kris
/
boringssl
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
887 Incheckningar
12 Grenar
38 MiB
 
 
 
 
 
 
Träd: d660b57208
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'd660b57208'
${ noResults }
boringssl/ssl/test/bssl_shim.cc

795 rader
22 KiB
Blame Historik 

  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <openssl/base.h>

  16. 

  17. #if !defined(OPENSSL_WINDOWS)

  18. #include <arpa/inet.h>

  19. #include <netinet/in.h>

  20. #include <signal.h>

  21. #include <sys/socket.h>

  22. #include <unistd.h>

  23. #endif

  24. 

  25. #include <string.h>

  26. #include <sys/types.h>

  27. 

  28. #include <openssl/bio.h>

  29. #include <openssl/buf.h>

  30. #include <openssl/bytestring.h>

  31. #include <openssl/ssl.h>

  32. 

  33. #include "async_bio.h"

  34. #include "packeted_bio.h"

  35. #include "test_config.h"

  36. 

  37. static int usage(const char *program) {

  38.   fprintf(stderr, "Usage: %s [flags...]\n",

  39.           program);

  40.   return 1;

  41. }

  42. 

  43. static int g_ex_data_index = 0;

  44. static int g_ex_data_clock_index = 0;

  45. 

  46. static bool SetConfigPtr(SSL *ssl, const TestConfig *config) {

  47.   return SSL_set_ex_data(ssl, g_ex_data_index, (void *)config) == 1;

  48. }

  49. 

  50. static const TestConfig *GetConfigPtr(SSL *ssl) {

  51.   return (const TestConfig *)SSL_get_ex_data(ssl, g_ex_data_index);

  52. }

  53. 

  54. static bool SetClockPtr(SSL *ssl, OPENSSL_timeval *clock) {

  55.   return SSL_set_ex_data(ssl, g_ex_data_clock_index, (void *)clock) == 1;

  56. }

  57. 

  58. static OPENSSL_timeval *GetClockPtr(SSL *ssl) {

  59.   return (OPENSSL_timeval *)SSL_get_ex_data(ssl, g_ex_data_clock_index);

  60. }

  61. 

  62. static EVP_PKEY *LoadPrivateKey(const std::string &file) {

  63.   BIO *bio = BIO_new(BIO_s_file());

  64.   if (bio == NULL) {

  65.     return NULL;

  66.   }

  67.   if (!BIO_read_filename(bio, file.c_str())) {

  68.     BIO_free(bio);

  69.     return NULL;

  70.   }

  71.   EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);

  72.   BIO_free(bio);

  73.   return pkey;

  74. }

  75. 

  76. static int early_callback_called = 0;

  77. 

  78. static int select_certificate_callback(const struct ssl_early_callback_ctx *ctx) {

  79.   early_callback_called = 1;

  80. 

  81.   const TestConfig *config = GetConfigPtr(ctx->ssl);

  82. 

  83.   if (config->expected_server_name.empty()) {

  84.     return 1;

  85.   }

  86. 

  87.   const uint8_t *extension_data;

  88.   size_t extension_len;

  89.   CBS extension, server_name_list, host_name;

  90.   uint8_t name_type;

  91. 

  92.   if (!SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,

  93.                                             &extension_data,

  94.                                             &extension_len)) {

  95.     fprintf(stderr, "Could not find server_name extension.\n");

  96.     return -1;

  97.   }

  98. 

  99.   CBS_init(&extension, extension_data, extension_len);

  100.   if (!CBS_get_u16_length_prefixed(&extension, &server_name_list) ||

  101.       CBS_len(&extension) != 0 ||

  102.       !CBS_get_u8(&server_name_list, &name_type) ||

  103.       name_type != TLSEXT_NAMETYPE_host_name ||

  104.       !CBS_get_u16_length_prefixed(&server_name_list, &host_name) ||

  105.       CBS_len(&server_name_list) != 0) {

  106.     fprintf(stderr, "Could not decode server_name extension.\n");

  107.     return -1;

  108.   }

  109. 

  110.   if (!CBS_mem_equal(&host_name,

  111.                      (const uint8_t*)config->expected_server_name.data(),

  112.                      config->expected_server_name.size())) {

  113.     fprintf(stderr, "Server name mismatch.\n");

  114.   }

  115. 

  116.   return 1;

  117. }

  118. 

  119. static int skip_verify(int preverify_ok, X509_STORE_CTX *store_ctx) {

  120.   return 1;

  121. }

  122. 

  123. static int next_protos_advertised_callback(SSL *ssl,

  124.                                            const uint8_t **out,

  125.                                            unsigned int *out_len,

  126.                                            void *arg) {

  127.   const TestConfig *config = GetConfigPtr(ssl);

  128.   if (config->advertise_npn.empty())

  129.     return SSL_TLSEXT_ERR_NOACK;

  130. 

  131.   *out = (const uint8_t*)config->advertise_npn.data();

  132.   *out_len = config->advertise_npn.size();

  133.   return SSL_TLSEXT_ERR_OK;

  134. }

  135. 

  136. static int next_proto_select_callback(SSL* ssl,

  137.                                       uint8_t** out,

  138.                                       uint8_t* outlen,

  139.                                       const uint8_t* in,

  140.                                       unsigned inlen,

  141.                                       void* arg) {

  142.   const TestConfig *config = GetConfigPtr(ssl);

  143.   if (config->select_next_proto.empty())

  144.     return SSL_TLSEXT_ERR_NOACK;

  145. 

  146.   *out = (uint8_t*)config->select_next_proto.data();

  147.   *outlen = config->select_next_proto.size();

  148.   return SSL_TLSEXT_ERR_OK;

  149. }

  150. 

  151. static int alpn_select_callback(SSL* ssl,

  152.                                 const uint8_t** out,

  153.                                 uint8_t* outlen,

  154.                                 const uint8_t* in,

  155.                                 unsigned inlen,

  156.                                 void* arg) {

  157.   const TestConfig *config = GetConfigPtr(ssl);

  158.   if (config->select_alpn.empty())

  159.     return SSL_TLSEXT_ERR_NOACK;

  160. 

  161.   if (!config->expected_advertised_alpn.empty() &&

  162.       (config->expected_advertised_alpn.size() != inlen ||

  163.        memcmp(config->expected_advertised_alpn.data(),

  164.               in, inlen) != 0)) {

  165.     fprintf(stderr, "bad ALPN select callback inputs\n");

  166.     exit(1);

  167.   }

  168. 

  169.   *out = (const uint8_t*)config->select_alpn.data();

  170.   *outlen = config->select_alpn.size();

  171.   return SSL_TLSEXT_ERR_OK;

  172. }

  173. 

  174. static int cookie_generate_callback(SSL *ssl, uint8_t *cookie, size_t *cookie_len) {

  175.   if (*cookie_len < 32) {

  176.     fprintf(stderr, "Insufficient space for cookie\n");

  177.     return 0;

  178.   }

  179.   *cookie_len = 32;

  180.   memset(cookie, 42, *cookie_len);

  181.   return 1;

  182. }

  183. 

  184. static int cookie_verify_callback(SSL *ssl, const uint8_t *cookie, size_t cookie_len) {

  185.   if (cookie_len != 32) {

  186.     fprintf(stderr, "Cookie length mismatch.\n");

  187.     return 0;

  188.   }

  189.   for (size_t i = 0; i < cookie_len; i++) {

  190.     if (cookie[i] != 42) {

  191.       fprintf(stderr, "Cookie mismatch.\n");

  192.       return 0;

  193.     }

  194.   }

  195.   return 1;

  196. }

  197. 

  198. static unsigned psk_client_callback(SSL *ssl, const char *hint,

  199.                                     char *out_identity,

  200.                                     unsigned max_identity_len,

  201.                                     uint8_t *out_psk, unsigned max_psk_len) {

  202.   const TestConfig *config = GetConfigPtr(ssl);

  203. 

  204.   if (strcmp(hint ? hint : "", config->psk_identity.c_str()) != 0) {

  205.     fprintf(stderr, "Server PSK hint did not match.\n");

  206.     return 0;

  207.   }

  208. 

  209.   // Account for the trailing '\0' for the identity.

  210.   if (config->psk_identity.size() >= max_identity_len ||

  211.       config->psk.size() > max_psk_len) {

  212.     fprintf(stderr, "PSK buffers too small\n");

  213.     return 0;

  214.   }

  215. 

  216.   BUF_strlcpy(out_identity, config->psk_identity.c_str(),

  217.               max_identity_len);

  218.   memcpy(out_psk, config->psk.data(), config->psk.size());

  219.   return config->psk.size();

  220. }

  221. 

  222. static unsigned psk_server_callback(SSL *ssl, const char *identity,

  223.                                     uint8_t *out_psk, unsigned max_psk_len) {

  224.   const TestConfig *config = GetConfigPtr(ssl);

  225. 

  226.   if (strcmp(identity, config->psk_identity.c_str()) != 0) {

  227.     fprintf(stderr, "Client PSK identity did not match.\n");

  228.     return 0;

  229.   }

  230. 

  231.   if (config->psk.size() > max_psk_len) {

  232.     fprintf(stderr, "PSK buffers too small\n");

  233.     return 0;

  234.   }

  235. 

  236.   memcpy(out_psk, config->psk.data(), config->psk.size());

  237.   return config->psk.size();

  238. }

  239. 

  240. static void current_time_cb(SSL *ssl, OPENSSL_timeval *out_clock) {

  241.   *out_clock = *GetClockPtr(ssl);

  242. }

  243. 

  244. static SSL_CTX *setup_ctx(const TestConfig *config) {

  245.   SSL_CTX *ssl_ctx = NULL;

  246.   DH *dh = NULL;

  247. 

  248.   ssl_ctx = SSL_CTX_new(config->is_dtls ? DTLS_method() : TLS_method());

  249.   if (ssl_ctx == NULL) {

  250.     goto err;

  251.   }

  252. 

  253.   if (config->is_dtls) {

  254.     // DTLS needs read-ahead to function on a datagram BIO.

  255.     //

  256.     // TODO(davidben): this should not be necessary. DTLS code should only

  257.     // expect a datagram BIO.

  258.     SSL_CTX_set_read_ahead(ssl_ctx, 1);

  259.   }

  260. 

  261.   if (!SSL_CTX_set_ecdh_auto(ssl_ctx, 1)) {

  262.     goto err;

  263.   }

  264. 

  265.   if (!SSL_CTX_set_cipher_list(ssl_ctx, "ALL")) {

  266.     goto err;

  267.   }

  268. 

  269.   dh = DH_get_2048_256(NULL);

  270.   if (dh == NULL ||

  271.       !SSL_CTX_set_tmp_dh(ssl_ctx, dh)) {

  272.     goto err;

  273.   }

  274. 

  275.   SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_BOTH);

  276. 

  277.   ssl_ctx->select_certificate_cb = select_certificate_callback;

  278. 

  279.   SSL_CTX_set_next_protos_advertised_cb(

  280.       ssl_ctx, next_protos_advertised_callback, NULL);

  281.   if (!config->select_next_proto.empty()) {

  282.     SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_callback, NULL);

  283.   }

  284. 

  285.   if (!config->select_alpn.empty()) {

  286.     SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_callback, NULL);

  287.   }

  288. 

  289.   SSL_CTX_set_cookie_generate_cb(ssl_ctx, cookie_generate_callback);

  290.   SSL_CTX_set_cookie_verify_cb(ssl_ctx, cookie_verify_callback);

  291. 

  292.   ssl_ctx->tlsext_channel_id_enabled_new = 1;

  293. 

  294.   ssl_ctx->current_time_cb = current_time_cb;

  295. 

  296.   DH_free(dh);

  297.   return ssl_ctx;

  298. 

  299.  err:

  300.   if (dh != NULL) {

  301.     DH_free(dh);

  302.   }

  303.   if (ssl_ctx != NULL) {

  304.     SSL_CTX_free(ssl_ctx);

  305.   }

  306.   return NULL;

  307. }

  308. 

  309. static int retry_async(SSL *ssl, int ret, BIO *bio,

  310.                        OPENSSL_timeval *clock_delta) {

  311.   // No error; don't retry.

  312.   if (ret >= 0) {

  313.     return 0;

  314.   }

  315. 

  316.   if (clock_delta->tv_usec != 0 || clock_delta->tv_sec != 0) {

  317.     // Process the timeout and retry.

  318.     OPENSSL_timeval *clock = GetClockPtr(ssl);

  319.     clock->tv_usec += clock_delta->tv_usec;

  320.     clock->tv_sec += clock->tv_usec / 1000000;

  321.     clock->tv_usec %= 1000000;

  322.     clock->tv_sec += clock_delta->tv_sec;

  323.     memset(clock_delta, 0, sizeof(*clock_delta));

  324. 

  325.     if (DTLSv1_handle_timeout(ssl) < 0) {

  326.       printf("Error retransmitting.\n");

  327.       return 0;

  328.     }

  329.     return 1;

  330.   }

  331. 

  332.   // See if we needed to read or write more. If so, allow one byte through on

  333.   // the appropriate end to maximally stress the state machine.

  334.   int err = SSL_get_error(ssl, ret);

  335.   if (err == SSL_ERROR_WANT_READ) {

  336.     async_bio_allow_read(bio, 1);

  337.     return 1;

  338.   } else if (err == SSL_ERROR_WANT_WRITE) {

  339.     async_bio_allow_write(bio, 1);

  340.     return 1;

  341.   }

  342.   return 0;

  343. }

  344. 

  345. static int do_exchange(SSL_SESSION **out_session,

  346.                        SSL_CTX *ssl_ctx,

  347.                        const TestConfig *config,

  348.                        bool is_resume,

  349.                        int fd,

  350.                        SSL_SESSION *session) {

  351.   early_callback_called = 0;

  352. 

  353.   OPENSSL_timeval clock = {0}, clock_delta = {0};

  354.   SSL *ssl = SSL_new(ssl_ctx);

  355.   if (ssl == NULL) {

  356.     BIO_print_errors_fp(stdout);

  357.     return 1;

  358.   }

  359. 

  360.   if (!SetConfigPtr(ssl, config) ||

  361.       !SetClockPtr(ssl, &clock)) {

  362.     BIO_print_errors_fp(stdout);

  363.     return 1;

  364.   }

  365. 

  366.   if (config->fallback_scsv) {

  367.     if (!SSL_enable_fallback_scsv(ssl)) {

  368.       BIO_print_errors_fp(stdout);

  369.       return 1;

  370.     }

  371.   }

  372.   if (!config->key_file.empty()) {

  373.     if (!SSL_use_PrivateKey_file(ssl, config->key_file.c_str(),

  374.                                  SSL_FILETYPE_PEM)) {

  375.       BIO_print_errors_fp(stdout);

  376.       return 1;

  377.     }

  378.   }

  379.   if (!config->cert_file.empty()) {

  380.     if (!SSL_use_certificate_file(ssl, config->cert_file.c_str(),

  381.                                   SSL_FILETYPE_PEM)) {

  382.       BIO_print_errors_fp(stdout);

  383.       return 1;

  384.     }

  385.   }

  386.   if (config->require_any_client_certificate) {

  387.     SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,

  388.                    skip_verify);

  389.   }

  390.   if (config->false_start) {

  391.     SSL_set_mode(ssl, SSL_MODE_HANDSHAKE_CUTTHROUGH);

  392.   }

  393.   if (config->cbc_record_splitting) {

  394.     SSL_set_mode(ssl, SSL_MODE_CBC_RECORD_SPLITTING);

  395.   }

  396.   if (config->partial_write) {

  397.     SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);

  398.   }

  399.   if (config->no_tls12) {

  400.     SSL_set_options(ssl, SSL_OP_NO_TLSv1_2);

  401.   }

  402.   if (config->no_tls11) {

  403.     SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);

  404.   }

  405.   if (config->no_tls1) {

  406.     SSL_set_options(ssl, SSL_OP_NO_TLSv1);

  407.   }

  408.   if (config->no_ssl3) {

  409.     SSL_set_options(ssl, SSL_OP_NO_SSLv3);

  410.   }

  411.   if (config->cookie_exchange) {

  412.     SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);

  413.   }

  414.   if (config->tls_d5_bug) {

  415.     SSL_set_options(ssl, SSL_OP_TLS_D5_BUG);

  416.   }

  417.   if (config->allow_unsafe_legacy_renegotiation) {

  418.     SSL_set_options(ssl, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);

  419.   }

  420.   if (!config->expected_channel_id.empty()) {

  421.     SSL_enable_tls_channel_id(ssl);

  422.   }

  423.   if (!config->send_channel_id.empty()) {

  424.     EVP_PKEY *pkey = LoadPrivateKey(config->send_channel_id);

  425.     if (pkey == NULL) {

  426.       BIO_print_errors_fp(stdout);

  427.       return 1;

  428.     }

  429.     SSL_enable_tls_channel_id(ssl);

  430.     if (!SSL_set1_tls_channel_id(ssl, pkey)) {

  431.       EVP_PKEY_free(pkey);

  432.       BIO_print_errors_fp(stdout);

  433.       return 1;

  434.     }

  435.     EVP_PKEY_free(pkey);

  436.   }

  437.   if (!config->host_name.empty()) {

  438.     SSL_set_tlsext_host_name(ssl, config->host_name.c_str());

  439.   }

  440.   if (!config->advertise_alpn.empty()) {

  441.     SSL_set_alpn_protos(ssl, (const uint8_t *)config->advertise_alpn.data(),

  442.                         config->advertise_alpn.size());

  443.   }

  444.   if (!config->psk.empty()) {

  445.     SSL_set_psk_client_callback(ssl, psk_client_callback);

  446.     SSL_set_psk_server_callback(ssl, psk_server_callback);

  447.   }

  448.   if (!config->psk_identity.empty() &&

  449.       !SSL_use_psk_identity_hint(ssl, config->psk_identity.c_str())) {

  450.     BIO_print_errors_fp(stdout);

  451.     return 1;

  452.   }

  453.   if (!config->srtp_profiles.empty() &&

  454.       !SSL_set_srtp_profiles(ssl, config->srtp_profiles.c_str())) {

  455.     BIO_print_errors_fp(stdout);

  456.     return 1;

  457.   }

  458.   if (config->enable_ocsp_stapling &&

  459.       !SSL_enable_ocsp_stapling(ssl)) {

  460.     BIO_print_errors_fp(stdout);

  461.     return 1;

  462.   }

  463.   if (config->enable_signed_cert_timestamps &&

  464.       !SSL_enable_signed_cert_timestamps(ssl)) {

  465.     BIO_print_errors_fp(stdout);

  466.     return 1;

  467.   }

  468.   SSL_enable_fastradio_padding(ssl, config->fastradio_padding);

  469.   if (config->min_version != 0) {

  470.     SSL_set_min_version(ssl, (uint16_t)config->min_version);

  471.   }

  472.   if (config->max_version != 0) {

  473.     SSL_set_max_version(ssl, (uint16_t)config->max_version);

  474.   }

  475.   if (config->mtu != 0) {

  476.     SSL_set_options(ssl, SSL_OP_NO_QUERY_MTU);

  477.     SSL_set_mtu(ssl, config->mtu);

  478.   }

  479. 

  480.   BIO *bio = BIO_new_fd(fd, 1 /* take ownership */);

  481.   if (bio == NULL) {

  482.     BIO_print_errors_fp(stdout);

  483.     return 1;

  484.   }

  485.   if (config->is_dtls) {

  486.     BIO *packeted = packeted_bio_create(&clock_delta);

  487.     BIO_push(packeted, bio);

  488.     bio = packeted;

  489.   }

  490.   if (config->async) {

  491.     BIO *async =

  492.         config->is_dtls ? async_bio_create_datagram() : async_bio_create();

  493.     BIO_push(async, bio);

  494.     bio = async;

  495.   }

  496.   SSL_set_bio(ssl, bio, bio);

  497. 

  498.   if (session != NULL) {

  499.     if (SSL_set_session(ssl, session) != 1) {

  500.       fprintf(stderr, "failed to set session\n");

  501.       return 2;

  502.     }

  503.   }

  504. 

  505.   int ret;

  506.   do {

  507.     if (config->is_server) {

  508.       ret = SSL_accept(ssl);

  509.     } else {

  510.       ret = SSL_connect(ssl);

  511.     }

  512.   } while (config->async && retry_async(ssl, ret, bio, &clock_delta));

  513.   if (ret != 1) {

  514.     SSL_free(ssl);

  515.     BIO_print_errors_fp(stdout);

  516.     return 2;

  517.   }

  518. 

  519.   if (is_resume && (!!SSL_session_reused(ssl) == config->expect_session_miss)) {

  520.     fprintf(stderr, "session was%s reused\n",

  521.             SSL_session_reused(ssl) ? "" : " not");

  522.     return 2;

  523.   }

  524. 

  525.   if (!config->expected_server_name.empty()) {

  526.     const char *server_name =

  527.         SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);

  528.     if (server_name != config->expected_server_name) {

  529.       fprintf(stderr, "servername mismatch (got %s; want %s)\n",

  530.               server_name, config->expected_server_name.c_str());

  531.       return 2;

  532.     }

  533. 

  534.     if (!early_callback_called) {

  535.       fprintf(stderr, "early callback not called\n");

  536.       return 2;

  537.     }

  538.   }

  539. 

  540.   if (!config->expected_certificate_types.empty()) {

  541.     uint8_t *certificate_types;

  542.     int num_certificate_types =

  543.         SSL_get0_certificate_types(ssl, &certificate_types);

  544.     if (num_certificate_types !=

  545.         (int)config->expected_certificate_types.size() ||

  546.         memcmp(certificate_types,

  547.                config->expected_certificate_types.data(),

  548.                num_certificate_types) != 0) {

  549.       fprintf(stderr, "certificate types mismatch\n");

  550.       return 2;

  551.     }

  552.   }

  553. 

  554.   if (!config->expected_next_proto.empty()) {

  555.     const uint8_t *next_proto;

  556.     unsigned next_proto_len;

  557.     SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);

  558.     if (next_proto_len != config->expected_next_proto.size() ||

  559.         memcmp(next_proto, config->expected_next_proto.data(),

  560.                next_proto_len) != 0) {

  561.       fprintf(stderr, "negotiated next proto mismatch\n");

  562.       return 2;

  563.     }

  564.   }

  565. 

  566.   if (!config->expected_alpn.empty()) {

  567.     const uint8_t *alpn_proto;

  568.     unsigned alpn_proto_len;

  569.     SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len);

  570.     if (alpn_proto_len != config->expected_alpn.size() ||

  571.         memcmp(alpn_proto, config->expected_alpn.data(),

  572.                alpn_proto_len) != 0) {

  573.       fprintf(stderr, "negotiated alpn proto mismatch\n");

  574.       return 2;

  575.     }

  576.   }

  577. 

  578.   if (!config->expected_channel_id.empty()) {

  579.     uint8_t channel_id[64];

  580.     if (!SSL_get_tls_channel_id(ssl, channel_id, sizeof(channel_id))) {

  581.       fprintf(stderr, "no channel id negotiated\n");

  582.       return 2;

  583.     }

  584.     if (config->expected_channel_id.size() != 64 ||

  585.         memcmp(config->expected_channel_id.data(),

  586.                channel_id, 64) != 0) {

  587.       fprintf(stderr, "channel id mismatch\n");

  588.       return 2;

  589.     }

  590.   }

  591. 

  592.   if (config->expect_extended_master_secret) {

  593.     if (!ssl->session->extended_master_secret) {

  594.       fprintf(stderr, "No EMS for session when expected");

  595.       return 2;

  596.     }

  597.   }

  598. 

  599.   if (!config->expected_ocsp_response.empty()) {

  600.     const uint8_t *data;

  601.     size_t len;

  602.     SSL_get0_ocsp_response(ssl, &data, &len);

  603.     if (config->expected_ocsp_response.size() != len ||

  604.         memcmp(config->expected_ocsp_response.data(), data, len) != 0) {

  605.       fprintf(stderr, "OCSP response mismatch\n");

  606.       return 2;

  607.     }

  608.   }

  609. 

  610.   if (!config->expected_signed_cert_timestamps.empty()) {

  611.     const uint8_t *data;

  612.     size_t len;

  613.     SSL_get0_signed_cert_timestamp_list(ssl, &data, &len);

  614.     if (config->expected_signed_cert_timestamps.size() != len ||

  615.         memcmp(config->expected_signed_cert_timestamps.data(),

  616.                data, len) != 0) {

  617.       fprintf(stderr, "SCT list mismatch\n");

  618.       return 2;

  619.     }

  620.   }

  621. 

  622.   if (config->renegotiate) {

  623.     if (config->async) {

  624.       fprintf(stderr, "--renegotiate is not supported with --async.\n");

  625.       return 2;

  626.     }

  627. 

  628.     SSL_renegotiate(ssl);

  629. 

  630.     ret = SSL_do_handshake(ssl);

  631.     if (ret != 1) {

  632.       SSL_free(ssl);

  633.       BIO_print_errors_fp(stdout);

  634.       return 2;

  635.     }

  636. 

  637.     SSL_set_state(ssl, SSL_ST_ACCEPT);

  638.     ret = SSL_do_handshake(ssl);

  639.     if (ret != 1) {

  640.       SSL_free(ssl);

  641.       BIO_print_errors_fp(stdout);

  642.       return 2;

  643.     }

  644.   }

  645. 

  646.   if (config->write_different_record_sizes) {

  647.     if (config->is_dtls) {

  648.       fprintf(stderr, "write_different_record_sizes not supported for DTLS\n");

  649.       return 6;

  650.     }

  651.     // This mode writes a number of different record sizes in an attempt to

  652.     // trip up the CBC record splitting code.

  653.     uint8_t buf[32769];

  654.     memset(buf, 0x42, sizeof(buf));

  655.     static const size_t kRecordSizes[] = {

  656.         0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769};

  657.     for (size_t i = 0; i < sizeof(kRecordSizes) / sizeof(kRecordSizes[0]);

  658.          i++) {

  659.       int w;

  660.       const size_t len = kRecordSizes[i];

  661.       size_t off = 0;

  662. 

  663.       if (len > sizeof(buf)) {

  664.         fprintf(stderr, "Bad kRecordSizes value.\n");

  665.         return 5;

  666.       }

  667. 

  668.       do {

  669.         w = SSL_write(ssl, buf + off, len - off);

  670.         if (w > 0) {

  671.           off += (size_t) w;

  672.         }

  673.       } while ((config->async && retry_async(ssl, w, bio, &clock_delta)) ||

  674.                (w > 0 && off < len));

  675. 

  676.       if (w < 0 || off != len) {

  677.         SSL_free(ssl);

  678.         BIO_print_errors_fp(stdout);

  679.         return 4;

  680.       }

  681.     }

  682.   } else {

  683.     if (config->shim_writes_first) {

  684.       int w;

  685.       do {

  686.         w = SSL_write(ssl, "hello", 5);

  687.       } while (config->async && retry_async(ssl, w, bio, &clock_delta));

  688.     }

  689.     for (;;) {

  690.       uint8_t buf[512];

  691.       int n;

  692.       do {

  693.         n = SSL_read(ssl, buf, sizeof(buf));

  694.       } while (config->async && retry_async(ssl, n, bio, &clock_delta));

  695.       int err = SSL_get_error(ssl, n);

  696.       if (err == SSL_ERROR_ZERO_RETURN ||

  697.           (n == 0 && err == SSL_ERROR_SYSCALL)) {

  698.         if (n != 0) {

  699.           fprintf(stderr, "Invalid SSL_get_error output\n");

  700.           return 3;

  701.         }

  702.         /* Accept shutdowns with or without close_notify.

  703.          * TODO(davidben): Write tests which distinguish these two cases. */

  704.         break;

  705.       } else if (err != SSL_ERROR_NONE) {

  706.         if (n > 0) {

  707.           fprintf(stderr, "Invalid SSL_get_error output\n");

  708.           return 3;

  709.         }

  710.         SSL_free(ssl);

  711.         BIO_print_errors_fp(stdout);

  712.         return 3;

  713.       }

  714.       /* Successfully read data. */

  715.       if (n <= 0) {

  716.         fprintf(stderr, "Invalid SSL_get_error output\n");

  717.         return 3;

  718.       }

  719.       for (int i = 0; i < n; i++) {

  720.         buf[i] ^= 0xff;

  721.       }

  722.       int w;

  723.       do {

  724.         w = SSL_write(ssl, buf, n);

  725.       } while (config->async && retry_async(ssl, w, bio, &clock_delta));

  726.       if (w != n) {

  727.         SSL_free(ssl);

  728.         BIO_print_errors_fp(stdout);

  729.         return 4;

  730.       }

  731.     }

  732.   }

  733. 

  734.   if (out_session) {

  735.     *out_session = SSL_get1_session(ssl);

  736.   }

  737. 

  738.   SSL_shutdown(ssl);

  739.   SSL_free(ssl);

  740.   return 0;

  741. }

  742. 

  743. int main(int argc, char **argv) {

  744. #if !defined(OPENSSL_WINDOWS)

  745.   signal(SIGPIPE, SIG_IGN);

  746. #endif

  747. 

  748.   if (!SSL_library_init()) {

  749.     return 1;

  750.   }

  751.   g_ex_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);

  752.   g_ex_data_clock_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);

  753.   if (g_ex_data_index < 0 || g_ex_data_clock_index < 0) {

  754.     return 1;

  755.   }

  756. 

  757.   TestConfig config;

  758.   if (!ParseConfig(argc - 1, argv + 1, &config)) {

  759.     return usage(argv[0]);

  760.   }

  761. 

  762.   SSL_CTX *ssl_ctx = setup_ctx(&config);

  763.   if (ssl_ctx == NULL) {

  764.     BIO_print_errors_fp(stdout);

  765.     return 1;

  766.   }

  767. 

  768.   SSL_SESSION *session = NULL;

  769.   int ret = do_exchange(&session,

  770.                         ssl_ctx, &config,

  771.                         false /* is_resume */,

  772.                         3 /* fd */, NULL /* session */);

  773.   if (ret != 0) {

  774.     goto out;

  775.   }

  776. 

  777.   if (config.resume) {

  778.     ret = do_exchange(NULL,

  779.                       ssl_ctx, &config,

  780.                       true /* is_resume */,

  781.                       4 /* fd */,

  782.                       config.is_server ? NULL : session);

  783.     if (ret != 0) {

  784.       goto out;

  785.     }

  786.   }

  787. 

  788.   ret = 0;

  789. 

  790. out:

  791.   SSL_SESSION_free(session);

  792.   SSL_CTX_free(ssl_ctx);

  793.   return ret;

  794. }