) { | |
7b73b7be | 231 | const TestConfig *config = GetTestConfig(ssl); |
eef977aa MC |
232 | if (config->select_next_proto.empty()) { |
233 | return SSL_TLSEXT_ERR_NOACK; | |
234 | } | |
235 | ||
236 | *out = (uint8_t*)config->select_next_proto.data(); | |
237 | *outlen = config->select_next_proto.size(); | |
238 | return SSL_TLSEXT_ERR_OK; | |
239 | } | |
240 | ||
241 | static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen, | |
242 | const uint8_t* in, unsigned inlen, void* arg) { | |
7b73b7be MC |
243 | if (GetTestState(ssl)->alpn_select_done) { |
244 | fprintf(stderr, "AlpnSelectCallback called after completion.\n"); | |
245 | exit(1); | |
246 | } | |
247 | ||
248 | GetTestState(ssl)->alpn_select_done = true; | |
249 | ||
250 | const TestConfig *config = GetTestConfig(ssl); | |
251 | if (config->decline_alpn) { | |
eef977aa MC |
252 | return SSL_TLSEXT_ERR_NOACK; |
253 | } | |
254 | ||
255 | if (!config->expected_advertised_alpn.empty() && | |
256 | (config->expected_advertised_alpn.size() != inlen || | |
257 | memcmp(config->expected_advertised_alpn.data(), | |
258 | in, inlen) != 0)) { | |
259 | fprintf(stderr, "bad ALPN select callback inputs\n"); | |
260 | exit(1); | |
261 | } | |
262 | ||
263 | *out = (const uint8_t*)config->select_alpn.data(); | |
264 | *outlen = config->select_alpn.size(); | |
265 | return SSL_TLSEXT_ERR_OK; | |
266 | } | |
267 | ||
268 | static unsigned PskClientCallback(SSL *ssl, const char *hint, | |
269 | char *out_identity, | |
270 | unsigned max_identity_len, | |
271 | uint8_t *out_psk, unsigned max_psk_len) { | |
7b73b7be | 272 | const TestConfig *config = GetTestConfig(ssl); |
eef977aa | 273 | |
7b73b7be MC |
274 | if (config->psk_identity.empty()) { |
275 | if (hint != nullptr) { | |
276 | fprintf(stderr, "Server PSK hint was non-null.\n"); | |
277 | return 0; | |
278 | } | |
279 | } else if (hint == nullptr || | |
280 | strcmp(hint, config->psk_identity.c_str()) != 0) { | |
eef977aa MC |
281 | fprintf(stderr, "Server PSK hint did not match.\n"); |
282 | return 0; | |
283 | } | |
284 | ||
285 | // Account for the trailing '\0' for the identity. | |
286 | if (config->psk_identity.size() >= max_identity_len || | |
287 | config->psk.size() > max_psk_len) { | |
288 | fprintf(stderr, "PSK buffers too small\n"); | |
289 | return 0; | |
290 | } | |
291 | ||
3d484574 RS |
292 | OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(), |
293 | max_identity_len); | |
eef977aa MC |
294 | memcpy(out_psk, config->psk.data(), config->psk.size()); |
295 | return config->psk.size(); | |
296 | } | |
297 | ||
298 | static unsigned PskServerCallback(SSL *ssl, const char *identity, | |
299 | uint8_t *out_psk, unsigned max_psk_len) { | |
7b73b7be | 300 | const TestConfig *config = GetTestConfig(ssl); |
eef977aa MC |
301 | |
302 | if (strcmp(identity, config->psk_identity.c_str()) != 0) { | |
303 | fprintf(stderr, "Client PSK identity did not match.\n"); | |
304 | return 0; | |
305 | } | |
306 | ||
307 | if (config->psk.size() > max_psk_len) { | |
308 | fprintf(stderr, "PSK buffers too small\n"); | |
309 | return 0; | |
310 | } | |
311 | ||
312 | memcpy(out_psk, config->psk.data(), config->psk.size()); | |
313 | return config->psk.size(); | |
314 | } | |
315 | ||
316 | static int CertCallback(SSL *ssl, void *arg) { | |
7b73b7be MC |
317 | const TestConfig *config = GetTestConfig(ssl); |
318 | ||
319 | // Check the CertificateRequest metadata is as expected. | |
320 | // | |
321 | // TODO(davidben): Test |SSL_get_client_CA_list|. | |
322 | if (!SSL_is_server(ssl) && | |
323 | !config->expected_certificate_types.empty()) { | |
324 | const uint8_t *certificate_types; | |
325 | size_t certificate_types_len = | |
326 | SSL_get0_certificate_types(ssl, &certificate_types); | |
327 | if (certificate_types_len != config->expected_certificate_types.size() || | |
328 | memcmp(certificate_types, | |
329 | config->expected_certificate_types.data(), | |
330 | certificate_types_len) != 0) { | |
331 | fprintf(stderr, "certificate types mismatch\n"); | |
332 | return 0; | |
333 | } | |
334 | } | |
335 | ||
336 | // The certificate will be installed via other means. | |
aedf33ae | 337 | if (!config->async || |
7b73b7be MC |
338 | config->use_old_client_cert_callback) { |
339 | return 1; | |
340 | } | |
341 | ||
eef977aa MC |
342 | if (!GetTestState(ssl)->cert_ready) { |
343 | return -1; | |
344 | } | |
345 | if (!InstallCertificate(ssl)) { | |
346 | return 0; | |
347 | } | |
348 | return 1; | |
349 | } | |
350 | ||
351 | static void InfoCallback(const SSL *ssl, int type, int val) { | |
352 | if (type == SSL_CB_HANDSHAKE_DONE) { | |
7b73b7be MC |
353 | if (GetTestConfig(ssl)->handshake_never_done) { |
354 | fprintf(stderr, "Handshake unexpectedly completed.\n"); | |
eef977aa MC |
355 | // Abort before any expected error code is printed, to ensure the overall |
356 | // test fails. | |
357 | abort(); | |
358 | } | |
359 | GetTestState(ssl)->handshake_done = true; | |
7b73b7be MC |
360 | |
361 | // Callbacks may be called again on a new handshake. | |
362 | GetTestState(ssl)->ticket_decrypt_done = false; | |
363 | GetTestState(ssl)->alpn_select_done = false; | |
eef977aa MC |
364 | } |
365 | } | |
366 | ||
367 | static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { | |
368 | GetTestState(ssl)->got_new_session = true; | |
7b73b7be | 369 | GetTestState(ssl)->new_session.reset(session); |
eef977aa MC |
370 | return 1; |
371 | } | |
372 | ||
373 | static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, | |
bac8d066 | 374 | EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx, |
eef977aa | 375 | int encrypt) { |
bac8d066 P |
376 | OSSL_PARAM params[3], *p = params; |
377 | ||
7b73b7be MC |
378 | if (!encrypt) { |
379 | if (GetTestState(ssl)->ticket_decrypt_done) { | |
380 | fprintf(stderr, "TicketKeyCallback called after completion.\n"); | |
381 | return -1; | |
382 | } | |
383 | ||
384 | GetTestState(ssl)->ticket_decrypt_done = true; | |
385 | } | |
386 | ||
eef977aa MC |
387 | // This is just test code, so use the all-zeros key. |
388 | static const uint8_t kZeros[16] = {0}; | |
389 | ||
390 | if (encrypt) { | |
391 | memcpy(key_name, kZeros, sizeof(kZeros)); | |
392 | RAND_bytes(iv, 16); | |
393 | } else if (memcmp(key_name, kZeros, 16) != 0) { | |
394 | return 0; | |
395 | } | |
396 | ||
bac8d066 P |
397 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 0); |
398 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, kZeros, | |
399 | sizeof(kZeros)); | |
400 | *p = OSSL_PARAM_construct_end(); | |
401 | ||
402 | if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt) | |
403 | || !EVP_MAC_init(hmac_ctx) | |
404 | || !EVP_MAC_CTX_set_params(hmac_ctx, params)) { | |
eef977aa MC |
405 | return -1; |
406 | } | |
407 | ||
408 | if (!encrypt) { | |
7b73b7be | 409 | return GetTestConfig(ssl)->renew_ticket ? 2 : 1; |
eef977aa MC |
410 | } |
411 | return 1; | |
412 | } | |
413 | ||
414 | // kCustomExtensionValue is the extension value that the custom extension | |
415 | // callbacks will add. | |
416 | static const uint16_t kCustomExtensionValue = 1234; | |
417 | static void *const kCustomExtensionAddArg = | |
418 | reinterpret_cast<void *>(kCustomExtensionValue); | |
419 | static void *const kCustomExtensionParseArg = | |
420 | reinterpret_cast<void *>(kCustomExtensionValue + 1); | |
421 | static const char kCustomExtensionContents[] = "custom extension"; | |
422 | ||
423 | static int CustomExtensionAddCallback(SSL *ssl, unsigned extension_value, | |
424 | const uint8_t **out, size_t *out_len, | |
425 | int *out_alert_value, void *add_arg) { | |
426 | if (extension_value != kCustomExtensionValue || | |
427 | add_arg != kCustomExtensionAddArg) { | |
428 | abort(); | |
429 | } | |
430 | ||
7b73b7be | 431 | if (GetTestConfig(ssl)->custom_extension_skip) { |
eef977aa MC |
432 | return 0; |
433 | } | |
7b73b7be | 434 | if (GetTestConfig(ssl)->custom_extension_fail_add) { |
eef977aa MC |
435 | return -1; |
436 | } | |
437 | ||
438 | *out = reinterpret_cast<const uint8_t*>(kCustomExtensionContents); | |
439 | *out_len = sizeof(kCustomExtensionContents) - 1; | |
440 | ||
441 | return 1; | |
442 | } | |
443 | ||
444 | static void CustomExtensionFreeCallback(SSL *ssl, unsigned extension_value, | |
445 | const uint8_t *out, void *add_arg) { | |
446 | if (extension_value != kCustomExtensionValue || | |
447 | add_arg != kCustomExtensionAddArg || | |
448 | out != reinterpret_cast<const uint8_t *>(kCustomExtensionContents)) { | |
449 | abort(); | |
450 | } | |
451 | } | |
452 | ||
453 | static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value, | |
454 | const uint8_t *contents, | |
455 | size_t contents_len, | |
456 | int *out_alert_value, void *parse_arg) { | |
457 | if (extension_value != kCustomExtensionValue || | |
458 | parse_arg != kCustomExtensionParseArg) { | |
459 | abort(); | |
460 | } | |
461 | ||
462 | if (contents_len != sizeof(kCustomExtensionContents) - 1 || | |
463 | memcmp(contents, kCustomExtensionContents, contents_len) != 0) { | |
464 | *out_alert_value = SSL_AD_DECODE_ERROR; | |
465 | return 0; | |
466 | } | |
467 | ||
468 | return 1; | |
469 | } | |
470 | ||
45a23530 BK |
471 | static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) { |
472 | // SNI must be accessible from the SNI callback. | |
473 | const TestConfig *config = GetTestConfig(ssl); | |
474 | const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); | |
475 | if (server_name == nullptr || | |
476 | std::string(server_name) != config->expected_server_name) { | |
477 | fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name, | |
478 | config->expected_server_name.c_str()); | |
479 | return SSL_TLSEXT_ERR_ALERT_FATAL; | |
480 | } | |
481 | ||
482 | return SSL_TLSEXT_ERR_OK; | |
483 | } | |
484 | ||
eef977aa MC |
485 | // Connect returns a new socket connected to localhost on |port| or -1 on |
486 | // error. | |
487 | static int Connect(uint16_t port) { | |
488 | int sock = socket(AF_INET, SOCK_STREAM, 0); | |
489 | if (sock == -1) { | |
490 | PrintSocketError("socket"); | |
491 | return -1; | |
492 | } | |
493 | int nodelay = 1; | |
494 | if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, | |
495 | reinterpret_cast<const char*>(&nodelay), sizeof(nodelay)) != 0) { | |
496 | PrintSocketError("setsockopt"); | |
497 | closesocket(sock); | |
498 | return -1; | |
499 | } | |
500 | sockaddr_in sin; | |
501 | memset(&sin, 0, sizeof(sin)); | |
502 | sin.sin_family = AF_INET; | |
503 | sin.sin_port = htons(port); | |
504 | if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { | |
505 | PrintSocketError("inet_pton"); | |
506 | closesocket(sock); | |
507 | return -1; | |
508 | } | |
509 | if (connect(sock, reinterpret_cast<const sockaddr*>(&sin), | |
510 | sizeof(sin)) != 0) { | |
511 | PrintSocketError("connect"); | |
512 | closesocket(sock); | |
513 | return -1; | |
514 | } | |
515 | return sock; | |
516 | } | |
517 | ||
518 | class SocketCloser { | |
519 | public: | |
520 | explicit SocketCloser(int sock) : sock_(sock) {} | |
521 | ~SocketCloser() { | |
522 | // Half-close and drain the socket before releasing it. This seems to be | |
523 | // necessary for graceful shutdown on Windows. It will also avoid write | |
524 | // failures in the test runner. | |
1669b7b5 | 525 | #if defined(OPENSSL_SYS_WINDOWS) |
eef977aa MC |
526 | shutdown(sock_, SD_SEND); |
527 | #else | |
528 | shutdown(sock_, SHUT_WR); | |
529 | #endif | |
530 | while (true) { | |
531 | char buf[1024]; | |
532 | if (recv(sock_, buf, sizeof(buf), 0) <= 0) { | |
533 | break; | |
534 | } | |
535 | } | |
536 | closesocket(sock_); | |
537 | } | |
538 | ||
539 | private: | |
540 | const int sock_; | |
541 | }; | |
542 | ||
7b73b7be | 543 | static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { |
e29d7cea | 544 | const char sess_id_ctx[] = "ossl_shim"; |
7b73b7be | 545 | bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new( |
eef977aa MC |
546 | config->is_dtls ? DTLS_method() : TLS_method())); |
547 | if (!ssl_ctx) { | |
548 | return nullptr; | |
549 | } | |
550 | ||
551 | SSL_CTX_set_security_level(ssl_ctx.get(), 0); | |
7b73b7be MC |
552 | #if 0 |
553 | /* Disabled for now until we have some TLS1.3 support */ | |
554 | // Enable TLS 1.3 for tests. | |
555 | if (!config->is_dtls && | |
556 | !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) { | |
557 | return nullptr; | |
558 | } | |
aaaa6ac1 MC |
559 | #else |
560 | /* Ensure we don't negotiate TLSv1.3 until we can handle it */ | |
561 | if (!config->is_dtls && | |
562 | !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) { | |
563 | return nullptr; | |
564 | } | |
7b73b7be | 565 | #endif |
eef977aa MC |
566 | |
567 | std::string cipher_list = "ALL"; | |
568 | if (!config->cipher.empty()) { | |
569 | cipher_list = config->cipher; | |
570 | SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE); | |
571 | } | |
572 | if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), cipher_list.c_str())) { | |
573 | return nullptr; | |
574 | } | |
575 | ||
eef977aa MC |
576 | DH *tmpdh; |
577 | ||
578 | if (config->use_sparse_dh_prime) { | |
579 | BIGNUM *p, *g; | |
580 | p = BN_new(); | |
581 | g = BN_new(); | |
582 | tmpdh = DH_new(); | |
583 | if (p == NULL || g == NULL || tmpdh == NULL) { | |
584 | BN_free(p); | |
585 | BN_free(g); | |
586 | DH_free(tmpdh); | |
587 | return nullptr; | |
588 | } | |
589 | // This prime number is 2^1024 + 643 – a value just above a power of two. | |
590 | // Because of its form, values modulo it are essentially certain to be one | |
591 | // byte shorter. This is used to test padding of these values. | |
592 | if (BN_hex2bn( | |
593 | &p, | |
594 | "1000000000000000000000000000000000000000000000000000000000000000" | |
595 | "0000000000000000000000000000000000000000000000000000000000000000" | |
596 | "0000000000000000000000000000000000000000000000000000000000000000" | |
597 | "0000000000000000000000000000000000000000000000000000000000000028" | |
598 | "3") == 0 || | |
599 | !BN_set_word(g, 2)) { | |
600 | BN_free(p); | |
601 | BN_free(g); | |
602 | DH_free(tmpdh); | |
603 | return nullptr; | |
604 | } | |
605 | DH_set0_pqg(tmpdh, p, NULL, g); | |
606 | } else { | |
607 | tmpdh = DH_get_2048_256(); | |
608 | } | |
609 | ||
7b73b7be | 610 | bssl::UniquePtr<DH> dh(tmpdh); |
eef977aa MC |
611 | |
612 | if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) { | |
613 | return nullptr; | |
614 | } | |
615 | ||
616 | SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH); | |
617 | ||
618 | if (config->use_old_client_cert_callback) { | |
619 | SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback); | |
620 | } | |
621 | ||
aff8c126 | 622 | SSL_CTX_set_npn_advertised_cb( |
eef977aa MC |
623 | ssl_ctx.get(), NextProtosAdvertisedCallback, NULL); |
624 | if (!config->select_next_proto.empty()) { | |
625 | SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback, | |
626 | NULL); | |
627 | } | |
628 | ||
7b73b7be | 629 | if (!config->select_alpn.empty() || config->decline_alpn) { |
eef977aa MC |
630 | SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL); |
631 | } | |
632 | ||
633 | SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); | |
634 | SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback); | |
635 | ||
636 | if (config->use_ticket_callback) { | |
bac8d066 | 637 | SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback); |
eef977aa MC |
638 | } |
639 | ||
640 | if (config->enable_client_custom_extension && | |
641 | !SSL_CTX_add_client_custom_ext( | |
642 | ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback, | |
643 | CustomExtensionFreeCallback, kCustomExtensionAddArg, | |
644 | CustomExtensionParseCallback, kCustomExtensionParseArg)) { | |
645 | return nullptr; | |
646 | } | |
647 | ||
648 | if (config->enable_server_custom_extension && | |
649 | !SSL_CTX_add_server_custom_ext( | |
650 | ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback, | |
651 | CustomExtensionFreeCallback, kCustomExtensionAddArg, | |
652 | CustomExtensionParseCallback, kCustomExtensionParseArg)) { | |
653 | return nullptr; | |
654 | } | |
655 | ||
656 | if (config->verify_fail) { | |
657 | SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifyFail, NULL); | |
658 | } else { | |
659 | SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL); | |
660 | } | |
661 | ||
7b73b7be MC |
662 | if (config->use_null_client_ca_list) { |
663 | SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr); | |
664 | } | |
665 | ||
0f5a7752 RL |
666 | if (!SSL_CTX_set_session_id_context(ssl_ctx.get(), |
667 | (const unsigned char *)sess_id_ctx, | |
668 | sizeof(sess_id_ctx) - 1)) | |
669 | return nullptr; | |
e29d7cea | 670 | |
45a23530 BK |
671 | if (!config->expected_server_name.empty()) { |
672 | SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback); | |
673 | } | |
674 | ||
eef977aa MC |
675 | return ssl_ctx; |
676 | } | |
677 | ||
678 | // RetryAsync is called after a failed operation on |ssl| with return code | |
679 | // |ret|. If the operation should be retried, it simulates one asynchronous | |
680 | // event and returns true. Otherwise it returns false. | |
681 | static bool RetryAsync(SSL *ssl, int ret) { | |
682 | // No error; don't retry. | |
683 | if (ret >= 0) { | |
684 | return false; | |
685 | } | |
686 | ||
eef977aa | 687 | TestState *test_state = GetTestState(ssl); |
7b73b7be | 688 | assert(GetTestConfig(ssl)->async); |
eef977aa | 689 | |
7b73b7be MC |
690 | if (test_state->packeted_bio != nullptr && |
691 | PacketedBioAdvanceClock(test_state->packeted_bio)) { | |
eef977aa MC |
692 | // The DTLS retransmit logic silently ignores write failures. So the test |
693 | // may progress, allow writes through synchronously. | |
7b73b7be | 694 | AsyncBioEnforceWriteQuota(test_state->async_bio, false); |
eef977aa | 695 | int timeout_ret = DTLSv1_handle_timeout(ssl); |
7b73b7be | 696 | AsyncBioEnforceWriteQuota(test_state->async_bio, true); |
eef977aa MC |
697 | |
698 | if (timeout_ret < 0) { | |
699 | fprintf(stderr, "Error retransmitting.\n"); | |
700 | return false; | |
701 | } | |
702 | return true; | |
703 | } | |
704 | ||
705 | // See if we needed to read or write more. If so, allow one byte through on | |
706 | // the appropriate end to maximally stress the state machine. | |
707 | switch (SSL_get_error(ssl, ret)) { | |
708 | case SSL_ERROR_WANT_READ: | |
709 | AsyncBioAllowRead(test_state->async_bio, 1); | |
710 | return true; | |
711 | case SSL_ERROR_WANT_WRITE: | |
712 | AsyncBioAllowWrite(test_state->async_bio, 1); | |
713 | return true; | |
714 | case SSL_ERROR_WANT_X509_LOOKUP: | |
715 | test_state->cert_ready = true; | |
716 | return true; | |
717 | default: | |
718 | return false; | |
719 | } | |
720 | } | |
721 | ||
722 | // DoRead reads from |ssl|, resolving any asynchronous operations. It returns | |
723 | // the result value of the final |SSL_read| call. | |
724 | static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { | |
7b73b7be | 725 | const TestConfig *config = GetTestConfig(ssl); |
eef977aa MC |
726 | TestState *test_state = GetTestState(ssl); |
727 | int ret; | |
728 | do { | |
729 | if (config->async) { | |
730 | // The DTLS retransmit logic silently ignores write failures. So the test | |
731 | // may progress, allow writes through synchronously. |SSL_read| may | |
732 | // trigger a retransmit, so disconnect the write quota. | |
733 | AsyncBioEnforceWriteQuota(test_state->async_bio, false); | |
734 | } | |
7b73b7be MC |
735 | ret = config->peek_then_read ? SSL_peek(ssl, out, max_out) |
736 | : SSL_read(ssl, out, max_out); | |
eef977aa MC |
737 | if (config->async) { |
738 | AsyncBioEnforceWriteQuota(test_state->async_bio, true); | |
739 | } | |
740 | } while (config->async && RetryAsync(ssl, ret)); | |
7b73b7be MC |
741 | |
742 | if (config->peek_then_read && ret > 0) { | |
743 | std::unique_ptr<uint8_t[]> buf(new uint8_t[static_cast<size_t>(ret)]); | |
744 | ||
745 | // SSL_peek should synchronously return the same data. | |
746 | int ret2 = SSL_peek(ssl, buf.get(), ret); | |
747 | if (ret2 != ret || | |
748 | memcmp(buf.get(), out, ret) != 0) { | |
749 | fprintf(stderr, "First and second SSL_peek did not match.\n"); | |
750 | return -1; | |
751 | } | |
752 | ||
753 | // SSL_read should synchronously return the same data and consume it. | |
754 | ret2 = SSL_read(ssl, buf.get(), ret); | |
755 | if (ret2 != ret || | |
756 | memcmp(buf.get(), out, ret) != 0) { | |
757 | fprintf(stderr, "SSL_peek and SSL_read did not match.\n"); | |
758 | return -1; | |
759 | } | |
760 | } | |
761 | ||
eef977aa MC |
762 | return ret; |
763 | } | |
764 | ||
765 | // WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous | |
766 | // operations. It returns the result of the final |SSL_write| call. | |
767 | static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) { | |
7b73b7be | 768 | const TestConfig *config = GetTestConfig(ssl); |
eef977aa MC |
769 | int ret; |
770 | do { | |
771 | ret = SSL_write(ssl, in, in_len); | |
772 | if (ret > 0) { | |
773 | in += ret; | |
774 | in_len -= ret; | |
775 | } | |
776 | } while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0)); | |
777 | return ret; | |
778 | } | |
779 | ||
780 | // DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It | |
781 | // returns the result of the final |SSL_shutdown| call. | |
782 | static int DoShutdown(SSL *ssl) { | |
7b73b7be | 783 | const TestConfig *config = GetTestConfig(ssl); |
eef977aa MC |
784 | int ret; |
785 | do { | |
786 | ret = SSL_shutdown(ssl); | |
787 | } while (config->async && RetryAsync(ssl, ret)); | |
788 | return ret; | |
789 | } | |
790 | ||
7b73b7be MC |
791 | static uint16_t GetProtocolVersion(const SSL *ssl) { |
792 | uint16_t version = SSL_version(ssl); | |
793 | if (!SSL_is_dtls(ssl)) { | |
794 | return version; | |
795 | } | |
796 | return 0x0201 + ~version; | |
797 | } | |
798 | ||
eef977aa MC |
799 | // CheckHandshakeProperties checks, immediately after |ssl| completes its |
800 | // initial handshake (or False Starts), whether all the properties are | |
801 | // consistent with the test configuration and invariants. | |
802 | static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { | |
7b73b7be | 803 | const TestConfig *config = GetTestConfig(ssl); |
eef977aa MC |
804 | |
805 | if (SSL_get_current_cipher(ssl) == nullptr) { | |
806 | fprintf(stderr, "null cipher after handshake\n"); | |
807 | return false; | |
808 | } | |
809 | ||
810 | if (is_resume && | |
811 | (!!SSL_session_reused(ssl) == config->expect_session_miss)) { | |
812 | fprintf(stderr, "session was%s reused\n", | |
813 | SSL_session_reused(ssl) ? "" : " not"); | |
814 | return false; | |
815 | } | |
816 | ||
8beda2c1 MC |
817 | if (!GetTestState(ssl)->handshake_done) { |
818 | fprintf(stderr, "handshake was not completed\n"); | |
eef977aa MC |
819 | return false; |
820 | } | |
821 | ||
8beda2c1 | 822 | if (!config->is_server) { |
eef977aa MC |
823 | bool expect_new_session = |
824 | !config->expect_no_session && | |
7b73b7be MC |
825 | (!SSL_session_reused(ssl) || config->expect_ticket_renewal) && |
826 | // Session tickets are sent post-handshake in TLS 1.3. | |
827 | GetProtocolVersion(ssl) < TLS1_3_VERSION; | |
eef977aa MC |
828 | if (expect_new_session != GetTestState(ssl)->got_new_session) { |
829 | fprintf(stderr, | |
830 | "new session was%s cached, but we expected the opposite\n", | |
831 | GetTestState(ssl)->got_new_session ? "" : " not"); | |
832 | return false; | |
833 | } | |
834 | } | |
835 | ||
836 | if (!config->expected_server_name.empty()) { | |
837 | const char *server_name = | |
838 | SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); | |
45a23530 BK |
839 | if (server_name == nullptr || |
840 | std::string(server_name) != config->expected_server_name) { | |
eef977aa MC |
841 | fprintf(stderr, "servername mismatch (got %s; want %s)\n", |
842 | server_name, config->expected_server_name.c_str()); | |
843 | return false; | |
844 | } | |
845 | } | |
846 | ||
eef977aa MC |
847 | if (!config->expected_next_proto.empty()) { |
848 | const uint8_t *next_proto; | |
849 | unsigned next_proto_len; | |
850 | SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); | |
851 | if (next_proto_len != config->expected_next_proto.size() || | |
852 | memcmp(next_proto, config->expected_next_proto.data(), | |
853 | next_proto_len) != 0) { | |
854 | fprintf(stderr, "negotiated next proto mismatch\n"); | |
855 | return false; | |
856 | } | |
857 | } | |
858 | ||
859 | if (!config->expected_alpn.empty()) { | |
860 | const uint8_t *alpn_proto; | |
861 | unsigned alpn_proto_len; | |
862 | SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len); | |
863 | if (alpn_proto_len != config->expected_alpn.size() || | |
864 | memcmp(alpn_proto, config->expected_alpn.data(), | |
865 | alpn_proto_len) != 0) { | |
866 | fprintf(stderr, "negotiated alpn proto mismatch\n"); | |
867 | return false; | |
868 | } | |
869 | } | |
870 | ||
7b73b7be MC |
871 | if (config->expect_extended_master_secret) { |
872 | if (!SSL_get_extms_support(ssl)) { | |
873 | fprintf(stderr, "No EMS for connection when expected"); | |
874 | return false; | |
875 | } | |
876 | } | |
877 | ||
eef977aa MC |
878 | if (config->expect_verify_result) { |
879 | int expected_verify_result = config->verify_fail ? | |
880 | X509_V_ERR_APPLICATION_VERIFICATION : | |
881 | X509_V_OK; | |
882 | ||
883 | if (SSL_get_verify_result(ssl) != expected_verify_result) { | |
884 | fprintf(stderr, "Wrong certificate verification result\n"); | |
885 | return false; | |
886 | } | |
887 | } | |
888 | ||
7b73b7be MC |
889 | if (!config->psk.empty()) { |
890 | if (SSL_get_peer_cert_chain(ssl) != nullptr) { | |
891 | fprintf(stderr, "Received peer certificate on a PSK cipher.\n"); | |
892 | return false; | |
893 | } | |
894 | } else if (!config->is_server || config->require_any_client_certificate) { | |
162e1207 | 895 | if (SSL_get_peer_certificate(ssl) == nullptr) { |
7b73b7be | 896 | fprintf(stderr, "Received no peer certificate but expected one.\n"); |
eef977aa MC |
897 | return false; |
898 | } | |
899 | } | |
7b73b7be | 900 | |
eef977aa MC |
901 | return true; |
902 | } | |
903 | ||
904 | // DoExchange runs a test SSL exchange against the peer. On success, it returns | |
905 | // true and sets |*out_session| to the negotiated SSL session. If the test is a | |
906 | // resumption attempt, |is_resume| is true and |session| is the session from the | |
907 | // previous exchange. | |
7b73b7be MC |
908 | static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session, |
909 | SSL_CTX *ssl_ctx, const TestConfig *config, | |
910 | bool is_resume, SSL_SESSION *session) { | |
911 | bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx)); | |
eef977aa MC |
912 | if (!ssl) { |
913 | return false; | |
914 | } | |
915 | ||
7b73b7be | 916 | if (!SetTestConfig(ssl.get(), config) || |
eef977aa MC |
917 | !SetTestState(ssl.get(), std::unique_ptr<TestState>(new TestState))) { |
918 | return false; | |
919 | } | |
920 | ||
921 | if (config->fallback_scsv && | |
922 | !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) { | |
923 | return false; | |
924 | } | |
7b73b7be | 925 | // Install the certificate synchronously if nothing else will handle it. |
aedf33ae | 926 | if (!config->use_old_client_cert_callback && |
7b73b7be MC |
927 | !config->async && |
928 | !InstallCertificate(ssl.get())) { | |
eef977aa MC |
929 | return false; |
930 | } | |
7b73b7be | 931 | SSL_set_cert_cb(ssl.get(), CertCallback, nullptr); |
eef977aa MC |
932 | if (config->require_any_client_certificate) { |
933 | SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, | |
934 | NULL); | |
935 | } | |
936 | if (config->verify_peer) { | |
937 | SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL); | |
938 | } | |
eef977aa MC |
939 | if (config->partial_write) { |
940 | SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE); | |
941 | } | |
7b73b7be MC |
942 | if (config->no_tls13) { |
943 | SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3); | |
944 | } | |
eef977aa MC |
945 | if (config->no_tls12) { |
946 | SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2); | |
947 | } | |
948 | if (config->no_tls11) { | |
949 | SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1); | |
950 | } | |
951 | if (config->no_tls1) { | |
952 | SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1); | |
953 | } | |
954 | if (config->no_ssl3) { | |
955 | SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3); | |
956 | } | |
eef977aa MC |
957 | if (!config->host_name.empty() && |
958 | !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) { | |
959 | return false; | |
960 | } | |
961 | if (!config->advertise_alpn.empty() && | |
962 | SSL_set_alpn_protos(ssl.get(), | |
963 | (const uint8_t *)config->advertise_alpn.data(), | |
964 | config->advertise_alpn.size()) != 0) { | |
965 | return false; | |
966 | } | |
967 | if (!config->psk.empty()) { | |
968 | SSL_set_psk_client_callback(ssl.get(), PskClientCallback); | |
969 | SSL_set_psk_server_callback(ssl.get(), PskServerCallback); | |
970 | } | |
971 | if (!config->psk_identity.empty() && | |
972 | !SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) { | |
973 | return false; | |
974 | } | |
975 | if (!config->srtp_profiles.empty() && | |
976 | SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) { | |
977 | return false; | |
978 | } | |
7b73b7be MC |
979 | if (config->min_version != 0 && |
980 | !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) { | |
981 | return false; | |
eef977aa | 982 | } |
7b73b7be MC |
983 | if (config->max_version != 0 && |
984 | !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) { | |
985 | return false; | |
eef977aa MC |
986 | } |
987 | if (config->mtu != 0) { | |
988 | SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU); | |
989 | SSL_set_mtu(ssl.get(), config->mtu); | |
990 | } | |
eef977aa MC |
991 | if (config->renegotiate_freely) { |
992 | // This is always on for OpenSSL. | |
993 | } | |
eef977aa MC |
994 | if (!config->check_close_notify) { |
995 | SSL_set_quiet_shutdown(ssl.get(), 1); | |
996 | } | |
eef977aa MC |
997 | if (config->p384_only) { |
998 | int nid = NID_secp384r1; | |
999 | if (!SSL_set1_curves(ssl.get(), &nid, 1)) { | |
1000 | return false; | |
1001 | } | |
1002 | } | |
1003 | if (config->enable_all_curves) { | |
1004 | static const int kAllCurves[] = { | |
fe93b010 | 1005 | NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1 |
eef977aa MC |
1006 | }; |
1007 | if (!SSL_set1_curves(ssl.get(), kAllCurves, | |
7b73b7be | 1008 | OPENSSL_ARRAY_SIZE(kAllCurves))) { |
eef977aa MC |
1009 | return false; |
1010 | } | |
1011 | } | |
7b73b7be MC |
1012 | if (config->max_cert_list > 0) { |
1013 | SSL_set_max_cert_list(ssl.get(), config->max_cert_list); | |
1014 | } | |
eef977aa | 1015 | |
c3114a77 MC |
1016 | if (!config->async) { |
1017 | SSL_set_mode(ssl.get(), SSL_MODE_AUTO_RETRY); | |
1018 | } | |
1019 | ||
eef977aa MC |
1020 | int sock = Connect(config->port); |
1021 | if (sock == -1) { | |
1022 | return false; | |
1023 | } | |
1024 | SocketCloser closer(sock); | |
1025 | ||
7b73b7be | 1026 | bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_NOCLOSE)); |
eef977aa MC |
1027 | if (!bio) { |
1028 | return false; | |
1029 | } | |
1030 | if (config->is_dtls) { | |
7b73b7be MC |
1031 | bssl::UniquePtr<BIO> packeted = PacketedBioCreate(!config->async); |
1032 | if (!packeted) { | |
1033 | return false; | |
1034 | } | |
1035 | GetTestState(ssl.get())->packeted_bio = packeted.get(); | |
eef977aa MC |
1036 | BIO_push(packeted.get(), bio.release()); |
1037 | bio = std::move(packeted); | |
1038 | } | |
1039 | if (config->async) { | |
7b73b7be | 1040 | bssl::UniquePtr<BIO> async_scoped = |
eef977aa | 1041 | config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate(); |
7b73b7be MC |
1042 | if (!async_scoped) { |
1043 | return false; | |
1044 | } | |
eef977aa MC |
1045 | BIO_push(async_scoped.get(), bio.release()); |
1046 | GetTestState(ssl.get())->async_bio = async_scoped.get(); | |
1047 | bio = std::move(async_scoped); | |
1048 | } | |
1049 | SSL_set_bio(ssl.get(), bio.get(), bio.get()); | |
1050 | bio.release(); // SSL_set_bio takes ownership. | |
1051 | ||
1052 | if (session != NULL) { | |
1053 | if (!config->is_server) { | |
1054 | if (SSL_set_session(ssl.get(), session) != 1) { | |
1055 | return false; | |
1056 | } | |
1057 | } | |
1058 | } | |
1059 | ||
1060 | #if 0 | |
1061 | // KNOWN BUG: OpenSSL's SSL_get_current_cipher behaves incorrectly when | |
1062 | // offering resumption. | |
1063 | if (SSL_get_current_cipher(ssl.get()) != nullptr) { | |
1064 | fprintf(stderr, "non-null cipher before handshake\n"); | |
1065 | return false; | |
1066 | } | |
1067 | #endif | |
1068 | ||
1069 | int ret; | |
1070 | if (config->implicit_handshake) { | |
1071 | if (config->is_server) { | |
1072 | SSL_set_accept_state(ssl.get()); | |
1073 | } else { | |
1074 | SSL_set_connect_state(ssl.get()); | |
1075 | } | |
1076 | } else { | |
1077 | do { | |
1078 | if (config->is_server) { | |
1079 | ret = SSL_accept(ssl.get()); | |
1080 | } else { | |
1081 | ret = SSL_connect(ssl.get()); | |
1082 | } | |
1083 | } while (config->async && RetryAsync(ssl.get(), ret)); | |
1084 | if (ret != 1 || | |
1085 | !CheckHandshakeProperties(ssl.get(), is_resume)) { | |
1086 | return false; | |
1087 | } | |
1088 | ||
1089 | // Reset the state to assert later that the callback isn't called in | |
69687aa8 | 1090 | // renegotiations. |
eef977aa MC |
1091 | GetTestState(ssl.get())->got_new_session = false; |
1092 | } | |
1093 | ||
1094 | if (config->export_keying_material > 0) { | |
1095 | std::vector<uint8_t> result( | |
1096 | static_cast<size_t>(config->export_keying_material)); | |
1097 | if (SSL_export_keying_material( | |
1098 | ssl.get(), result.data(), result.size(), | |
1099 | config->export_label.data(), config->export_label.size(), | |
1100 | reinterpret_cast<const uint8_t*>(config->export_context.data()), | |
1101 | config->export_context.size(), config->use_export_context) != 1) { | |
1102 | fprintf(stderr, "failed to export keying material\n"); | |
1103 | return false; | |
1104 | } | |
1105 | if (WriteAll(ssl.get(), result.data(), result.size()) < 0) { | |
1106 | return false; | |
1107 | } | |
1108 | } | |
1109 | ||
eef977aa MC |
1110 | if (config->write_different_record_sizes) { |
1111 | if (config->is_dtls) { | |
1112 | fprintf(stderr, "write_different_record_sizes not supported for DTLS\n"); | |
1113 | return false; | |
1114 | } | |
1115 | // This mode writes a number of different record sizes in an attempt to | |
1116 | // trip up the CBC record splitting code. | |
1117 | static const size_t kBufLen = 32769; | |
1118 | std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]); | |
1119 | memset(buf.get(), 0x42, kBufLen); | |
1120 | static const size_t kRecordSizes[] = { | |
1121 | 0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769}; | |
7b73b7be | 1122 | for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) { |
eef977aa MC |
1123 | const size_t len = kRecordSizes[i]; |
1124 | if (len > kBufLen) { | |
1125 | fprintf(stderr, "Bad kRecordSizes value.\n"); | |
1126 | return false; | |
1127 | } | |
1128 | if (WriteAll(ssl.get(), buf.get(), len) < 0) { | |
1129 | return false; | |
1130 | } | |
1131 | } | |
1132 | } else { | |
1133 | if (config->shim_writes_first) { | |
1134 | if (WriteAll(ssl.get(), reinterpret_cast<const uint8_t *>("hello"), | |
1135 | 5) < 0) { | |
1136 | return false; | |
1137 | } | |
1138 | } | |
1139 | if (!config->shim_shuts_down) { | |
1140 | for (;;) { | |
1141 | static const size_t kBufLen = 16384; | |
1142 | std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]); | |
1143 | ||
1144 | // Read only 512 bytes at a time in TLS to ensure records may be | |
1145 | // returned in multiple reads. | |
1146 | int n = DoRead(ssl.get(), buf.get(), config->is_dtls ? kBufLen : 512); | |
1147 | int err = SSL_get_error(ssl.get(), n); | |
1148 | if (err == SSL_ERROR_ZERO_RETURN || | |
1149 | (n == 0 && err == SSL_ERROR_SYSCALL)) { | |
1150 | if (n != 0) { | |
1151 | fprintf(stderr, "Invalid SSL_get_error output\n"); | |
1152 | return false; | |
1153 | } | |
1154 | // Stop on either clean or unclean shutdown. | |
1155 | break; | |
1156 | } else if (err != SSL_ERROR_NONE) { | |
1157 | if (n > 0) { | |
1158 | fprintf(stderr, "Invalid SSL_get_error output\n"); | |
1159 | return false; | |
1160 | } | |
1161 | return false; | |
1162 | } | |
1163 | // Successfully read data. | |
1164 | if (n <= 0) { | |
1165 | fprintf(stderr, "Invalid SSL_get_error output\n"); | |
1166 | return false; | |
1167 | } | |
1168 | ||
1169 | // After a successful read, with or without False Start, the handshake | |
1170 | // must be complete. | |
1171 | if (!GetTestState(ssl.get())->handshake_done) { | |
1172 | fprintf(stderr, "handshake was not completed after SSL_read\n"); | |
1173 | return false; | |
1174 | } | |
1175 | ||
1176 | for (int i = 0; i < n; i++) { | |
1177 | buf[i] ^= 0xff; | |
1178 | } | |
1179 | if (WriteAll(ssl.get(), buf.get(), n) < 0) { | |
1180 | return false; | |
1181 | } | |
1182 | } | |
1183 | } | |
1184 | } | |
1185 | ||
8beda2c1 | 1186 | if (!config->is_server && |
eef977aa | 1187 | !config->implicit_handshake && |
7b73b7be MC |
1188 | // Session tickets are sent post-handshake in TLS 1.3. |
1189 | GetProtocolVersion(ssl.get()) < TLS1_3_VERSION && | |
eef977aa MC |
1190 | GetTestState(ssl.get())->got_new_session) { |
1191 | fprintf(stderr, "new session was established after the handshake\n"); | |
1192 | return false; | |
1193 | } | |
1194 | ||
7b73b7be MC |
1195 | if (GetProtocolVersion(ssl.get()) >= TLS1_3_VERSION && !config->is_server) { |
1196 | bool expect_new_session = | |
1197 | !config->expect_no_session && !config->shim_shuts_down; | |
1198 | if (expect_new_session != GetTestState(ssl.get())->got_new_session) { | |
1199 | fprintf(stderr, | |
1200 | "new session was%s cached, but we expected the opposite\n", | |
1201 | GetTestState(ssl.get())->got_new_session ? "" : " not"); | |
1202 | return false; | |
1203 | } | |
1204 | } | |
1205 | ||
eef977aa | 1206 | if (out_session) { |
7b73b7be | 1207 | *out_session = std::move(GetTestState(ssl.get())->new_session); |
eef977aa MC |
1208 | } |
1209 | ||
1210 | ret = DoShutdown(ssl.get()); | |
1211 | ||
1212 | if (config->shim_shuts_down && config->check_close_notify) { | |
1213 | // We initiate shutdown, so |SSL_shutdown| will return in two stages. First | |
1214 | // it returns zero when our close_notify is sent, then one when the peer's | |
1215 | // is received. | |
1216 | if (ret != 0) { | |
1217 | fprintf(stderr, "Unexpected SSL_shutdown result: %d != 0\n", ret); | |
1218 | return false; | |
1219 | } | |
1220 | ret = DoShutdown(ssl.get()); | |
1221 | } | |
1222 | ||
1223 | if (ret != 1) { | |
1224 | fprintf(stderr, "Unexpected SSL_shutdown result: %d != 1\n", ret); | |
1225 | return false; | |
1226 | } | |
1227 | ||
1228 | if (SSL_total_renegotiations(ssl.get()) != | |
1229 | config->expect_total_renegotiations) { | |
1230 | fprintf(stderr, "Expected %d renegotiations, got %ld\n", | |
1231 | config->expect_total_renegotiations, | |
1232 | SSL_total_renegotiations(ssl.get())); | |
1233 | return false; | |
1234 | } | |
1235 | ||
1236 | return true; | |
1237 | } | |
1238 | ||
1239 | class StderrDelimiter { | |
1240 | public: | |
1241 | ~StderrDelimiter() { fprintf(stderr, "--- DONE ---\n"); } | |
1242 | }; | |
1243 | ||
7b73b7be | 1244 | static int Main(int argc, char **argv) { |
eef977aa MC |
1245 | // To distinguish ASan's output from ours, add a trailing message to stderr. |
1246 | // Anything following this line will be considered an error. | |
1247 | StderrDelimiter delimiter; | |
1248 | ||
1669b7b5 | 1249 | #if defined(OPENSSL_SYS_WINDOWS) |
eef977aa MC |
1250 | /* Initialize Winsock. */ |
1251 | WORD wsa_version = MAKEWORD(2, 2); | |
1252 | WSADATA wsa_data; | |
1253 | int wsa_err = WSAStartup(wsa_version, &wsa_data); | |
1254 | if (wsa_err != 0) { | |
1255 | fprintf(stderr, "WSAStartup failed: %d\n", wsa_err); | |
1256 | return 1; | |
1257 | } | |
1258 | if (wsa_data.wVersion != wsa_version) { | |
1259 | fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion); | |
1260 | return 1; | |
1261 | } | |
1262 | #else | |
1263 | signal(SIGPIPE, SIG_IGN); | |
1264 | #endif | |
1265 | ||
1266 | OPENSSL_init_crypto(0, NULL); | |
1267 | OPENSSL_init_ssl(0, NULL); | |
1268 | g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | |
1269 | g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree); | |
1270 | if (g_config_index < 0 || g_state_index < 0) { | |
1271 | return 1; | |
1272 | } | |
1273 | ||
1274 | TestConfig config; | |
1275 | if (!ParseConfig(argc - 1, argv + 1, &config)) { | |
1276 | return Usage(argv[0]); | |
1277 | } | |
1278 | ||
7b73b7be | 1279 | bssl::UniquePtr<SSL_CTX> ssl_ctx = SetupCtx(&config); |
eef977aa MC |
1280 | if (!ssl_ctx) { |
1281 | ERR_print_errors_fp(stderr); | |
1282 | return 1; | |
1283 | } | |
1284 | ||
7b73b7be MC |
1285 | bssl::UniquePtr<SSL_SESSION> session; |
1286 | for (int i = 0; i < config.resume_count + 1; i++) { | |
1287 | bool is_resume = i > 0; | |
1288 | if (is_resume && !config.is_server && !session) { | |
1289 | fprintf(stderr, "No session to offer.\n"); | |
1290 | return 1; | |
1291 | } | |
eef977aa | 1292 | |
7b73b7be MC |
1293 | bssl::UniquePtr<SSL_SESSION> offer_session = std::move(session); |
1294 | if (!DoExchange(&session, ssl_ctx.get(), &config, is_resume, | |
1295 | offer_session.get())) { | |
1296 | fprintf(stderr, "Connection %d failed.\n", i + 1); | |
1297 | ERR_print_errors_fp(stderr); | |
1298 | return 1; | |
1299 | } | |
eef977aa MC |
1300 | } |
1301 | ||
1302 | return 0; | |
1303 | } | |
7b73b7be MC |
1304 | |
1305 | } // namespace bssl | |
1306 | ||
1307 | int main(int argc, char **argv) { | |
1308 | return bssl::Main(argc, argv); | |
1309 | } |