2014-07-02 00:53:04 +01:00
|
|
|
|
/* Copyright (c) 2014, Google Inc.
|
|
|
|
|
*
|
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
|
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
|
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
|
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
|
|
2015-12-19 19:23:26 +00:00
|
|
|
|
#if !defined(__STDC_FORMAT_MACROS)
|
|
|
|
|
#define __STDC_FORMAT_MACROS
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-07-31 23:23:51 +01:00
|
|
|
|
#include <openssl/base.h>
|
|
|
|
|
|
|
|
|
|
#if !defined(OPENSSL_WINDOWS)
|
2014-07-02 00:53:04 +01:00
|
|
|
|
#include <arpa/inet.h>
|
2014-07-23 00:20:02 +01:00
|
|
|
|
#include <netinet/in.h>
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
|
#include <netinet/tcp.h>
|
2014-07-23 00:20:02 +01:00
|
|
|
|
#include <signal.h>
|
|
|
|
|
#include <sys/socket.h>
|
2015-12-05 02:49:53 +00:00
|
|
|
|
#include <sys/time.h>
|
2014-07-09 14:30:38 +01:00
|
|
|
|
#include <unistd.h>
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
|
#else
|
|
|
|
|
#include <io.h>
|
2016-06-09 21:48:33 +01:00
|
|
|
|
OPENSSL_MSVC_PRAGMA(warning(push, 3))
|
2015-03-20 23:32:23 +00:00
|
|
|
|
#include <winsock2.h>
|
|
|
|
|
#include <ws2tcpip.h>
|
2016-06-09 21:48:33 +01:00
|
|
|
|
OPENSSL_MSVC_PRAGMA(warning(pop))
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
|
|
|
|
|
|
#pragma comment(lib, "Ws2_32.lib")
|
2014-07-31 23:23:51 +01:00
|
|
|
|
#endif
|
|
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
|
#include <assert.h>
|
2015-12-19 19:23:26 +00:00
|
|
|
|
#include <inttypes.h>
|
2015-01-31 01:08:37 +00:00
|
|
|
|
#include <string.h>
|
2014-07-02 00:53:04 +01:00
|
|
|
|
|
|
|
|
|
#include <openssl/bio.h>
|
2014-10-27 05:06:24 +00:00
|
|
|
|
#include <openssl/buf.h>
|
2014-07-09 14:30:38 +01:00
|
|
|
|
#include <openssl/bytestring.h>
|
2015-06-16 19:16:23 +01:00
|
|
|
|
#include <openssl/cipher.h>
|
2015-10-18 04:39:22 +01:00
|
|
|
|
#include <openssl/crypto.h>
|
2016-08-18 04:10:28 +01:00
|
|
|
|
#include <openssl/dh.h>
|
2016-09-06 23:10:19 +01:00
|
|
|
|
#include <openssl/digest.h>
|
2015-04-10 03:21:10 +01:00
|
|
|
|
#include <openssl/err.h>
|
2016-08-18 04:10:28 +01:00
|
|
|
|
#include <openssl/evp.h>
|
2015-06-16 19:16:23 +01:00
|
|
|
|
#include <openssl/hmac.h>
|
2016-03-25 22:07:11 +00:00
|
|
|
|
#include <openssl/nid.h>
|
2015-06-16 19:16:23 +01:00
|
|
|
|
#include <openssl/rand.h>
|
2014-07-23 00:20:02 +01:00
|
|
|
|
#include <openssl/ssl.h>
|
2016-08-18 04:10:28 +01:00
|
|
|
|
#include <openssl/x509.h>
|
2014-07-23 00:20:02 +01:00
|
|
|
|
|
2015-03-22 20:31:27 +00:00
|
|
|
|
#include <memory>
|
2015-09-04 17:41:04 +01:00
|
|
|
|
#include <string>
|
2015-04-03 09:06:36 +01:00
|
|
|
|
#include <vector>
|
2015-03-22 20:31:27 +00:00
|
|
|
|
|
2016-08-17 21:56:14 +01:00
|
|
|
|
#include "../../crypto/internal.h"
|
2014-08-05 07:28:57 +01:00
|
|
|
|
#include "async_bio.h"
|
2014-08-11 23:43:38 +01:00
|
|
|
|
#include "packeted_bio.h"
|
2014-08-12 00:51:50 +01:00
|
|
|
|
#include "test_config.h"
|
2014-08-05 07:28:57 +01:00
|
|
|
|
|
2016-08-10 01:48:22 +01:00
|
|
|
|
namespace bssl {
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
|
|
|
|
|
|
#if !defined(OPENSSL_WINDOWS)
|
|
|
|
|
static int closesocket(int sock) {
|
|
|
|
|
return close(sock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void PrintSocketError(const char *func) {
|
|
|
|
|
perror(func);
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
static void PrintSocketError(const char *func) {
|
|
|
|
|
fprintf(stderr, "%s: %d\n", func, WSAGetLastError());
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static int Usage(const char *program) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
fprintf(stderr, "Usage: %s [flags...]\n", program);
|
2014-07-23 00:20:02 +01:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
2014-07-02 00:53:04 +01:00
|
|
|
|
|
2015-02-09 18:03:50 +00:00
|
|
|
|
struct TestState {
|
2015-04-03 08:47:47 +01:00
|
|
|
|
// async_bio is async BIO which pauses reads and writes.
|
|
|
|
|
BIO *async_bio = nullptr;
|
2016-06-02 19:58:00 +01:00
|
|
|
|
// packeted_bio is the packeted BIO which simulates read timeouts.
|
|
|
|
|
BIO *packeted_bio = nullptr;
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<EVP_PKEY> channel_id;
|
2015-03-23 22:46:05 +00:00
|
|
|
|
bool cert_ready = false;
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<SSL_SESSION> session;
|
|
|
|
|
bssl::UniquePtr<SSL_SESSION> pending_session;
|
2015-03-23 22:46:05 +00:00
|
|
|
|
bool early_callback_called = false;
|
2015-04-03 00:57:35 +01:00
|
|
|
|
bool handshake_done = false;
|
2015-05-29 22:11:21 +01:00
|
|
|
|
// private_key is the underlying private key used when testing custom keys.
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<EVP_PKEY> private_key;
|
2015-08-07 22:07:52 +01:00
|
|
|
|
std::vector<uint8_t> private_key_result;
|
|
|
|
|
// private_key_retries is the number of times an asynchronous private key
|
|
|
|
|
// operation has been retried.
|
|
|
|
|
unsigned private_key_retries = 0;
|
2015-06-18 23:36:15 +01:00
|
|
|
|
bool got_new_session = false;
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<SSL_SESSION> new_session;
|
2016-08-10 01:00:32 +01:00
|
|
|
|
bool ticket_decrypt_done = false;
|
|
|
|
|
bool alpn_select_done = false;
|
2015-02-09 08:04:34 +00:00
|
|
|
|
};
|
|
|
|
|
|
2015-02-09 18:03:50 +00:00
|
|
|
|
static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
|
2015-07-31 02:10:13 +01:00
|
|
|
|
int index, long argl, void *argp) {
|
2015-02-09 18:03:50 +00:00
|
|
|
|
delete ((TestState *)ptr);
|
2015-02-09 08:04:34 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int g_config_index = 0;
|
2015-02-09 18:03:50 +00:00
|
|
|
|
static int g_state_index = 0;
|
2014-08-12 00:51:50 +01:00
|
|
|
|
|
2016-05-21 01:12:42 +01:00
|
|
|
|
static bool SetTestConfig(SSL *ssl, const TestConfig *config) {
|
2015-02-09 08:04:34 +00:00
|
|
|
|
return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1;
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
|
|
|
|
|
2016-05-21 01:12:42 +01:00
|
|
|
|
static const TestConfig *GetTestConfig(const SSL *ssl) {
|
2015-02-09 08:04:34 +00:00
|
|
|
|
return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
|
|
|
|
|
2015-11-23 18:44:48 +00:00
|
|
|
|
static bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) {
|
|
|
|
|
// |SSL_set_ex_data| takes ownership of |state| only on success.
|
|
|
|
|
if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) {
|
|
|
|
|
state.release();
|
2015-02-09 08:04:34 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-03 00:57:35 +01:00
|
|
|
|
static TestState *GetTestState(const SSL *ssl) {
|
2015-02-09 18:03:50 +00:00
|
|
|
|
return (TestState *)SSL_get_ex_data(ssl, g_state_index);
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
|
}
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
static bssl::UniquePtr<X509> LoadCertificate(const std::string &file) {
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
|
2016-03-10 14:15:01 +00:00
|
|
|
|
if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
2016-08-18 04:10:28 +01:00
|
|
|
|
return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), NULL, NULL, NULL));
|
2016-03-10 14:15:01 +00:00
|
|
|
|
}
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
static bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) {
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
|
2015-02-09 07:37:18 +00:00
|
|
|
|
if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
|
|
|
|
|
return nullptr;
|
2014-08-24 06:46:07 +01:00
|
|
|
|
}
|
2016-08-18 04:10:28 +01:00
|
|
|
|
return bssl::UniquePtr<EVP_PKEY>(
|
|
|
|
|
PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL));
|
2014-08-24 06:46:07 +01:00
|
|
|
|
}
|
|
|
|
|
|
2015-05-29 22:11:21 +01:00
|
|
|
|
static int AsyncPrivateKeyType(SSL *ssl) {
|
2016-07-14 18:47:55 +01:00
|
|
|
|
EVP_PKEY *key = GetTestState(ssl)->private_key.get();
|
|
|
|
|
switch (EVP_PKEY_id(key)) {
|
|
|
|
|
case EVP_PKEY_RSA:
|
|
|
|
|
return NID_rsaEncryption;
|
|
|
|
|
case EVP_PKEY_EC:
|
|
|
|
|
return EC_GROUP_get_curve_name(
|
|
|
|
|
EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(key)));
|
|
|
|
|
default:
|
|
|
|
|
return NID_undef;
|
|
|
|
|
}
|
2015-05-29 22:11:21 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static size_t AsyncPrivateKeyMaxSignatureLen(SSL *ssl) {
|
|
|
|
|
return EVP_PKEY_size(GetTestState(ssl)->private_key.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static ssl_private_key_result_t AsyncPrivateKeySign(
|
|
|
|
|
SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
2016-07-14 19:52:41 +01:00
|
|
|
|
uint16_t signature_algorithm, const uint8_t *in, size_t in_len) {
|
2015-05-29 22:11:21 +01:00
|
|
|
|
TestState *test_state = GetTestState(ssl);
|
2015-08-07 22:07:52 +01:00
|
|
|
|
if (!test_state->private_key_result.empty()) {
|
2015-05-29 22:11:21 +01:00
|
|
|
|
fprintf(stderr, "AsyncPrivateKeySign called with operation pending.\n");
|
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-14 19:52:41 +01:00
|
|
|
|
// Determine the hash.
|
|
|
|
|
const EVP_MD *md;
|
|
|
|
|
switch (signature_algorithm) {
|
|
|
|
|
case SSL_SIGN_RSA_PKCS1_SHA1:
|
|
|
|
|
case SSL_SIGN_ECDSA_SHA1:
|
|
|
|
|
md = EVP_sha1();
|
|
|
|
|
break;
|
|
|
|
|
case SSL_SIGN_RSA_PKCS1_SHA256:
|
|
|
|
|
case SSL_SIGN_ECDSA_SECP256R1_SHA256:
|
|
|
|
|
case SSL_SIGN_RSA_PSS_SHA256:
|
|
|
|
|
md = EVP_sha256();
|
|
|
|
|
break;
|
|
|
|
|
case SSL_SIGN_RSA_PKCS1_SHA384:
|
|
|
|
|
case SSL_SIGN_ECDSA_SECP384R1_SHA384:
|
|
|
|
|
case SSL_SIGN_RSA_PSS_SHA384:
|
|
|
|
|
md = EVP_sha384();
|
|
|
|
|
break;
|
|
|
|
|
case SSL_SIGN_RSA_PKCS1_SHA512:
|
|
|
|
|
case SSL_SIGN_ECDSA_SECP521R1_SHA512:
|
|
|
|
|
case SSL_SIGN_RSA_PSS_SHA512:
|
|
|
|
|
md = EVP_sha512();
|
|
|
|
|
break;
|
|
|
|
|
case SSL_SIGN_RSA_PKCS1_MD5_SHA1:
|
|
|
|
|
md = EVP_md5_sha1();
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
fprintf(stderr, "Unknown signature algorithm %04x.\n",
|
|
|
|
|
signature_algorithm);
|
|
|
|
|
return ssl_private_key_failure;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ScopedEVP_MD_CTX ctx;
|
|
|
|
|
EVP_PKEY_CTX *pctx;
|
|
|
|
|
if (!EVP_DigestSignInit(ctx.get(), &pctx, md, nullptr,
|
|
|
|
|
test_state->private_key.get())) {
|
2015-05-29 22:11:21 +01:00
|
|
|
|
return ssl_private_key_failure;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-14 19:52:41 +01:00
|
|
|
|
// Configure additional signature parameters.
|
|
|
|
|
switch (signature_algorithm) {
|
|
|
|
|
case SSL_SIGN_RSA_PSS_SHA256:
|
|
|
|
|
case SSL_SIGN_RSA_PSS_SHA384:
|
|
|
|
|
case SSL_SIGN_RSA_PSS_SHA512:
|
|
|
|
|
if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
|
|
|
|
|
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
|
|
|
|
|
-1 /* salt len = hash len */)) {
|
|
|
|
|
return ssl_private_key_failure;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-29 22:11:21 +01:00
|
|
|
|
// Write the signature into |test_state|.
|
|
|
|
|
size_t len = 0;
|
2016-07-14 19:52:41 +01:00
|
|
|
|
if (!EVP_DigestSignUpdate(ctx.get(), in, in_len) ||
|
|
|
|
|
!EVP_DigestSignFinal(ctx.get(), nullptr, &len)) {
|
2015-05-29 22:11:21 +01:00
|
|
|
|
return ssl_private_key_failure;
|
|
|
|
|
}
|
2015-08-07 22:07:52 +01:00
|
|
|
|
test_state->private_key_result.resize(len);
|
2016-07-14 19:52:41 +01:00
|
|
|
|
if (!EVP_DigestSignFinal(ctx.get(), test_state->private_key_result.data(),
|
|
|
|
|
&len)) {
|
2015-05-29 22:11:21 +01:00
|
|
|
|
return ssl_private_key_failure;
|
|
|
|
|
}
|
2015-08-07 22:07:52 +01:00
|
|
|
|
test_state->private_key_result.resize(len);
|
2015-05-29 22:11:21 +01:00
|
|
|
|
|
2016-07-14 19:52:41 +01:00
|
|
|
|
// The signature will be released asynchronously in |AsyncPrivateKeyComplete|.
|
2015-05-29 22:11:21 +01:00
|
|
|
|
return ssl_private_key_retry;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-07 22:07:52 +01:00
|
|
|
|
static ssl_private_key_result_t AsyncPrivateKeyDecrypt(
|
|
|
|
|
SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
|
|
const uint8_t *in, size_t in_len) {
|
|
|
|
|
TestState *test_state = GetTestState(ssl);
|
|
|
|
|
if (!test_state->private_key_result.empty()) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"AsyncPrivateKeyDecrypt called with operation pending.\n");
|
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-20 22:47:25 +00:00
|
|
|
|
RSA *rsa = EVP_PKEY_get0_RSA(test_state->private_key.get());
|
|
|
|
|
if (rsa == NULL) {
|
2015-08-07 22:07:52 +01:00
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"AsyncPrivateKeyDecrypt called with incorrect key type.\n");
|
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
test_state->private_key_result.resize(RSA_size(rsa));
|
2015-11-11 22:01:27 +00:00
|
|
|
|
if (!RSA_decrypt(rsa, out_len, test_state->private_key_result.data(),
|
2015-08-07 22:07:52 +01:00
|
|
|
|
RSA_size(rsa), in, in_len, RSA_NO_PADDING)) {
|
|
|
|
|
return ssl_private_key_failure;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
test_state->private_key_result.resize(*out_len);
|
|
|
|
|
|
2016-07-14 19:52:41 +01:00
|
|
|
|
// The decryption will be released asynchronously in |AsyncPrivateComplete|.
|
2015-08-07 22:07:52 +01:00
|
|
|
|
return ssl_private_key_retry;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-14 19:52:41 +01:00
|
|
|
|
static ssl_private_key_result_t AsyncPrivateKeyComplete(
|
2015-08-07 22:07:52 +01:00
|
|
|
|
SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out) {
|
|
|
|
|
TestState *test_state = GetTestState(ssl);
|
|
|
|
|
if (test_state->private_key_result.empty()) {
|
|
|
|
|
fprintf(stderr,
|
2016-07-14 19:52:41 +01:00
|
|
|
|
"AsyncPrivateKeyComplete called without operation pending.\n");
|
2015-08-07 22:07:52 +01:00
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (test_state->private_key_retries < 2) {
|
|
|
|
|
// Only return the decryption on the second attempt, to test both incomplete
|
|
|
|
|
// |decrypt| and |decrypt_complete|.
|
|
|
|
|
return ssl_private_key_retry;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (max_out < test_state->private_key_result.size()) {
|
|
|
|
|
fprintf(stderr, "Output buffer too small.\n");
|
|
|
|
|
return ssl_private_key_failure;
|
|
|
|
|
}
|
2015-11-11 22:01:27 +00:00
|
|
|
|
memcpy(out, test_state->private_key_result.data(),
|
2015-08-07 22:07:52 +01:00
|
|
|
|
test_state->private_key_result.size());
|
|
|
|
|
*out_len = test_state->private_key_result.size();
|
|
|
|
|
|
|
|
|
|
test_state->private_key_result.clear();
|
|
|
|
|
test_state->private_key_retries = 0;
|
2015-05-29 22:11:21 +01:00
|
|
|
|
return ssl_private_key_success;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const SSL_PRIVATE_KEY_METHOD g_async_private_key_method = {
|
|
|
|
|
AsyncPrivateKeyType,
|
|
|
|
|
AsyncPrivateKeyMaxSignatureLen,
|
|
|
|
|
AsyncPrivateKeySign,
|
2016-07-14 19:52:41 +01:00
|
|
|
|
nullptr /* sign_digest */,
|
2015-08-07 22:07:52 +01:00
|
|
|
|
AsyncPrivateKeyDecrypt,
|
2016-07-14 19:52:41 +01:00
|
|
|
|
AsyncPrivateKeyComplete,
|
2015-05-29 22:11:21 +01:00
|
|
|
|
};
|
|
|
|
|
|
2015-09-04 17:41:04 +01:00
|
|
|
|
template<typename T>
|
2016-07-12 16:09:33 +01:00
|
|
|
|
struct Free {
|
2015-09-04 17:41:04 +01:00
|
|
|
|
void operator()(T *buf) {
|
|
|
|
|
free(buf);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
static bool GetCertificate(SSL *ssl, bssl::UniquePtr<X509> *out_x509,
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> *out_pkey) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2015-09-04 17:41:04 +01:00
|
|
|
|
|
|
|
|
|
if (!config->digest_prefs.empty()) {
|
2016-07-12 16:09:33 +01:00
|
|
|
|
std::unique_ptr<char, Free<char>> digest_prefs(
|
2015-09-04 17:41:04 +01:00
|
|
|
|
strdup(config->digest_prefs.c_str()));
|
|
|
|
|
std::vector<int> digest_list;
|
|
|
|
|
|
|
|
|
|
for (;;) {
|
2015-09-23 23:01:07 +01:00
|
|
|
|
char *token =
|
|
|
|
|
strtok(digest_list.empty() ? digest_prefs.get() : nullptr, ",");
|
2015-09-04 17:41:04 +01:00
|
|
|
|
if (token == nullptr) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
digest_list.push_back(EVP_MD_type(EVP_get_digestbyname(token)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!SSL_set_private_key_digest_prefs(ssl, digest_list.data(),
|
|
|
|
|
digest_list.size())) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-14 17:51:01 +01:00
|
|
|
|
if (!config->signing_prefs.empty()) {
|
|
|
|
|
std::vector<uint16_t> u16s(config->signing_prefs.begin(),
|
|
|
|
|
config->signing_prefs.end());
|
|
|
|
|
if (!SSL_set_signing_algorithm_prefs(ssl, u16s.data(), u16s.size())) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-29 22:11:21 +01:00
|
|
|
|
if (!config->key_file.empty()) {
|
2016-03-10 14:15:01 +00:00
|
|
|
|
*out_pkey = LoadPrivateKey(config->key_file.c_str());
|
|
|
|
|
if (!*out_pkey) {
|
2015-05-29 22:11:21 +01:00
|
|
|
|
return false;
|
|
|
|
|
}
|
2015-02-09 08:13:35 +00:00
|
|
|
|
}
|
2016-03-10 14:15:01 +00:00
|
|
|
|
if (!config->cert_file.empty()) {
|
|
|
|
|
*out_x509 = LoadCertificate(config->cert_file.c_str());
|
|
|
|
|
if (!*out_x509) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2015-02-09 08:13:35 +00:00
|
|
|
|
}
|
2015-08-12 11:47:11 +01:00
|
|
|
|
if (!config->ocsp_response.empty() &&
|
|
|
|
|
!SSL_CTX_set_ocsp_response(ssl->ctx,
|
|
|
|
|
(const uint8_t *)config->ocsp_response.data(),
|
|
|
|
|
config->ocsp_response.size())) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2015-02-09 08:13:35 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-10 14:15:01 +00:00
|
|
|
|
static bool InstallCertificate(SSL *ssl) {
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<X509> x509;
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey;
|
2016-03-10 14:15:01 +00:00
|
|
|
|
if (!GetCertificate(ssl, &x509, &pkey)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pkey) {
|
|
|
|
|
TestState *test_state = GetTestState(ssl);
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2016-03-10 14:15:01 +00:00
|
|
|
|
if (config->async) {
|
|
|
|
|
test_state->private_key = std::move(pkey);
|
|
|
|
|
SSL_set_private_key_method(ssl, &g_async_private_key_method);
|
|
|
|
|
} else if (!SSL_use_PrivateKey(ssl, pkey.get())) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (x509 && !SSL_use_certificate(ssl, x509.get())) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static int SelectCertificateCallback(const struct ssl_early_callback_ctx *ctx) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ctx->ssl);
|
2015-02-09 18:03:50 +00:00
|
|
|
|
GetTestState(ctx->ssl)->early_callback_called = true;
|
2014-08-12 00:51:50 +01:00
|
|
|
|
|
2015-02-24 06:23:21 +00:00
|
|
|
|
if (!config->expected_server_name.empty()) {
|
|
|
|
|
const uint8_t *extension_data;
|
|
|
|
|
size_t extension_len;
|
|
|
|
|
CBS extension, server_name_list, host_name;
|
|
|
|
|
uint8_t name_type;
|
|
|
|
|
|
|
|
|
|
if (!SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
|
|
|
|
|
&extension_data,
|
|
|
|
|
&extension_len)) {
|
|
|
|
|
fprintf(stderr, "Could not find server_name extension.\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2014-07-09 14:30:38 +01:00
|
|
|
|
|
2015-02-24 06:23:21 +00:00
|
|
|
|
CBS_init(&extension, extension_data, extension_len);
|
|
|
|
|
if (!CBS_get_u16_length_prefixed(&extension, &server_name_list) ||
|
|
|
|
|
CBS_len(&extension) != 0 ||
|
|
|
|
|
!CBS_get_u8(&server_name_list, &name_type) ||
|
|
|
|
|
name_type != TLSEXT_NAMETYPE_host_name ||
|
|
|
|
|
!CBS_get_u16_length_prefixed(&server_name_list, &host_name) ||
|
|
|
|
|
CBS_len(&server_name_list) != 0) {
|
|
|
|
|
fprintf(stderr, "Could not decode server_name extension.\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2014-07-09 14:30:38 +01:00
|
|
|
|
|
2015-02-24 06:23:21 +00:00
|
|
|
|
if (!CBS_mem_equal(&host_name,
|
|
|
|
|
(const uint8_t*)config->expected_server_name.data(),
|
|
|
|
|
config->expected_server_name.size())) {
|
|
|
|
|
fprintf(stderr, "Server name mismatch.\n");
|
|
|
|
|
}
|
2014-07-08 22:30:11 +01:00
|
|
|
|
}
|
|
|
|
|
|
2015-02-24 06:23:21 +00:00
|
|
|
|
if (config->fail_early_callback) {
|
2014-07-08 22:30:11 +01:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-24 06:23:21 +00:00
|
|
|
|
// Install the certificate in the early callback.
|
|
|
|
|
if (config->use_early_callback) {
|
|
|
|
|
if (config->async) {
|
|
|
|
|
// Install the certificate asynchronously.
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (!InstallCertificate(ctx->ssl)) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2014-07-09 14:30:38 +01:00
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2014-07-02 00:53:04 +01:00
|
|
|
|
|
2016-03-10 14:15:01 +00:00
|
|
|
|
static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) {
|
2016-03-10 14:15:01 +00:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<X509> x509;
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey;
|
2016-03-10 14:15:01 +00:00
|
|
|
|
if (!GetCertificate(ssl, &x509, &pkey)) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Return zero for no certificate.
|
|
|
|
|
if (!x509) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Asynchronous private keys are not supported with client_cert_cb.
|
|
|
|
|
*out_x509 = x509.release();
|
|
|
|
|
*out_pkey = pkey.release();
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-18 12:21:54 +01:00
|
|
|
|
static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) {
|
|
|
|
|
SSL* ssl = (SSL*)X509_STORE_CTX_get_ex_data(store_ctx,
|
|
|
|
|
SSL_get_ex_data_X509_STORE_CTX_idx());
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2015-08-18 12:21:54 +01:00
|
|
|
|
|
|
|
|
|
if (!config->expected_ocsp_response.empty()) {
|
|
|
|
|
const uint8_t *data;
|
|
|
|
|
size_t len;
|
|
|
|
|
SSL_get0_ocsp_response(ssl, &data, &len);
|
|
|
|
|
if (len == 0) {
|
|
|
|
|
fprintf(stderr, "OCSP response not available in verify callback\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-12 20:47:52 +01:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-18 12:21:54 +01:00
|
|
|
|
static int VerifyFail(X509_STORE_CTX *store_ctx, void *arg) {
|
|
|
|
|
store_ctx->error = X509_V_ERR_APPLICATION_VERIFICATION;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out,
|
|
|
|
|
unsigned int *out_len, void *arg) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2015-02-09 17:59:46 +00:00
|
|
|
|
if (config->advertise_npn.empty()) {
|
2014-07-12 21:18:02 +01:00
|
|
|
|
return SSL_TLSEXT_ERR_NOACK;
|
2015-02-09 17:59:46 +00:00
|
|
|
|
}
|
2014-07-12 21:18:02 +01:00
|
|
|
|
|
2014-08-12 00:51:50 +01:00
|
|
|
|
*out = (const uint8_t*)config->advertise_npn.data();
|
|
|
|
|
*out_len = config->advertise_npn.size();
|
2014-07-12 21:18:02 +01:00
|
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen,
|
2015-03-14 05:54:17 +00:00
|
|
|
|
const uint8_t* in, unsigned inlen, void* arg) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2015-02-09 17:59:46 +00:00
|
|
|
|
if (config->select_next_proto.empty()) {
|
2014-07-28 19:52:32 +01:00
|
|
|
|
return SSL_TLSEXT_ERR_NOACK;
|
2015-02-09 17:59:46 +00:00
|
|
|
|
}
|
2014-07-28 19:52:32 +01:00
|
|
|
|
|
2014-08-12 00:51:50 +01:00
|
|
|
|
*out = (uint8_t*)config->select_next_proto.data();
|
|
|
|
|
*outlen = config->select_next_proto.size();
|
2014-07-28 19:52:32 +01:00
|
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen,
|
|
|
|
|
const uint8_t* in, unsigned inlen, void* arg) {
|
2016-08-10 01:00:32 +01:00
|
|
|
|
if (GetTestState(ssl)->alpn_select_done) {
|
|
|
|
|
fprintf(stderr, "AlpnSelectCallback called after completion.\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
GetTestState(ssl)->alpn_select_done = true;
|
|
|
|
|
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2016-03-17 21:49:56 +00:00
|
|
|
|
if (config->decline_alpn) {
|
2014-09-06 17:58:58 +01:00
|
|
|
|
return SSL_TLSEXT_ERR_NOACK;
|
2015-02-09 17:59:46 +00:00
|
|
|
|
}
|
2014-09-06 17:58:58 +01:00
|
|
|
|
|
|
|
|
|
if (!config->expected_advertised_alpn.empty() &&
|
|
|
|
|
(config->expected_advertised_alpn.size() != inlen ||
|
|
|
|
|
memcmp(config->expected_advertised_alpn.data(),
|
|
|
|
|
in, inlen) != 0)) {
|
|
|
|
|
fprintf(stderr, "bad ALPN select callback inputs\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*out = (const uint8_t*)config->select_alpn.data();
|
|
|
|
|
*outlen = config->select_alpn.size();
|
|
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static unsigned PskClientCallback(SSL *ssl, const char *hint,
|
|
|
|
|
char *out_identity,
|
|
|
|
|
unsigned max_identity_len,
|
|
|
|
|
uint8_t *out_psk, unsigned max_psk_len) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2014-10-27 05:06:24 +00:00
|
|
|
|
|
2016-09-17 00:42:05 +01:00
|
|
|
|
if (config->psk_identity.empty()) {
|
|
|
|
|
if (hint != nullptr) {
|
|
|
|
|
fprintf(stderr, "Server PSK hint was non-null.\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
} else if (hint == nullptr ||
|
|
|
|
|
strcmp(hint, config->psk_identity.c_str()) != 0) {
|
2014-10-27 05:06:24 +00:00
|
|
|
|
fprintf(stderr, "Server PSK hint did not match.\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Account for the trailing '\0' for the identity.
|
|
|
|
|
if (config->psk_identity.size() >= max_identity_len ||
|
|
|
|
|
config->psk.size() > max_psk_len) {
|
|
|
|
|
fprintf(stderr, "PSK buffers too small\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BUF_strlcpy(out_identity, config->psk_identity.c_str(),
|
|
|
|
|
max_identity_len);
|
|
|
|
|
memcpy(out_psk, config->psk.data(), config->psk.size());
|
|
|
|
|
return config->psk.size();
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static unsigned PskServerCallback(SSL *ssl, const char *identity,
|
|
|
|
|
uint8_t *out_psk, unsigned max_psk_len) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2014-10-27 05:06:24 +00:00
|
|
|
|
|
|
|
|
|
if (strcmp(identity, config->psk_identity.c_str()) != 0) {
|
|
|
|
|
fprintf(stderr, "Client PSK identity did not match.\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (config->psk.size() > max_psk_len) {
|
|
|
|
|
fprintf(stderr, "PSK buffers too small\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memcpy(out_psk, config->psk.data(), config->psk.size());
|
|
|
|
|
return config->psk.size();
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-08 18:29:45 +01:00
|
|
|
|
static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
|
2016-06-02 19:58:00 +01:00
|
|
|
|
*out_clock = PacketedBioGetClock(GetTestState(ssl)->packeted_bio);
|
2015-01-26 05:22:12 +00:00
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static void ChannelIdCallback(SSL *ssl, EVP_PKEY **out_pkey) {
|
2015-02-09 18:03:50 +00:00
|
|
|
|
*out_pkey = GetTestState(ssl)->channel_id.release();
|
2015-02-09 08:04:34 +00:00
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static int CertCallback(SSL *ssl, void *arg) {
|
2015-02-09 18:03:50 +00:00
|
|
|
|
if (!GetTestState(ssl)->cert_ready) {
|
2015-02-09 08:13:35 +00:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (!InstallCertificate(ssl)) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
|
static SSL_SESSION *GetSessionCallback(SSL *ssl, uint8_t *data, int len,
|
|
|
|
|
int *copy) {
|
2015-02-09 18:03:50 +00:00
|
|
|
|
TestState *async_state = GetTestState(ssl);
|
2015-02-09 09:28:16 +00:00
|
|
|
|
if (async_state->session) {
|
|
|
|
|
*copy = 0;
|
|
|
|
|
return async_state->session.release();
|
|
|
|
|
} else if (async_state->pending_session) {
|
|
|
|
|
return SSL_magic_pending_session_ptr();
|
|
|
|
|
} else {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-21 00:04:00 +00:00
|
|
|
|
static int DDoSCallback(const struct ssl_early_callback_ctx *early_context) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(early_context->ssl);
|
2015-02-21 00:04:00 +00:00
|
|
|
|
static int callback_num = 0;
|
|
|
|
|
|
|
|
|
|
callback_num++;
|
|
|
|
|
if (config->fail_ddos_callback ||
|
|
|
|
|
(config->fail_second_ddos_callback && callback_num == 2)) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-03 00:57:35 +01:00
|
|
|
|
static void InfoCallback(const SSL *ssl, int type, int val) {
|
|
|
|
|
if (type == SSL_CB_HANDSHAKE_DONE) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
if (GetTestConfig(ssl)->handshake_never_done) {
|
2016-09-20 22:58:14 +01:00
|
|
|
|
fprintf(stderr, "Handshake unexpectedly completed.\n");
|
2015-04-03 00:57:35 +01:00
|
|
|
|
// Abort before any expected error code is printed, to ensure the overall
|
|
|
|
|
// test fails.
|
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
GetTestState(ssl)->handshake_done = true;
|
2016-08-10 01:00:32 +01:00
|
|
|
|
|
|
|
|
|
// Callbacks may be called again on a new handshake.
|
|
|
|
|
GetTestState(ssl)->ticket_decrypt_done = false;
|
|
|
|
|
GetTestState(ssl)->alpn_select_done = false;
|
2015-04-03 00:57:35 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-18 23:36:15 +01:00
|
|
|
|
static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) {
|
|
|
|
|
GetTestState(ssl)->got_new_session = true;
|
2016-07-29 19:32:55 +01:00
|
|
|
|
GetTestState(ssl)->new_session.reset(session);
|
2015-06-18 23:36:15 +01:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-16 19:16:23 +01:00
|
|
|
|
static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
|
|
|
|
|
EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
|
|
|
|
|
int encrypt) {
|
2016-08-10 01:00:32 +01:00
|
|
|
|
if (!encrypt) {
|
|
|
|
|
if (GetTestState(ssl)->ticket_decrypt_done) {
|
|
|
|
|
fprintf(stderr, "TicketKeyCallback called after completion.\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
GetTestState(ssl)->ticket_decrypt_done = true;
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-16 19:16:23 +01:00
|
|
|
|
// This is just test code, so use the all-zeros key.
|
|
|
|
|
static const uint8_t kZeros[16] = {0};
|
|
|
|
|
|
|
|
|
|
if (encrypt) {
|
|
|
|
|
memcpy(key_name, kZeros, sizeof(kZeros));
|
|
|
|
|
RAND_bytes(iv, 16);
|
|
|
|
|
} else if (memcmp(key_name, kZeros, 16) != 0) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
|
|
|
|
|
!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!encrypt) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
return GetTestConfig(ssl)->renew_ticket ? 2 : 1;
|
2015-06-16 19:16:23 +01:00
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-31 02:10:13 +01:00
|
|
|
|
// kCustomExtensionValue is the extension value that the custom extension
|
|
|
|
|
// callbacks will add.
|
2015-07-31 02:19:26 +01:00
|
|
|
|
static const uint16_t kCustomExtensionValue = 1234;
|
2015-07-31 02:10:13 +01:00
|
|
|
|
static void *const kCustomExtensionAddArg =
|
|
|
|
|
reinterpret_cast<void *>(kCustomExtensionValue);
|
|
|
|
|
static void *const kCustomExtensionParseArg =
|
|
|
|
|
reinterpret_cast<void *>(kCustomExtensionValue + 1);
|
|
|
|
|
static const char kCustomExtensionContents[] = "custom extension";
|
|
|
|
|
|
|
|
|
|
static int CustomExtensionAddCallback(SSL *ssl, unsigned extension_value,
|
|
|
|
|
const uint8_t **out, size_t *out_len,
|
|
|
|
|
int *out_alert_value, void *add_arg) {
|
|
|
|
|
if (extension_value != kCustomExtensionValue ||
|
|
|
|
|
add_arg != kCustomExtensionAddArg) {
|
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-21 01:12:42 +01:00
|
|
|
|
if (GetTestConfig(ssl)->custom_extension_skip) {
|
2015-07-31 02:10:13 +01:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-05-21 01:12:42 +01:00
|
|
|
|
if (GetTestConfig(ssl)->custom_extension_fail_add) {
|
2015-07-31 02:10:13 +01:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*out = reinterpret_cast<const uint8_t*>(kCustomExtensionContents);
|
|
|
|
|
*out_len = sizeof(kCustomExtensionContents) - 1;
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void CustomExtensionFreeCallback(SSL *ssl, unsigned extension_value,
|
|
|
|
|
const uint8_t *out, void *add_arg) {
|
|
|
|
|
if (extension_value != kCustomExtensionValue ||
|
|
|
|
|
add_arg != kCustomExtensionAddArg ||
|
|
|
|
|
out != reinterpret_cast<const uint8_t *>(kCustomExtensionContents)) {
|
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value,
|
|
|
|
|
const uint8_t *contents,
|
|
|
|
|
size_t contents_len,
|
|
|
|
|
int *out_alert_value, void *parse_arg) {
|
|
|
|
|
if (extension_value != kCustomExtensionValue ||
|
|
|
|
|
parse_arg != kCustomExtensionParseArg) {
|
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (contents_len != sizeof(kCustomExtensionContents) - 1 ||
|
|
|
|
|
memcmp(contents, kCustomExtensionContents, contents_len) != 0) {
|
|
|
|
|
*out_alert_value = SSL_AD_DECODE_ERROR;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
|
// Connect returns a new socket connected to localhost on |port| or -1 on
|
|
|
|
|
// error.
|
|
|
|
|
static int Connect(uint16_t port) {
|
|
|
|
|
int sock = socket(AF_INET, SOCK_STREAM, 0);
|
|
|
|
|
if (sock == -1) {
|
|
|
|
|
PrintSocketError("socket");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
int nodelay = 1;
|
|
|
|
|
if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
|
|
|
|
|
reinterpret_cast<const char*>(&nodelay), sizeof(nodelay)) != 0) {
|
|
|
|
|
PrintSocketError("setsockopt");
|
|
|
|
|
closesocket(sock);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
sockaddr_in sin;
|
|
|
|
|
memset(&sin, 0, sizeof(sin));
|
|
|
|
|
sin.sin_family = AF_INET;
|
|
|
|
|
sin.sin_port = htons(port);
|
|
|
|
|
if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) {
|
|
|
|
|
PrintSocketError("inet_pton");
|
|
|
|
|
closesocket(sock);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (connect(sock, reinterpret_cast<const sockaddr*>(&sin),
|
|
|
|
|
sizeof(sin)) != 0) {
|
|
|
|
|
PrintSocketError("connect");
|
|
|
|
|
closesocket(sock);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return sock;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class SocketCloser {
|
|
|
|
|
public:
|
|
|
|
|
explicit SocketCloser(int sock) : sock_(sock) {}
|
|
|
|
|
~SocketCloser() {
|
|
|
|
|
// Half-close and drain the socket before releasing it. This seems to be
|
|
|
|
|
// necessary for graceful shutdown on Windows. It will also avoid write
|
|
|
|
|
// failures in the test runner.
|
|
|
|
|
#if defined(OPENSSL_WINDOWS)
|
|
|
|
|
shutdown(sock_, SD_SEND);
|
|
|
|
|
#else
|
|
|
|
|
shutdown(sock_, SHUT_WR);
|
|
|
|
|
#endif
|
|
|
|
|
while (true) {
|
|
|
|
|
char buf[1024];
|
|
|
|
|
if (recv(sock_, buf, sizeof(buf), 0) <= 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
closesocket(sock_);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
const int sock_;
|
|
|
|
|
};
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
|
|
|
|
|
bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(
|
2015-02-09 07:37:18 +00:00
|
|
|
|
config->is_dtls ? DTLS_method() : TLS_method()));
|
|
|
|
|
if (!ssl_ctx) {
|
|
|
|
|
return nullptr;
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
|
|
|
|
|
2016-09-20 00:57:37 +01:00
|
|
|
|
// Enable TLS 1.3 for tests.
|
|
|
|
|
if (!config->is_dtls &&
|
2016-09-20 20:12:23 +01:00
|
|
|
|
!SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
|
2016-09-20 00:57:37 +01:00
|
|
|
|
return nullptr;
|
2016-06-15 02:14:35 +01:00
|
|
|
|
}
|
|
|
|
|
|
2015-09-03 22:51:12 +01:00
|
|
|
|
std::string cipher_list = "ALL";
|
|
|
|
|
if (!config->cipher.empty()) {
|
|
|
|
|
cipher_list = config->cipher;
|
|
|
|
|
SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
|
|
|
|
|
}
|
|
|
|
|
if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), cipher_list.c_str())) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!config->cipher_tls10.empty() &&
|
|
|
|
|
!SSL_CTX_set_cipher_list_tls10(ssl_ctx.get(),
|
|
|
|
|
config->cipher_tls10.c_str())) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
if (!config->cipher_tls11.empty() &&
|
|
|
|
|
!SSL_CTX_set_cipher_list_tls11(ssl_ctx.get(),
|
|
|
|
|
config->cipher_tls11.c_str())) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
return nullptr;
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<DH> dh(DH_get_2048_256(NULL));
|
2016-03-28 14:59:10 +01:00
|
|
|
|
if (!dh) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
2015-11-27 00:39:08 +00:00
|
|
|
|
|
|
|
|
|
if (config->use_sparse_dh_prime) {
|
|
|
|
|
// This prime number is 2^1024 + 643 – a value just above a power of two.
|
|
|
|
|
// Because of its form, values modulo it are essentially certain to be one
|
|
|
|
|
// byte shorter. This is used to test padding of these values.
|
|
|
|
|
if (BN_hex2bn(
|
|
|
|
|
&dh->p,
|
|
|
|
|
"1000000000000000000000000000000000000000000000000000000000000000"
|
|
|
|
|
"0000000000000000000000000000000000000000000000000000000000000000"
|
|
|
|
|
"0000000000000000000000000000000000000000000000000000000000000000"
|
|
|
|
|
"0000000000000000000000000000000000000000000000000000000000000028"
|
|
|
|
|
"3") == 0 ||
|
|
|
|
|
!BN_set_word(dh->g, 2)) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
2016-02-02 19:14:36 +00:00
|
|
|
|
BN_free(dh->q);
|
|
|
|
|
dh->q = NULL;
|
2015-11-27 00:39:08 +00:00
|
|
|
|
dh->priv_length = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-28 14:59:10 +01:00
|
|
|
|
if (!SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
return nullptr;
|
2014-08-02 22:35:45 +01:00
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 09:28:16 +00:00
|
|
|
|
if (config->async && config->is_server) {
|
|
|
|
|
// Disable the internal session cache. To test asynchronous session lookup,
|
|
|
|
|
// we use an external session cache.
|
|
|
|
|
SSL_CTX_set_session_cache_mode(
|
|
|
|
|
ssl_ctx.get(), SSL_SESS_CACHE_BOTH | SSL_SESS_CACHE_NO_INTERNAL);
|
2015-02-09 17:59:46 +00:00
|
|
|
|
SSL_CTX_sess_set_get_cb(ssl_ctx.get(), GetSessionCallback);
|
2015-02-09 09:28:16 +00:00
|
|
|
|
} else {
|
|
|
|
|
SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH);
|
|
|
|
|
}
|
2014-07-23 00:20:02 +01:00
|
|
|
|
|
2015-10-17 17:28:18 +01:00
|
|
|
|
SSL_CTX_set_select_certificate_cb(ssl_ctx.get(), SelectCertificateCallback);
|
2014-07-09 14:30:38 +01:00
|
|
|
|
|
2016-03-10 14:15:01 +00:00
|
|
|
|
if (config->use_old_client_cert_callback) {
|
|
|
|
|
SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback);
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-12 21:18:02 +01:00
|
|
|
|
SSL_CTX_set_next_protos_advertised_cb(
|
2015-02-09 17:59:46 +00:00
|
|
|
|
ssl_ctx.get(), NextProtosAdvertisedCallback, NULL);
|
2014-09-06 17:58:58 +01:00
|
|
|
|
if (!config->select_next_proto.empty()) {
|
2015-02-09 17:59:46 +00:00
|
|
|
|
SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback,
|
2015-02-09 07:37:18 +00:00
|
|
|
|
NULL);
|
2014-09-06 17:58:58 +01:00
|
|
|
|
}
|
|
|
|
|
|
2016-03-17 21:49:56 +00:00
|
|
|
|
if (!config->select_alpn.empty() || config->decline_alpn) {
|
2015-02-09 17:59:46 +00:00
|
|
|
|
SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL);
|
2014-09-06 17:58:58 +01:00
|
|
|
|
}
|
2014-07-12 21:18:02 +01:00
|
|
|
|
|
2015-07-10 22:33:46 +01:00
|
|
|
|
SSL_CTX_enable_tls_channel_id(ssl_ctx.get());
|
2015-02-09 17:59:46 +00:00
|
|
|
|
SSL_CTX_set_channel_id_cb(ssl_ctx.get(), ChannelIdCallback);
|
2014-08-24 06:46:07 +01:00
|
|
|
|
|
2016-08-03 18:13:17 +01:00
|
|
|
|
if (config->is_dtls) {
|
|
|
|
|
SSL_CTX_set_current_time_cb(ssl_ctx.get(), CurrentTimeCallback);
|
|
|
|
|
}
|
2015-01-26 05:22:12 +00:00
|
|
|
|
|
2015-04-03 00:57:35 +01:00
|
|
|
|
SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback);
|
2015-06-18 23:36:15 +01:00
|
|
|
|
SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
|
2015-04-03 00:57:35 +01:00
|
|
|
|
|
2015-06-16 19:16:23 +01:00
|
|
|
|
if (config->use_ticket_callback) {
|
|
|
|
|
SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback);
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-31 02:10:13 +01:00
|
|
|
|
if (config->enable_client_custom_extension &&
|
|
|
|
|
!SSL_CTX_add_client_custom_ext(
|
|
|
|
|
ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback,
|
|
|
|
|
CustomExtensionFreeCallback, kCustomExtensionAddArg,
|
|
|
|
|
CustomExtensionParseCallback, kCustomExtensionParseArg)) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (config->enable_server_custom_extension &&
|
|
|
|
|
!SSL_CTX_add_server_custom_ext(
|
|
|
|
|
ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback,
|
|
|
|
|
CustomExtensionFreeCallback, kCustomExtensionAddArg,
|
|
|
|
|
CustomExtensionParseCallback, kCustomExtensionParseArg)) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-18 12:21:54 +01:00
|
|
|
|
if (config->verify_fail) {
|
|
|
|
|
SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifyFail, NULL);
|
|
|
|
|
} else {
|
|
|
|
|
SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-09 13:44:55 +01:00
|
|
|
|
if (!config->signed_cert_timestamps.empty() &&
|
|
|
|
|
!SSL_CTX_set_signed_cert_timestamp_list(
|
|
|
|
|
ssl_ctx.get(), (const uint8_t *)config->signed_cert_timestamps.data(),
|
|
|
|
|
config->signed_cert_timestamps.size())) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-14 00:47:39 +01:00
|
|
|
|
if (config->use_null_client_ca_list) {
|
|
|
|
|
SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-03 02:35:25 +01:00
|
|
|
|
if (config->enable_grease) {
|
|
|
|
|
SSL_CTX_set_grease_enabled(ssl_ctx.get(), 1);
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-23 00:20:02 +01:00
|
|
|
|
return ssl_ctx;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-20 16:23:42 +00:00
|
|
|
|
// RetryAsync is called after a failed operation on |ssl| with return code
|
|
|
|
|
// |ret|. If the operation should be retried, it simulates one asynchronous
|
2015-04-03 08:47:47 +01:00
|
|
|
|
// event and returns true. Otherwise it returns false.
|
|
|
|
|
static bool RetryAsync(SSL *ssl, int ret) {
|
2014-08-05 07:28:57 +01:00
|
|
|
|
// No error; don't retry.
|
|
|
|
|
if (ret >= 0) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
|
|
2015-04-03 08:47:47 +01:00
|
|
|
|
TestState *test_state = GetTestState(ssl);
|
2016-06-14 16:18:22 +01:00
|
|
|
|
assert(GetTestConfig(ssl)->async);
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
|
if (test_state->packeted_bio != nullptr &&
|
|
|
|
|
PacketedBioAdvanceClock(test_state->packeted_bio)) {
|
2015-11-02 22:16:13 +00:00
|
|
|
|
// The DTLS retransmit logic silently ignores write failures. So the test
|
|
|
|
|
// may progress, allow writes through synchronously.
|
2016-06-02 19:58:00 +01:00
|
|
|
|
AsyncBioEnforceWriteQuota(test_state->async_bio, false);
|
2015-11-02 22:16:13 +00:00
|
|
|
|
int timeout_ret = DTLSv1_handle_timeout(ssl);
|
2016-06-02 19:58:00 +01:00
|
|
|
|
AsyncBioEnforceWriteQuota(test_state->async_bio, true);
|
2015-11-02 22:16:13 +00:00
|
|
|
|
|
|
|
|
|
if (timeout_ret < 0) {
|
2015-04-03 09:06:36 +01:00
|
|
|
|
fprintf(stderr, "Error retransmitting.\n");
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
|
}
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return true;
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
|
}
|
|
|
|
|
|
2014-08-05 07:28:57 +01:00
|
|
|
|
// See if we needed to read or write more. If so, allow one byte through on
|
|
|
|
|
// the appropriate end to maximally stress the state machine.
|
2015-02-09 08:04:34 +00:00
|
|
|
|
switch (SSL_get_error(ssl, ret)) {
|
|
|
|
|
case SSL_ERROR_WANT_READ:
|
2015-04-03 08:47:47 +01:00
|
|
|
|
AsyncBioAllowRead(test_state->async_bio, 1);
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return true;
|
2015-02-09 08:04:34 +00:00
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
2015-04-03 08:47:47 +01:00
|
|
|
|
AsyncBioAllowWrite(test_state->async_bio, 1);
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return true;
|
2015-02-16 08:57:55 +00:00
|
|
|
|
case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: {
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey =
|
|
|
|
|
LoadPrivateKey(GetTestConfig(ssl)->send_channel_id);
|
2015-02-16 08:57:55 +00:00
|
|
|
|
if (!pkey) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2015-02-16 08:57:55 +00:00
|
|
|
|
}
|
2015-04-03 08:47:47 +01:00
|
|
|
|
test_state->channel_id = std::move(pkey);
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return true;
|
2015-02-16 08:57:55 +00:00
|
|
|
|
}
|
2015-02-09 08:13:35 +00:00
|
|
|
|
case SSL_ERROR_WANT_X509_LOOKUP:
|
2015-04-03 08:47:47 +01:00
|
|
|
|
test_state->cert_ready = true;
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return true;
|
2015-02-09 09:28:16 +00:00
|
|
|
|
case SSL_ERROR_PENDING_SESSION:
|
2015-04-03 08:47:47 +01:00
|
|
|
|
test_state->session = std::move(test_state->pending_session);
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return true;
|
2015-02-24 06:23:21 +00:00
|
|
|
|
case SSL_ERROR_PENDING_CERTIFICATE:
|
|
|
|
|
// The handshake will resume without a second call to the early callback.
|
|
|
|
|
return InstallCertificate(ssl);
|
2015-05-29 22:11:21 +01:00
|
|
|
|
case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:
|
2015-08-07 22:07:52 +01:00
|
|
|
|
test_state->private_key_retries++;
|
2015-05-29 22:11:21 +01:00
|
|
|
|
return true;
|
2015-02-09 08:04:34 +00:00
|
|
|
|
default:
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-03 08:47:47 +01:00
|
|
|
|
// DoRead reads from |ssl|, resolving any asynchronous operations. It returns
|
|
|
|
|
// the result value of the final |SSL_read| call.
|
|
|
|
|
static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2015-11-02 22:16:13 +00:00
|
|
|
|
TestState *test_state = GetTestState(ssl);
|
2015-04-03 08:47:47 +01:00
|
|
|
|
int ret;
|
|
|
|
|
do {
|
2015-11-02 22:16:13 +00:00
|
|
|
|
if (config->async) {
|
|
|
|
|
// The DTLS retransmit logic silently ignores write failures. So the test
|
|
|
|
|
// may progress, allow writes through synchronously. |SSL_read| may
|
|
|
|
|
// trigger a retransmit, so disconnect the write quota.
|
|
|
|
|
AsyncBioEnforceWriteQuota(test_state->async_bio, false);
|
|
|
|
|
}
|
2016-09-19 18:08:16 +01:00
|
|
|
|
ret = config->peek_then_read ? SSL_peek(ssl, out, max_out)
|
|
|
|
|
: SSL_read(ssl, out, max_out);
|
2015-11-02 22:16:13 +00:00
|
|
|
|
if (config->async) {
|
|
|
|
|
AsyncBioEnforceWriteQuota(test_state->async_bio, true);
|
|
|
|
|
}
|
2015-04-03 08:47:47 +01:00
|
|
|
|
} while (config->async && RetryAsync(ssl, ret));
|
2016-09-19 18:08:16 +01:00
|
|
|
|
|
|
|
|
|
if (config->peek_then_read && ret > 0) {
|
|
|
|
|
std::unique_ptr<uint8_t[]> buf(new uint8_t[static_cast<size_t>(ret)]);
|
|
|
|
|
|
|
|
|
|
// SSL_peek should synchronously return the same data.
|
|
|
|
|
int ret2 = SSL_peek(ssl, buf.get(), ret);
|
|
|
|
|
if (ret2 != ret ||
|
|
|
|
|
memcmp(buf.get(), out, ret) != 0) {
|
|
|
|
|
fprintf(stderr, "First and second SSL_peek did not match.\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SSL_read should synchronously return the same data and consume it.
|
|
|
|
|
ret2 = SSL_read(ssl, buf.get(), ret);
|
|
|
|
|
if (ret2 != ret ||
|
|
|
|
|
memcmp(buf.get(), out, ret) != 0) {
|
|
|
|
|
fprintf(stderr, "SSL_peek and SSL_read did not match.\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-03 08:47:47 +01:00
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous
|
|
|
|
|
// operations. It returns the result of the final |SSL_write| call.
|
|
|
|
|
static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2015-04-03 08:47:47 +01:00
|
|
|
|
int ret;
|
|
|
|
|
do {
|
|
|
|
|
ret = SSL_write(ssl, in, in_len);
|
|
|
|
|
if (ret > 0) {
|
|
|
|
|
in += ret;
|
|
|
|
|
in_len -= ret;
|
|
|
|
|
}
|
|
|
|
|
} while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0));
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-30 03:56:45 +01:00
|
|
|
|
// DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It
|
|
|
|
|
// returns the result of the final |SSL_shutdown| call.
|
|
|
|
|
static int DoShutdown(SSL *ssl) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2015-08-30 03:56:45 +01:00
|
|
|
|
int ret;
|
|
|
|
|
do {
|
|
|
|
|
ret = SSL_shutdown(ssl);
|
|
|
|
|
} while (config->async && RetryAsync(ssl, ret));
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-26 23:03:08 +01:00
|
|
|
|
// DoSendFatalAlert calls |SSL_send_fatal_alert|, resolving any asynchronous
|
|
|
|
|
// operations. It returns the result of the final |SSL_send_fatal_alert| call.
|
|
|
|
|
static int DoSendFatalAlert(SSL *ssl, uint8_t alert) {
|
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
|
|
|
|
int ret;
|
|
|
|
|
do {
|
|
|
|
|
ret = SSL_send_fatal_alert(ssl, alert);
|
|
|
|
|
} while (config->async && RetryAsync(ssl, ret));
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-27 16:10:52 +01:00
|
|
|
|
static uint16_t GetProtocolVersion(const SSL *ssl) {
|
|
|
|
|
uint16_t version = SSL_version(ssl);
|
|
|
|
|
if (!SSL_is_dtls(ssl)) {
|
|
|
|
|
return version;
|
|
|
|
|
}
|
|
|
|
|
return 0x0201 + ~version;
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-18 23:35:46 +01:00
|
|
|
|
// CheckHandshakeProperties checks, immediately after |ssl| completes its
|
|
|
|
|
// initial handshake (or False Starts), whether all the properties are
|
|
|
|
|
// consistent with the test configuration and invariants.
|
|
|
|
|
static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
|
2016-05-21 01:12:42 +01:00
|
|
|
|
const TestConfig *config = GetTestConfig(ssl);
|
2015-06-18 23:35:46 +01:00
|
|
|
|
|
|
|
|
|
if (SSL_get_current_cipher(ssl) == nullptr) {
|
|
|
|
|
fprintf(stderr, "null cipher after handshake\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (is_resume &&
|
|
|
|
|
(!!SSL_session_reused(ssl) == config->expect_session_miss)) {
|
|
|
|
|
fprintf(stderr, "session was%s reused\n",
|
|
|
|
|
SSL_session_reused(ssl) ? "" : " not");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool expect_handshake_done = is_resume || !config->false_start;
|
|
|
|
|
if (expect_handshake_done != GetTestState(ssl)->handshake_done) {
|
|
|
|
|
fprintf(stderr, "handshake was%s completed\n",
|
|
|
|
|
GetTestState(ssl)->handshake_done ? "" : " not");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-18 23:36:15 +01:00
|
|
|
|
if (expect_handshake_done && !config->is_server) {
|
|
|
|
|
bool expect_new_session =
|
|
|
|
|
!config->expect_no_session &&
|
2016-07-11 18:19:03 +01:00
|
|
|
|
(!SSL_session_reused(ssl) || config->expect_ticket_renewal) &&
|
2016-07-27 16:10:52 +01:00
|
|
|
|
// Session tickets are sent post-handshake in TLS 1.3.
|
|
|
|
|
GetProtocolVersion(ssl) < TLS1_3_VERSION;
|
2015-06-18 23:36:15 +01:00
|
|
|
|
if (expect_new_session != GetTestState(ssl)->got_new_session) {
|
|
|
|
|
fprintf(stderr,
|
2015-10-23 22:41:12 +01:00
|
|
|
|
"new session was%s cached, but we expected the opposite\n",
|
2015-06-18 23:36:15 +01:00
|
|
|
|
GetTestState(ssl)->got_new_session ? "" : " not");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-18 23:35:46 +01:00
|
|
|
|
if (config->is_server && !GetTestState(ssl)->early_callback_called) {
|
|
|
|
|
fprintf(stderr, "early callback not called\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!config->expected_server_name.empty()) {
|
|
|
|
|
const char *server_name =
|
|
|
|
|
SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
|
|
|
if (server_name != config->expected_server_name) {
|
|
|
|
|
fprintf(stderr, "servername mismatch (got %s; want %s)\n",
|
|
|
|
|
server_name, config->expected_server_name.c_str());
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!config->expected_certificate_types.empty()) {
|
2015-08-09 15:42:33 +01:00
|
|
|
|
const uint8_t *certificate_types;
|
|
|
|
|
size_t certificate_types_len =
|
2015-06-18 23:35:46 +01:00
|
|
|
|
SSL_get0_certificate_types(ssl, &certificate_types);
|
2015-08-09 15:42:33 +01:00
|
|
|
|
if (certificate_types_len != config->expected_certificate_types.size() ||
|
2015-06-18 23:35:46 +01:00
|
|
|
|
memcmp(certificate_types,
|
|
|
|
|
config->expected_certificate_types.data(),
|
2015-08-09 15:42:33 +01:00
|
|
|
|
certificate_types_len) != 0) {
|
2015-06-18 23:35:46 +01:00
|
|
|
|
fprintf(stderr, "certificate types mismatch\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!config->expected_next_proto.empty()) {
|
|
|
|
|
const uint8_t *next_proto;
|
|
|
|
|
unsigned next_proto_len;
|
|
|
|
|
SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
|
|
|
|
|
if (next_proto_len != config->expected_next_proto.size() ||
|
|
|
|
|
memcmp(next_proto, config->expected_next_proto.data(),
|
|
|
|
|
next_proto_len) != 0) {
|
|
|
|
|
fprintf(stderr, "negotiated next proto mismatch\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!config->expected_alpn.empty()) {
|
|
|
|
|
const uint8_t *alpn_proto;
|
|
|
|
|
unsigned alpn_proto_len;
|
|
|
|
|
SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len);
|
|
|
|
|
if (alpn_proto_len != config->expected_alpn.size() ||
|
|
|
|
|
memcmp(alpn_proto, config->expected_alpn.data(),
|
|
|
|
|
alpn_proto_len) != 0) {
|
|
|
|
|
fprintf(stderr, "negotiated alpn proto mismatch\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!config->expected_channel_id.empty()) {
|
|
|
|
|
uint8_t channel_id[64];
|
|
|
|
|
if (!SSL_get_tls_channel_id(ssl, channel_id, sizeof(channel_id))) {
|
|
|
|
|
fprintf(stderr, "no channel id negotiated\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (config->expected_channel_id.size() != 64 ||
|
|
|
|
|
memcmp(config->expected_channel_id.data(),
|
|
|
|
|
channel_id, 64) != 0) {
|
|
|
|
|
fprintf(stderr, "channel id mismatch\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (config->expect_extended_master_secret) {
|
2016-07-14 02:07:29 +01:00
|
|
|
|
if (!SSL_get_extms_support(ssl)) {
|
|
|
|
|
fprintf(stderr, "No EMS for connection when expected");
|
2015-06-18 23:35:46 +01:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!config->expected_ocsp_response.empty()) {
|
|
|
|
|
const uint8_t *data;
|
|
|
|
|
size_t len;
|
|
|
|
|
SSL_get0_ocsp_response(ssl, &data, &len);
|
|
|
|
|
if (config->expected_ocsp_response.size() != len ||
|
|
|
|
|
memcmp(config->expected_ocsp_response.data(), data, len) != 0) {
|
|
|
|
|
fprintf(stderr, "OCSP response mismatch\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!config->expected_signed_cert_timestamps.empty()) {
|
|
|
|
|
const uint8_t *data;
|
|
|
|
|
size_t len;
|
|
|
|
|
SSL_get0_signed_cert_timestamp_list(ssl, &data, &len);
|
|
|
|
|
if (config->expected_signed_cert_timestamps.size() != len ||
|
|
|
|
|
memcmp(config->expected_signed_cert_timestamps.data(),
|
|
|
|
|
data, len) != 0) {
|
|
|
|
|
fprintf(stderr, "SCT list mismatch\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-18 12:21:54 +01:00
|
|
|
|
if (config->expect_verify_result) {
|
|
|
|
|
int expected_verify_result = config->verify_fail ?
|
|
|
|
|
X509_V_ERR_APPLICATION_VERIFICATION :
|
|
|
|
|
X509_V_OK;
|
|
|
|
|
|
|
|
|
|
if (SSL_get_verify_result(ssl) != expected_verify_result) {
|
|
|
|
|
fprintf(stderr, "Wrong certificate verification result\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-21 23:19:24 +01:00
|
|
|
|
if (config->expect_peer_signature_algorithm != 0 &&
|
|
|
|
|
config->expect_peer_signature_algorithm !=
|
|
|
|
|
SSL_get_peer_signature_algorithm(ssl)) {
|
|
|
|
|
fprintf(stderr, "Peer signature algorithm was %04x, wanted %04x.\n",
|
|
|
|
|
SSL_get_peer_signature_algorithm(ssl),
|
|
|
|
|
config->expect_peer_signature_algorithm);
|
2015-11-02 17:02:20 +00:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-30 19:55:33 +01:00
|
|
|
|
if (config->expect_curve_id != 0) {
|
|
|
|
|
uint16_t curve_id = SSL_get_curve_id(ssl);
|
|
|
|
|
if (static_cast<uint16_t>(config->expect_curve_id) != curve_id) {
|
|
|
|
|
fprintf(stderr, "curve_id was %04x, wanted %04x\n", curve_id,
|
|
|
|
|
static_cast<uint16_t>(config->expect_curve_id));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (config->expect_dhe_group_size != 0) {
|
|
|
|
|
unsigned dhe_group_size = SSL_get_dhe_group_size(ssl);
|
|
|
|
|
if (static_cast<unsigned>(config->expect_dhe_group_size) !=
|
|
|
|
|
dhe_group_size) {
|
|
|
|
|
fprintf(stderr, "dhe_group_size was %u, wanted %d\n", dhe_group_size,
|
|
|
|
|
config->expect_dhe_group_size);
|
2015-12-19 19:23:26 +00:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-03 19:14:47 +01:00
|
|
|
|
if (!config->psk.empty()) {
|
|
|
|
|
if (SSL_get_peer_cert_chain(ssl) != nullptr) {
|
|
|
|
|
fprintf(stderr, "Received peer certificate on a PSK cipher.\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
} else if (!config->is_server || config->require_any_client_certificate) {
|
|
|
|
|
if (SSL_get_peer_cert_chain(ssl) == nullptr) {
|
|
|
|
|
fprintf(stderr, "Received no peer certificate but expected one.\n");
|
2015-06-18 23:35:46 +01:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-08-03 19:14:47 +01:00
|
|
|
|
|
2015-06-18 23:35:46 +01:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
|
// DoExchange runs a test SSL exchange against the peer. On success, it returns
|
|
|
|
|
// true and sets |*out_session| to the negotiated SSL session. If the test is a
|
|
|
|
|
// resumption attempt, |is_resume| is true and |session| is the session from the
|
|
|
|
|
// previous exchange.
|
2016-08-18 04:10:28 +01:00
|
|
|
|
static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
|
|
|
|
|
SSL_CTX *ssl_ctx, const TestConfig *config,
|
|
|
|
|
bool is_resume, SSL_SESSION *session) {
|
|
|
|
|
bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx));
|
2015-02-09 07:37:18 +00:00
|
|
|
|
if (!ssl) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
|
|
|
|
|
2016-05-21 01:12:42 +01:00
|
|
|
|
if (!SetTestConfig(ssl.get(), config) ||
|
2015-02-09 18:03:50 +00:00
|
|
|
|
!SetTestState(ssl.get(), std::unique_ptr<TestState>(new TestState))) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-11-18 01:26:55 +00:00
|
|
|
|
}
|
2014-08-12 00:51:50 +01:00
|
|
|
|
|
2015-02-20 21:03:16 +00:00
|
|
|
|
if (config->fallback_scsv &&
|
|
|
|
|
!SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) {
|
|
|
|
|
return false;
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
2016-03-10 14:15:01 +00:00
|
|
|
|
if (!config->use_early_callback && !config->use_old_client_cert_callback) {
|
2015-02-24 06:23:21 +00:00
|
|
|
|
if (config->async) {
|
|
|
|
|
SSL_set_cert_cb(ssl.get(), CertCallback, NULL);
|
|
|
|
|
} else if (!InstallCertificate(ssl.get())) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
2014-08-12 00:51:50 +01:00
|
|
|
|
if (config->require_any_client_certificate) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
2015-08-18 12:21:54 +01:00
|
|
|
|
NULL);
|
|
|
|
|
}
|
|
|
|
|
if (config->verify_peer) {
|
|
|
|
|
SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
|
|
|
|
if (config->false_start) {
|
2015-02-17 00:16:46 +00:00
|
|
|
|
SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_FALSE_START);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
|
|
|
|
if (config->cbc_record_splitting) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_mode(ssl.get(), SSL_MODE_CBC_RECORD_SPLITTING);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
|
|
|
|
if (config->partial_write) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
2016-05-24 17:31:07 +01:00
|
|
|
|
if (config->no_tls13) {
|
|
|
|
|
SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3);
|
|
|
|
|
}
|
2014-08-12 00:51:50 +01:00
|
|
|
|
if (config->no_tls12) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
|
|
|
|
if (config->no_tls11) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
|
|
|
|
if (config->no_tls1) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
|
|
|
|
if (config->no_ssl3) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3);
|
2014-08-12 00:51:50 +01:00
|
|
|
|
}
|
2016-07-11 18:19:03 +01:00
|
|
|
|
if (!config->expected_channel_id.empty() ||
|
|
|
|
|
config->enable_channel_id) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_enable_tls_channel_id(ssl.get());
|
2014-08-24 06:46:07 +01:00
|
|
|
|
}
|
|
|
|
|
if (!config->send_channel_id.empty()) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_enable_tls_channel_id(ssl.get());
|
2015-02-09 08:04:34 +00:00
|
|
|
|
if (!config->async) {
|
2015-02-09 17:59:46 +00:00
|
|
|
|
// The async case will be supplied by |ChannelIdCallback|.
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey = LoadPrivateKey(config->send_channel_id);
|
2015-02-09 08:04:34 +00:00
|
|
|
|
if (!pkey || !SSL_set1_tls_channel_id(ssl.get(), pkey.get())) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2015-02-09 08:04:34 +00:00
|
|
|
|
}
|
2014-08-24 06:46:07 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
2015-02-16 08:57:55 +00:00
|
|
|
|
if (!config->host_name.empty() &&
|
|
|
|
|
!SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-09-06 17:45:15 +01:00
|
|
|
|
}
|
2015-02-16 08:57:55 +00:00
|
|
|
|
if (!config->advertise_alpn.empty() &&
|
|
|
|
|
SSL_set_alpn_protos(ssl.get(),
|
|
|
|
|
(const uint8_t *)config->advertise_alpn.data(),
|
|
|
|
|
config->advertise_alpn.size()) != 0) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-09-06 17:58:58 +01:00
|
|
|
|
}
|
2014-10-27 05:06:24 +00:00
|
|
|
|
if (!config->psk.empty()) {
|
2015-02-09 17:59:46 +00:00
|
|
|
|
SSL_set_psk_client_callback(ssl.get(), PskClientCallback);
|
|
|
|
|
SSL_set_psk_server_callback(ssl.get(), PskServerCallback);
|
2014-10-27 05:06:24 +00:00
|
|
|
|
}
|
2014-11-25 06:55:35 +00:00
|
|
|
|
if (!config->psk_identity.empty() &&
|
2015-02-09 07:37:18 +00:00
|
|
|
|
!SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-10-27 05:06:24 +00:00
|
|
|
|
}
|
2014-11-25 06:55:35 +00:00
|
|
|
|
if (!config->srtp_profiles.empty() &&
|
2015-02-09 07:37:18 +00:00
|
|
|
|
!SSL_set_srtp_profiles(ssl.get(), config->srtp_profiles.c_str())) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-11-25 06:55:35 +00:00
|
|
|
|
}
|
|
|
|
|
if (config->enable_ocsp_stapling &&
|
2015-02-09 07:37:18 +00:00
|
|
|
|
!SSL_enable_ocsp_stapling(ssl.get())) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-11-25 06:55:35 +00:00
|
|
|
|
}
|
|
|
|
|
if (config->enable_signed_cert_timestamps &&
|
2015-02-09 07:37:18 +00:00
|
|
|
|
!SSL_enable_signed_cert_timestamps(ssl.get())) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-11-16 00:06:08 +00:00
|
|
|
|
}
|
2016-09-20 00:57:37 +01:00
|
|
|
|
if (config->min_version != 0 &&
|
2016-09-20 20:12:23 +01:00
|
|
|
|
!SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) {
|
2016-09-20 00:57:37 +01:00
|
|
|
|
return false;
|
2014-12-12 23:17:51 +00:00
|
|
|
|
}
|
2016-09-20 00:57:37 +01:00
|
|
|
|
if (config->max_version != 0 &&
|
2016-09-20 20:12:23 +01:00
|
|
|
|
!SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) {
|
2016-09-20 00:57:37 +01:00
|
|
|
|
return false;
|
2014-12-12 23:17:51 +00:00
|
|
|
|
}
|
2015-01-11 21:29:36 +00:00
|
|
|
|
if (config->mtu != 0) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU);
|
|
|
|
|
SSL_set_mtu(ssl.get(), config->mtu);
|
2015-01-11 21:29:36 +00:00
|
|
|
|
}
|
2015-02-21 00:04:00 +00:00
|
|
|
|
if (config->install_ddos_callback) {
|
|
|
|
|
SSL_CTX_set_dos_protection_cb(ssl_ctx, DDoSCallback);
|
|
|
|
|
}
|
2015-10-13 00:54:18 +01:00
|
|
|
|
if (config->renegotiate_once) {
|
|
|
|
|
SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_once);
|
|
|
|
|
}
|
|
|
|
|
if (config->renegotiate_freely) {
|
|
|
|
|
SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely);
|
2015-04-09 00:16:58 +01:00
|
|
|
|
}
|
2015-11-03 21:34:10 +00:00
|
|
|
|
if (config->renegotiate_ignore) {
|
|
|
|
|
SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_ignore);
|
|
|
|
|
}
|
2015-08-30 03:56:45 +01:00
|
|
|
|
if (!config->check_close_notify) {
|
|
|
|
|
SSL_set_quiet_shutdown(ssl.get(), 1);
|
|
|
|
|
}
|
2015-10-26 17:33:21 +00:00
|
|
|
|
if (config->disable_npn) {
|
|
|
|
|
SSL_set_options(ssl.get(), SSL_OP_DISABLE_NPN);
|
|
|
|
|
}
|
2015-11-02 17:11:35 +00:00
|
|
|
|
if (config->p384_only) {
|
|
|
|
|
int nid = NID_secp384r1;
|
|
|
|
|
if (!SSL_set1_curves(ssl.get(), &nid, 1)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-12-19 01:55:44 +00:00
|
|
|
|
if (config->enable_all_curves) {
|
|
|
|
|
static const int kAllCurves[] = {
|
2016-05-25 20:06:05 +01:00
|
|
|
|
NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_X25519,
|
2015-12-19 01:55:44 +00:00
|
|
|
|
};
|
|
|
|
|
if (!SSL_set1_curves(ssl.get(), kAllCurves,
|
2016-08-17 21:56:14 +01:00
|
|
|
|
OPENSSL_ARRAY_SIZE(kAllCurves))) {
|
2015-12-19 01:55:44 +00:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-05-11 03:30:28 +01:00
|
|
|
|
if (config->initial_timeout_duration_ms > 0) {
|
|
|
|
|
DTLSv1_set_initial_timeout_duration(ssl.get(),
|
|
|
|
|
config->initial_timeout_duration_ms);
|
|
|
|
|
}
|
2014-07-02 00:53:04 +01:00
|
|
|
|
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
|
int sock = Connect(config->port);
|
|
|
|
|
if (sock == -1) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
SocketCloser closer(sock);
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_NOCLOSE));
|
2015-02-09 07:37:18 +00:00
|
|
|
|
if (!bio) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-08-05 07:28:57 +01:00
|
|
|
|
}
|
2014-08-11 23:43:38 +01:00
|
|
|
|
if (config->is_dtls) {
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<BIO> packeted = PacketedBioCreate(!config->async);
|
2016-03-28 14:59:10 +01:00
|
|
|
|
if (!packeted) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2016-06-02 19:58:00 +01:00
|
|
|
|
GetTestState(ssl.get())->packeted_bio = packeted.get();
|
2015-02-09 07:37:18 +00:00
|
|
|
|
BIO_push(packeted.get(), bio.release());
|
|
|
|
|
bio = std::move(packeted);
|
2014-08-11 23:43:38 +01:00
|
|
|
|
}
|
2014-08-12 00:51:50 +01:00
|
|
|
|
if (config->async) {
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<BIO> async_scoped =
|
2015-02-09 17:59:46 +00:00
|
|
|
|
config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate();
|
2016-03-28 14:59:10 +01:00
|
|
|
|
if (!async_scoped) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2015-02-09 07:37:18 +00:00
|
|
|
|
BIO_push(async_scoped.get(), bio.release());
|
2015-04-03 08:47:47 +01:00
|
|
|
|
GetTestState(ssl.get())->async_bio = async_scoped.get();
|
2015-02-09 07:37:18 +00:00
|
|
|
|
bio = std::move(async_scoped);
|
2014-08-05 07:28:57 +01:00
|
|
|
|
}
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_bio(ssl.get(), bio.get(), bio.get());
|
|
|
|
|
bio.release(); // SSL_set_bio takes ownership.
|
2014-08-05 07:28:57 +01:00
|
|
|
|
|
2014-07-23 00:20:02 +01:00
|
|
|
|
if (session != NULL) {
|
2015-02-09 09:28:16 +00:00
|
|
|
|
if (!config->is_server) {
|
|
|
|
|
if (SSL_set_session(ssl.get(), session) != 1) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2015-02-09 09:28:16 +00:00
|
|
|
|
}
|
|
|
|
|
} else if (config->async) {
|
|
|
|
|
// The internal session cache is disabled, so install the session
|
|
|
|
|
// manually.
|
2016-08-05 15:51:43 +01:00
|
|
|
|
SSL_SESSION_up_ref(session);
|
|
|
|
|
GetTestState(ssl.get())->pending_session.reset(session);
|
2014-07-23 00:20:02 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-13 18:19:42 +01:00
|
|
|
|
if (SSL_get_current_cipher(ssl.get()) != nullptr) {
|
|
|
|
|
fprintf(stderr, "non-null cipher before handshake\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-23 00:20:02 +01:00
|
|
|
|
int ret;
|
2015-02-09 00:33:25 +00:00
|
|
|
|
if (config->implicit_handshake) {
|
2014-08-12 00:51:50 +01:00
|
|
|
|
if (config->is_server) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_accept_state(ssl.get());
|
2014-08-05 07:28:57 +01:00
|
|
|
|
} else {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
SSL_set_connect_state(ssl.get());
|
2014-08-05 07:28:57 +01:00
|
|
|
|
}
|
2015-02-09 00:33:25 +00:00
|
|
|
|
} else {
|
|
|
|
|
do {
|
|
|
|
|
if (config->is_server) {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
ret = SSL_accept(ssl.get());
|
2015-02-09 00:33:25 +00:00
|
|
|
|
} else {
|
2015-02-09 07:37:18 +00:00
|
|
|
|
ret = SSL_connect(ssl.get());
|
2015-02-09 00:33:25 +00:00
|
|
|
|
}
|
2015-04-03 08:47:47 +01:00
|
|
|
|
} while (config->async && RetryAsync(ssl.get(), ret));
|
2015-06-18 23:35:46 +01:00
|
|
|
|
if (ret != 1 ||
|
|
|
|
|
!CheckHandshakeProperties(ssl.get(), is_resume)) {
|
2015-05-13 18:19:42 +01:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-18 23:36:15 +01:00
|
|
|
|
// Reset the state to assert later that the callback isn't called in
|
|
|
|
|
// renegotations.
|
|
|
|
|
GetTestState(ssl.get())->got_new_session = false;
|
2014-11-25 06:55:35 +00:00
|
|
|
|
}
|
|
|
|
|
|
2015-04-03 09:06:36 +01:00
|
|
|
|
if (config->export_keying_material > 0) {
|
|
|
|
|
std::vector<uint8_t> result(
|
|
|
|
|
static_cast<size_t>(config->export_keying_material));
|
|
|
|
|
if (!SSL_export_keying_material(
|
|
|
|
|
ssl.get(), result.data(), result.size(),
|
|
|
|
|
config->export_label.data(), config->export_label.size(),
|
|
|
|
|
reinterpret_cast<const uint8_t*>(config->export_context.data()),
|
|
|
|
|
config->export_context.size(), config->use_export_context)) {
|
|
|
|
|
fprintf(stderr, "failed to export keying material\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (WriteAll(ssl.get(), result.data(), result.size()) < 0) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-03 17:57:23 +01:00
|
|
|
|
if (config->tls_unique) {
|
|
|
|
|
uint8_t tls_unique[16];
|
|
|
|
|
size_t tls_unique_len;
|
|
|
|
|
if (!SSL_get_tls_unique(ssl.get(), tls_unique, &tls_unique_len,
|
|
|
|
|
sizeof(tls_unique))) {
|
|
|
|
|
fprintf(stderr, "failed to get tls-unique\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (tls_unique_len != 12) {
|
|
|
|
|
fprintf(stderr, "expected 12 bytes of tls-unique but got %u",
|
|
|
|
|
static_cast<unsigned>(tls_unique_len));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (WriteAll(ssl.get(), tls_unique, tls_unique_len) < 0) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-26 23:03:08 +01:00
|
|
|
|
if (config->send_alert) {
|
|
|
|
|
if (DoSendFatalAlert(ssl.get(), SSL_AD_DECOMPRESSION_FAILURE) < 0) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-12 00:51:50 +01:00
|
|
|
|
if (config->write_different_record_sizes) {
|
2014-08-11 23:43:38 +01:00
|
|
|
|
if (config->is_dtls) {
|
|
|
|
|
fprintf(stderr, "write_different_record_sizes not supported for DTLS\n");
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-08-11 23:43:38 +01:00
|
|
|
|
}
|
2014-08-05 23:23:37 +01:00
|
|
|
|
// This mode writes a number of different record sizes in an attempt to
|
|
|
|
|
// trip up the CBC record splitting code.
|
2015-06-19 05:32:44 +01:00
|
|
|
|
static const size_t kBufLen = 32769;
|
|
|
|
|
std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
|
|
|
|
|
memset(buf.get(), 0x42, kBufLen);
|
2014-08-05 23:23:37 +01:00
|
|
|
|
static const size_t kRecordSizes[] = {
|
|
|
|
|
0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769};
|
2016-08-17 21:56:14 +01:00
|
|
|
|
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) {
|
2014-08-05 23:23:37 +01:00
|
|
|
|
const size_t len = kRecordSizes[i];
|
2015-06-19 05:32:44 +01:00
|
|
|
|
if (len > kBufLen) {
|
2014-08-05 23:23:37 +01:00
|
|
|
|
fprintf(stderr, "Bad kRecordSizes value.\n");
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-08-05 23:23:37 +01:00
|
|
|
|
}
|
2015-06-19 05:32:44 +01:00
|
|
|
|
if (WriteAll(ssl.get(), buf.get(), len) < 0) {
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
2014-08-05 23:23:37 +01:00
|
|
|
|
} else {
|
2014-08-24 08:47:07 +01:00
|
|
|
|
if (config->shim_writes_first) {
|
2015-04-03 08:47:47 +01:00
|
|
|
|
if (WriteAll(ssl.get(), reinterpret_cast<const uint8_t *>("hello"),
|
|
|
|
|
5) < 0) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2014-08-24 08:47:07 +01:00
|
|
|
|
}
|
2015-08-30 03:56:45 +01:00
|
|
|
|
if (!config->shim_shuts_down) {
|
|
|
|
|
for (;;) {
|
2015-09-09 18:22:00 +01:00
|
|
|
|
static const size_t kBufLen = 16384;
|
|
|
|
|
std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
|
|
|
|
|
|
2015-09-01 15:23:00 +01:00
|
|
|
|
// Read only 512 bytes at a time in TLS to ensure records may be
|
|
|
|
|
// returned in multiple reads.
|
2015-09-09 18:22:00 +01:00
|
|
|
|
int n = DoRead(ssl.get(), buf.get(), config->is_dtls ? kBufLen : 512);
|
2015-08-30 03:56:45 +01:00
|
|
|
|
int err = SSL_get_error(ssl.get(), n);
|
|
|
|
|
if (err == SSL_ERROR_ZERO_RETURN ||
|
|
|
|
|
(n == 0 && err == SSL_ERROR_SYSCALL)) {
|
|
|
|
|
if (n != 0) {
|
|
|
|
|
fprintf(stderr, "Invalid SSL_get_error output\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
// Stop on either clean or unclean shutdown.
|
|
|
|
|
break;
|
|
|
|
|
} else if (err != SSL_ERROR_NONE) {
|
|
|
|
|
if (n > 0) {
|
|
|
|
|
fprintf(stderr, "Invalid SSL_get_error output\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2015-01-22 21:06:11 +00:00
|
|
|
|
}
|
2015-08-30 03:56:45 +01:00
|
|
|
|
// Successfully read data.
|
|
|
|
|
if (n <= 0) {
|
2015-01-22 21:06:11 +00:00
|
|
|
|
fprintf(stderr, "Invalid SSL_get_error output\n");
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return false;
|
2015-01-22 21:06:11 +00:00
|
|
|
|
}
|
2015-04-03 00:57:35 +01:00
|
|
|
|
|
2015-08-30 03:56:45 +01:00
|
|
|
|
// After a successful read, with or without False Start, the handshake
|
|
|
|
|
// must be complete.
|
|
|
|
|
if (!GetTestState(ssl.get())->handshake_done) {
|
|
|
|
|
fprintf(stderr, "handshake was not completed after SSL_read\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2015-04-03 00:57:35 +01:00
|
|
|
|
|
2015-08-30 03:56:45 +01:00
|
|
|
|
for (int i = 0; i < n; i++) {
|
|
|
|
|
buf[i] ^= 0xff;
|
|
|
|
|
}
|
2015-09-09 18:22:00 +01:00
|
|
|
|
if (WriteAll(ssl.get(), buf.get(), n) < 0) {
|
2015-08-30 03:56:45 +01:00
|
|
|
|
return false;
|
|
|
|
|
}
|
2014-08-05 23:23:37 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
|
|
|
|
|
2015-06-18 23:36:15 +01:00
|
|
|
|
if (!config->is_server && !config->false_start &&
|
|
|
|
|
!config->implicit_handshake &&
|
2016-07-27 16:10:52 +01:00
|
|
|
|
// Session tickets are sent post-handshake in TLS 1.3.
|
|
|
|
|
GetProtocolVersion(ssl.get()) < TLS1_3_VERSION &&
|
2015-06-18 23:36:15 +01:00
|
|
|
|
GetTestState(ssl.get())->got_new_session) {
|
|
|
|
|
fprintf(stderr, "new session was established after the handshake\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-27 16:10:52 +01:00
|
|
|
|
if (GetProtocolVersion(ssl.get()) >= TLS1_3_VERSION && !config->is_server) {
|
|
|
|
|
bool expect_new_session =
|
|
|
|
|
!config->expect_no_session && !config->shim_shuts_down;
|
|
|
|
|
if (expect_new_session != GetTestState(ssl.get())->got_new_session) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"new session was%s cached, but we expected the opposite\n",
|
|
|
|
|
GetTestState(ssl.get())->got_new_session ? "" : " not");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-23 00:20:02 +01:00
|
|
|
|
if (out_session) {
|
2016-07-29 19:32:55 +01:00
|
|
|
|
*out_session = std::move(GetTestState(ssl.get())->new_session);
|
2014-07-23 00:20:02 +01:00
|
|
|
|
}
|
|
|
|
|
|
2015-08-30 03:56:45 +01:00
|
|
|
|
ret = DoShutdown(ssl.get());
|
|
|
|
|
|
|
|
|
|
if (config->shim_shuts_down && config->check_close_notify) {
|
|
|
|
|
// We initiate shutdown, so |SSL_shutdown| will return in two stages. First
|
|
|
|
|
// it returns zero when our close_notify is sent, then one when the peer's
|
|
|
|
|
// is received.
|
|
|
|
|
if (ret != 0) {
|
|
|
|
|
fprintf(stderr, "Unexpected SSL_shutdown result: %d != 0\n", ret);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
ret = DoShutdown(ssl.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ret != 1) {
|
|
|
|
|
fprintf(stderr, "Unexpected SSL_shutdown result: %d != 1\n", ret);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-13 00:49:00 +01:00
|
|
|
|
if (SSL_total_renegotiations(ssl.get()) !=
|
|
|
|
|
config->expect_total_renegotiations) {
|
|
|
|
|
fprintf(stderr, "Expected %d renegotiations, got %d\n",
|
|
|
|
|
config->expect_total_renegotiations,
|
|
|
|
|
SSL_total_renegotiations(ssl.get()));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-20 16:23:42 +00:00
|
|
|
|
return true;
|
2014-07-02 00:53:04 +01:00
|
|
|
|
}
|
2014-07-23 00:20:02 +01:00
|
|
|
|
|
2016-03-02 15:12:06 +00:00
|
|
|
|
class StderrDelimiter {
|
|
|
|
|
public:
|
|
|
|
|
~StderrDelimiter() { fprintf(stderr, "--- DONE ---\n"); }
|
|
|
|
|
};
|
|
|
|
|
|
2016-08-10 01:48:22 +01:00
|
|
|
|
static int Main(int argc, char **argv) {
|
2016-03-02 15:12:06 +00:00
|
|
|
|
// To distinguish ASan's output from ours, add a trailing message to stderr.
|
|
|
|
|
// Anything following this line will be considered an error.
|
|
|
|
|
StderrDelimiter delimiter;
|
|
|
|
|
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
|
#if defined(OPENSSL_WINDOWS)
|
|
|
|
|
/* Initialize Winsock. */
|
|
|
|
|
WORD wsa_version = MAKEWORD(2, 2);
|
|
|
|
|
WSADATA wsa_data;
|
|
|
|
|
int wsa_err = WSAStartup(wsa_version, &wsa_data);
|
|
|
|
|
if (wsa_err != 0) {
|
|
|
|
|
fprintf(stderr, "WSAStartup failed: %d\n", wsa_err);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if (wsa_data.wVersion != wsa_version) {
|
|
|
|
|
fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
#else
|
2014-07-23 00:20:02 +01:00
|
|
|
|
signal(SIGPIPE, SIG_IGN);
|
2014-07-31 23:23:51 +01:00
|
|
|
|
#endif
|
2014-07-23 00:20:02 +01:00
|
|
|
|
|
2015-10-18 04:39:22 +01:00
|
|
|
|
CRYPTO_library_init();
|
2015-02-09 08:04:34 +00:00
|
|
|
|
g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
2015-02-09 18:03:50 +00:00
|
|
|
|
g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree);
|
2015-04-03 08:47:47 +01:00
|
|
|
|
if (g_config_index < 0 || g_state_index < 0) {
|
2014-11-19 02:52:26 +00:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
2014-07-23 00:20:02 +01:00
|
|
|
|
|
2014-08-12 00:51:50 +01:00
|
|
|
|
TestConfig config;
|
|
|
|
|
if (!ParseConfig(argc - 1, argv + 1, &config)) {
|
2015-02-09 17:59:46 +00:00
|
|
|
|
return Usage(argv[0]);
|
2014-07-23 00:20:02 +01:00
|
|
|
|
}
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<SSL_CTX> ssl_ctx = SetupCtx(&config);
|
2015-02-09 07:37:18 +00:00
|
|
|
|
if (!ssl_ctx) {
|
2015-04-10 03:21:10 +01:00
|
|
|
|
ERR_print_errors_fp(stderr);
|
2014-07-23 00:20:02 +01:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<SSL_SESSION> session;
|
2016-08-17 05:51:00 +01:00
|
|
|
|
for (int i = 0; i < config.resume_count + 1; i++) {
|
|
|
|
|
bool is_resume = i > 0;
|
|
|
|
|
if (is_resume && !config.is_server && !session) {
|
|
|
|
|
fprintf(stderr, "No session to offer.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2014-07-23 00:20:02 +01:00
|
|
|
|
|
2016-08-18 04:10:28 +01:00
|
|
|
|
bssl::UniquePtr<SSL_SESSION> offer_session = std::move(session);
|
2016-08-17 05:51:00 +01:00
|
|
|
|
if (!DoExchange(&session, ssl_ctx.get(), &config, is_resume,
|
|
|
|
|
offer_session.get())) {
|
|
|
|
|
fprintf(stderr, "Connection %d failed.\n", i + 1);
|
|
|
|
|
ERR_print_errors_fp(stderr);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2014-07-23 00:20:02 +01:00
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 07:37:18 +00:00
|
|
|
|
return 0;
|
2014-07-23 00:20:02 +01:00
|
|
|
|
}
|
2016-08-10 01:48:22 +01:00
|
|
|
|
|
|
|
|
|
} // namespace bssl
|
|
|
|
|
|
|
|
|
|
int main(int argc, char **argv) {
|
|
|
|
|
return bssl::Main(argc, argv);
|
|
|
|
|
}
|