kris
/
boringssl
1
0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
748 コミット
12 ブランチ
38 MiB
 
 
 
 
 
 
ツリー: cf70188d53
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'cf70188d53' から
${ noResults }
boringssl/ssl/ssl_test.c

457 行
15 KiB
Raw Blame 履歴 

  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <stdio.h>

  16. #include <string.h>

  17. 

  18. #include <openssl/base64.h>

  19. #include <openssl/bio.h>

  20. #include <openssl/err.h>

  21. #include <openssl/ssl.h>

  22. 

  23. typedef struct {

  24.   int id;

  25.   int in_group_flag;

  26. } EXPECTED_CIPHER;

  27. 

  28. typedef struct {

  29.   /* The rule string to apply. */

  30.   const char *rule;

  31.   /* The list of expected ciphers, in order, terminated with -1. */

  32.   const EXPECTED_CIPHER *expected;

  33. } CIPHER_TEST;

  34. 

  35. /* Selecting individual ciphers should work. */

  36. static const char kRule1[] =

  37.     "ECDHE-ECDSA-CHACHA20-POLY1305:"

  38.     "ECDHE-RSA-CHACHA20-POLY1305:"

  39.     "ECDHE-ECDSA-AES128-GCM-SHA256:"

  40.     "ECDHE-RSA-AES128-GCM-SHA256";

  41. 

  42. static const EXPECTED_CIPHER kExpected1[] = {

  43.   { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 },

  44.   { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },

  45.   { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },

  46.   { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },

  47.   { -1, -1 },

  48. };

  49. 

  50. /* + reorders selected ciphers to the end, keeping their relative

  51.  * order. */

  52. static const char kRule2[] =

  53.     "ECDHE-ECDSA-CHACHA20-POLY1305:"

  54.     "ECDHE-RSA-CHACHA20-POLY1305:"

  55.     "ECDHE-ECDSA-AES128-GCM-SHA256:"

  56.     "ECDHE-RSA-AES128-GCM-SHA256:"

  57.     "+aRSA";

  58. 

  59. static const EXPECTED_CIPHER kExpected2[] = {

  60.   { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 },

  61.   { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },

  62.   { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },

  63.   { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },

  64.   { -1, -1 },

  65. };

  66. 

  67. /* ! banishes ciphers from future selections. */

  68. static const char kRule3[] =

  69.     "!aRSA:"

  70.     "ECDHE-ECDSA-CHACHA20-POLY1305:"

  71.     "ECDHE-RSA-CHACHA20-POLY1305:"

  72.     "ECDHE-ECDSA-AES128-GCM-SHA256:"

  73.     "ECDHE-RSA-AES128-GCM-SHA256";

  74. 

  75. static const EXPECTED_CIPHER kExpected3[] = {

  76.   { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 },

  77.   { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },

  78.   { -1, -1 },

  79. };

  80. 

  81. /* Multiple masks can be ANDed in a single rule. */

  82. static const char kRule4[] = "kRSA+AESGCM+AES128";

  83. 

  84. static const EXPECTED_CIPHER kExpected4[] = {

  85.   { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 },

  86.   { -1, -1 },

  87. };

  88. 

  89. /* - removes selected ciphers, but preserves their order for future

  90.  * selections. Select AES_128_GCM, but order the key exchanges RSA,

  91.  * DHE_RSA, ECDHE_RSA. */

  92. static const char kRule5[] =

  93.     "ALL:-kEECDH:-kEDH:-kRSA:-ALL:"

  94.     "AESGCM+AES128+aRSA";

  95. 

  96. static const EXPECTED_CIPHER kExpected5[] = {

  97.   { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 },

  98.   { TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0 },

  99.   { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },

  100.   { -1, -1 },

  101. };

  102. 

  103. /* Unknown selectors are no-ops. */

  104. static const char kRule6[] =

  105.     "ECDHE-ECDSA-CHACHA20-POLY1305:"

  106.     "ECDHE-RSA-CHACHA20-POLY1305:"

  107.     "ECDHE-ECDSA-AES128-GCM-SHA256:"

  108.     "ECDHE-RSA-AES128-GCM-SHA256:"

  109.     "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4";

  110. 

  111. static const EXPECTED_CIPHER kExpected6[] = {

  112.   { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 },

  113.   { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },

  114.   { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },

  115.   { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },

  116.   { -1, -1 },

  117. };

  118. 

  119. /* Square brackets specify equi-preference groups. */

  120. static const char kRule7[] =

  121.     "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"

  122.     "[ECDHE-RSA-CHACHA20-POLY1305]:"

  123.     "ECDHE-RSA-AES128-GCM-SHA256";

  124. 

  125. static const EXPECTED_CIPHER kExpected7[] = {

  126.   { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1 },

  127.   { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },

  128.   { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },

  129.   { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },

  130.   { -1, -1 },

  131. };

  132. 

  133. /* @STRENGTH performs a stable strength-sort of the selected

  134.  * ciphers and only the selected ciphers. */

  135. static const char kRule8[] =

  136.     /* To simplify things, banish all but {ECDHE_RSA,RSA} x

  137.      * {CHACHA20,AES_256_CBC,AES_128_CBC,RC4} x SHA1. */

  138.     "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"

  139.     /* Order some ciphers backwards by strength. */

  140.     "ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:"

  141.     /* Select ECDHE ones and sort them by strength. Ties should resolve

  142.      * based on the order above. */

  143.     "kEECDH:@STRENGTH:-ALL:"

  144.     /* Now bring back everything uses RSA. ECDHE_RSA should be first,

  145.      * sorted by strength. Then RSA, backwards by strength. */

  146.     "aRSA";

  147. 

  148. static const EXPECTED_CIPHER kExpected8[] = {

  149.   { TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0 },

  150.   { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },

  151.   { TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0 },

  152.   { TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0 },

  153.   { SSL3_CK_RSA_RC4_128_SHA, 0 },

  154.   { TLS1_CK_RSA_WITH_AES_128_SHA, 0 },

  155.   { TLS1_CK_RSA_WITH_AES_256_SHA, 0 },

  156.   { -1, -1 },

  157. };

  158. 

  159. static CIPHER_TEST kCipherTests[] = {

  160.   { kRule1, kExpected1 },

  161.   { kRule2, kExpected2 },

  162.   { kRule3, kExpected3 },

  163.   { kRule4, kExpected4 },

  164.   { kRule5, kExpected5 },

  165.   { kRule6, kExpected6 },

  166.   { kRule7, kExpected7 },

  167.   { kRule8, kExpected8 },

  168.   { NULL, NULL },

  169. };

  170. 

  171. static const char *kBadRules[] = {

  172.   /* Invalid brackets. */

  173.   "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",

  174.   "RSA]",

  175.   "[[RSA]]",

  176.   /* Operators inside brackets */

  177.   "[+RSA]",

  178.   /* Unknown directive. */

  179.   "@BOGUS",

  180.   /* Empty cipher lists error at SSL_CTX_set_cipher_list. */

  181.   "",

  182.   "BOGUS",

  183.   /* Invalid command. */

  184.   "?BAR",

  185.   /* Special operators are not allowed if groups are used. */

  186.   "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",

  187.   "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",

  188.   "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",

  189.   "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",

  190.   NULL,

  191. };

  192. 

  193. static void print_cipher_preference_list(

  194.     struct ssl_cipher_preference_list_st *list) {

  195.   size_t i;

  196.   int in_group = 0;

  197.   for (i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {

  198.     const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);

  199.     if (!in_group && list->in_group_flags[i]) {

  200.       fprintf(stderr, "\t[\n");

  201.       in_group = 1;

  202.     }

  203.     fprintf(stderr, "\t");

  204.     if (in_group) {

  205.       fprintf(stderr, "  ");

  206.     }

  207.     fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));

  208.     if (in_group && !list->in_group_flags[i]) {

  209.       fprintf(stderr, "\t]\n");

  210.       in_group = 0;

  211.     }

  212.   }

  213. }

  214. 

  215. static int test_cipher_rule(CIPHER_TEST *t) {

  216.   int ret = 0;

  217.   SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());

  218.   size_t i;

  219. 

  220.   if (!SSL_CTX_set_cipher_list(ctx, t->rule)) {

  221.     fprintf(stderr, "Error testing cipher rule '%s'\n", t->rule);

  222.     BIO_print_errors_fp(stderr);

  223.     goto done;

  224.   }

  225. 

  226.   /* Compare the two lists. */

  227.   for (i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {

  228.     const SSL_CIPHER *cipher =

  229.         sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);

  230.     if (t->expected[i].id != SSL_CIPHER_get_id(cipher) ||

  231.         t->expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {

  232.       fprintf(stderr, "Error: cipher rule '%s' evaluted to:\n", t->rule);

  233.       print_cipher_preference_list(ctx->cipher_list);

  234.       goto done;

  235.     }

  236.   }

  237. 

  238.   if (t->expected[i].id != -1) {

  239.     fprintf(stderr, "Error: cipher rule '%s' evaluted to:\n", t->rule);

  240.     print_cipher_preference_list(ctx->cipher_list);

  241.     goto done;

  242.   }

  243. 

  244.   ret = 1;

  245. done:

  246.   SSL_CTX_free(ctx);

  247.   return ret;

  248. }

  249. 

  250. static int test_cipher_rules(void) {

  251.   size_t i;

  252.   for (i = 0; kCipherTests[i].rule != NULL; i++) {

  253.     if (!test_cipher_rule(&kCipherTests[i])) {

  254.       return 0;

  255.     }

  256.   }

  257. 

  258.   for (i = 0; kBadRules[i] != NULL; i++) {

  259.     SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());

  260.     if (SSL_CTX_set_cipher_list(ctx, kBadRules[i])) {

  261.       fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", kBadRules[i]);

  262.       return 0;

  263.     }

  264.     ERR_clear_error();

  265.     SSL_CTX_free(ctx);

  266.   }

  267. 

  268.   return 1;

  269. }

  270. 

  271. /* kOpenSSLSession is a serialized SSL_SESSION generated from openssl

  272.  * s_client -sess_out. */

  273. static const char kOpenSSLSession[] =

  274.     "MIIFpQIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"

  275.     "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"

  276.     "IWoJoQYCBFRDO46iBAICASyjggR6MIIEdjCCA16gAwIBAgIIK9dUvsPWSlUwDQYJ"

  277.     "KoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx"

  278.     "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMDA4"

  279.     "MTIwNzU3WhcNMTUwMTA2MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK"

  280.     "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v"

  281.     "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB"

  282.     "AQUAA4IBDwAwggEKAoIBAQCcKeLrplAC+Lofy8t/wDwtB6eu72CVp0cJ4V3lknN6"

  283.     "huH9ct6FFk70oRIh/VBNBBz900jYy+7111Jm1b8iqOTQ9aT5C7SEhNcQFJvqzH3e"

  284.     "MPkb6ZSWGm1yGF7MCQTGQXF20Sk/O16FSjAynU/b3oJmOctcycWYkY0ytS/k3LBu"

  285.     "Id45PJaoMqjB0WypqvNeJHC3q5JjCB4RP7Nfx5jjHSrCMhw8lUMW4EaDxjaR9KDh"

  286.     "PLgjsk+LDIySRSRDaCQGhEOWLJZVLzLo4N6/UlctCHEllpBUSvEOyFga52qroGjg"

  287.     "rf3WOQ925MFwzd6AK+Ich0gDRg8sQfdLH5OuP1cfLfU1AgMBAAGjggFBMIIBPTAd"

  288.     "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv"

  289.     "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp"

  290.     "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50"

  291.     "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ7a+CcxsZByOpc+xpYFcIbnUMZ"

  292.     "hTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv"

  293.     "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw"

  294.     "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCa"

  295.     "OXCBdoqUy5bxyq+Wrh1zsyyCFim1PH5VU2+yvDSWrgDY8ibRGJmfff3r4Lud5kal"

  296.     "dKs9k8YlKD3ITG7P0YT/Rk8hLgfEuLcq5cc0xqmE42xJ+Eo2uzq9rYorc5emMCxf"

  297.     "5L0TJOXZqHQpOEcuptZQ4OjdYMfSxk5UzueUhA3ogZKRcRkdB3WeWRp+nYRhx4St"

  298.     "o2rt2A0MKmY9165GHUqMK9YaaXHDXqBu7Sefr1uSoAP9gyIJKeihMivsGqJ1TD6Z"

  299.     "cc6LMe+dN2P8cZEQHtD1y296ul4Mivqk3jatUVL8/hCwgch9A8O4PGZq9WqBfEWm"

  300.     "IyHh1dPtbg1lOXdYCWtjpAIEAKUDAgEUqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36S"

  301.     "YTcLEkXqKwOBfF9vE4KX0NxeLwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9B"

  302.     "sNHM362zZnY27GpTw+Kwd751CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yE"

  303.     "OTDKPNj3+inbMaVigtK4PLyPq+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdA"

  304.     "i4gv7Y5oliyn";

  305. 

  306. /* kCustomSession is a custom serialized SSL_SESSION generated by

  307.  * filling in missing fields from |kOpenSSLSession|. This includes

  308.  * providing |peer_sha256|, so |peer| is not serialized. */

  309. static const char kCustomSession[] =

  310.     "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ"

  311.     "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH"

  312.     "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE"

  313.     "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe"

  314.     "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751"

  315.     "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP"

  316.     "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG"

  317.     "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF";

  318. 

  319. static int decode_base64(uint8_t **out, size_t *out_len, const char *in) {

  320.   size_t len;

  321. 

  322.   if (!EVP_DecodedLength(&len, strlen(in))) {

  323.     fprintf(stderr, "EVP_DecodedLength failed\n");

  324.     return 0;

  325.   }

  326. 

  327.   *out = OPENSSL_malloc(len);

  328.   if (*out == NULL) {

  329.     fprintf(stderr, "malloc failed\n");

  330.     return 0;

  331.   }

  332. 

  333.   if (!EVP_DecodeBase64(*out, out_len, len, (const uint8_t *)in,

  334.                         strlen(in))) {

  335.     fprintf(stderr, "EVP_DecodeBase64 failed\n");

  336.     OPENSSL_free(*out);

  337.     *out = NULL;

  338.     return 0;

  339.   }

  340.   return 1;

  341. }

  342. 

  343. static int test_ssl_session_asn1(const char *input_b64) {

  344.   int ret = 0, len;

  345.   size_t input_len, encoded_len;

  346.   uint8_t *input = NULL, *encoded = NULL;

  347.   const uint8_t *cptr;

  348.   uint8_t *ptr;

  349.   SSL_SESSION *session = NULL;

  350. 

  351.   /* Decode the input. */

  352.   if (!decode_base64(&input, &input_len, input_b64)) {

  353.     goto done;

  354.   }

  355. 

  356.   /* Verify the SSL_SESSION decodes. */

  357.   cptr = input;

  358.   session = d2i_SSL_SESSION(NULL, &cptr, input_len);

  359.   if (session == NULL || cptr != input + input_len) {

  360.     fprintf(stderr, "d2i_SSL_SESSION failed\n");

  361.     goto done;

  362.   }

  363. 

  364.   /* Verify the SSL_SESSION encoding round-trips. */

  365.   if (!SSL_SESSION_to_bytes(session, &encoded, &encoded_len)) {

  366.     fprintf(stderr, "SSL_SESSION_to_bytes failed\n");

  367.     goto done;

  368.   }

  369.   if (encoded_len != input_len ||

  370.       memcmp(input, encoded, input_len) != 0) {

  371.     fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");

  372.     goto done;

  373.   }

  374.   OPENSSL_free(encoded);

  375.   encoded = NULL;

  376. 

  377.   /* Verify the SSL_SESSION encoding round-trips via the legacy API. */

  378.   len = i2d_SSL_SESSION(session, NULL);

  379.   if (len < 0 || (size_t)len != input_len) {

  380.     fprintf(stderr, "i2d_SSL_SESSION(NULL) returned invalid length\n");

  381.     goto done;

  382.   }

  383. 

  384.   encoded = OPENSSL_malloc(input_len);

  385.   if (encoded == NULL) {

  386.     fprintf(stderr, "malloc failed\n");

  387.     goto done;

  388.   }

  389.   ptr = encoded;

  390.   len = i2d_SSL_SESSION(session, &ptr);

  391.   if (len < 0 || (size_t)len != input_len) {

  392.     fprintf(stderr, "i2d_SSL_SESSION returned invalid length\n");

  393.     goto done;

  394.   }

  395.   if (ptr != encoded + input_len) {

  396.     fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");

  397.     goto done;

  398.   }

  399.   if (memcmp(input, encoded, input_len) != 0) {

  400.     fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");

  401.     goto done;

  402.   }

  403. 

  404.   ret = 1;

  405. 

  406.  done:

  407.   if (!ret) {

  408.     BIO_print_errors_fp(stderr);

  409.   }

  410. 

  411.   if (session) {

  412.     SSL_SESSION_free(session);

  413.   }

  414.   if (input) {

  415.     OPENSSL_free(input);

  416.   }

  417.   if (encoded) {

  418.     OPENSSL_free(encoded);

  419.   }

  420.   return ret;

  421. }

  422. 

  423. int test_default_version(uint16_t version, const SSL_METHOD *(*method)(void)) {

  424.   SSL_CTX *ctx;

  425.   int ret;

  426. 

  427.   ctx = SSL_CTX_new(method());

  428.   if (ctx == NULL) {

  429.     return 0;

  430.   }

  431. 

  432.   ret = ctx->min_version == version && ctx->max_version == version;

  433.   SSL_CTX_free(ctx);

  434.   return ret;

  435. }

  436. 

  437. int main(void) {

  438.   SSL_library_init();

  439. 

  440.   if (!test_cipher_rules() ||

  441.       !test_ssl_session_asn1(kOpenSSLSession) ||

  442.       !test_ssl_session_asn1(kCustomSession) ||

  443.       !test_default_version(0, &TLS_method) ||

  444.       !test_default_version(SSL3_VERSION, &SSLv3_method) ||

  445.       !test_default_version(TLS1_VERSION, &TLSv1_method) ||

  446.       !test_default_version(TLS1_1_VERSION, &TLSv1_1_method) ||

  447.       !test_default_version(TLS1_2_VERSION, &TLSv1_2_method) ||

  448.       !test_default_version(0, &DTLS_method) ||

  449.       !test_default_version(DTLS1_VERSION, &DTLSv1_method) ||

  450.       !test_default_version(DTLS1_2_VERSION, &DTLSv1_2_method)) {

  451.     return 1;

  452.   }

  453. 

  454.   printf("PASS\n");

  455.   return 0;

  456. }