diff options
Diffstat (limited to 'src/ssl/ssl_test.cc')
-rw-r--r-- | src/ssl/ssl_test.cc | 311 |
1 files changed, 9 insertions, 302 deletions
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc index 810d3fa..1c6e24a 100644 --- a/src/ssl/ssl_test.cc +++ b/src/ssl/ssl_test.cc @@ -24,8 +24,6 @@ #include <openssl/ssl.h> #include "test/scoped_types.h" -#include "../crypto/test/test_util.h" - struct ExpectedCipher { unsigned long id; @@ -214,21 +212,6 @@ static const char *kBadRules[] = { NULL, }; -static const char *kMustNotIncludeNull[] = { - "ALL", - "DEFAULT", - "ALL:!eNULL", - "ALL:!NULL", - "FIPS", - "SHA", - "SHA1", - "RSA", - "SSLv3", - "TLSv1", - "TLSv1.2", - NULL -}; - static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) { bool in_group = false; for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) { @@ -282,24 +265,6 @@ static bool TestCipherRule(CipherTest *t) { return true; } -static bool TestRuleDoesNotIncludeNull(const char *rule) { - ScopedSSL_CTX ctx(SSL_CTX_new(SSLv23_server_method())); - if (!ctx) { - return false; - } - if (!SSL_CTX_set_cipher_list(ctx.get(), rule)) { - fprintf(stderr, "Error: cipher rule '%s' failed\n", rule); - return false; - } - for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) { - if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) { - fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule); - return false; - } - } - return true; -} - static bool TestCipherRules() { for (size_t i = 0; kCipherTests[i].rule != NULL; i++) { if (!TestCipherRule(&kCipherTests[i])) { @@ -319,12 +284,6 @@ static bool TestCipherRules() { ERR_clear_error(); } - for (size_t i = 0; kMustNotIncludeNull[i] != NULL; i++) { - if (!TestRuleDoesNotIncludeNull(kMustNotIncludeNull[i])) { - return false; - } - } - return true; } @@ -376,104 +335,6 @@ static const char kCustomSession[] = "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF"; -// kBoringSSLSession is a serialized SSL_SESSION generated from bssl client. -static const char kBoringSSLSession[] = - "MIIRwQIBAQICAwMEAsAvBCDdoGxGK26mR+8lM0uq6+k9xYuxPnwAjpcF9n0Yli9R" - "kQQwbyshfWhdi5XQ1++7n2L1qqrcVlmHBPpr6yknT/u4pUrpQB5FZ7vqvNn8MdHf" - "9rWgoQYCBFXgs7uiBAICHCCjggR6MIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJ" - "KoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMx" - "JTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEy" - "MTQ1MzE1WhcNMTUxMTEwMDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK" - "Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v" - "Z2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEB" - "AQUAA4IBDwAwggEKAoIBAQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpo" - "PLuBinvhkXZo3DC133NpCBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU" - "792c7hFyNXSUCG7At8Ifi3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mce" - "Tv9iGKqSkSTlp8puy/9SZ/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/" - "RCh8/UKc8PaL+cxlt531qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eL" - "EucWQ72YZU8mUzXBoXGn0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAd" - "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdv" - "b2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtp" - "Lmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50" - "czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjG" - "GjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEv" - "MBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRw" - "Oi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAb" - "qdWPZEHk0X7iKPCTHL6S3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovE" - "kQZSHwT+pyOPWQhsSjO+1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXd" - "X+s0WdbOpn6MStKAiBVloPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+" - "n0OTucD9sHV7EVj9XUxi51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779a" - "f07vR03r349Iz/KTzk95rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1y" - "TTlM80jBMOwyjZXmjRAhpAIEAKUDAgEUqQUCAwGJwKqBpwSBpOgebbmn9NRUtMWH" - "+eJpqA5JLMFSMCChOsvKey3toBaCNGU7HfAEiiXNuuAdCBoK262BjQc2YYfqFzqH" - "zuppopXCvhohx7j/tnCNZIMgLYt/O9SXK2RYI5z8FhCCHvB4CbD5G0LGl5EFP27s" - "Jb6S3aTTYPkQe8yZSlxevg6NDwmTogLO9F7UUkaYmVcMQhzssEE2ZRYNwSOU6KjE" - "0Yj+8fAiBtbQriIEIN2L8ZlpaVrdN5KFNdvcmOxJu81P8q53X55xQyGTnGWwsgMC" - "ARezggvvMIIEdjCCA16gAwIBAgIIf+yfD7Y6UicwDQYJKoZIhvcNAQELBQAwSTEL" - "MAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2ds" - "ZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODEyMTQ1MzE1WhcNMTUxMTEw" - "MDAwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG" - "A1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UE" - "AwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB" - "AQC0MeG5YGQ0t+IeJeoneP/PrhEaieibeKYkbKVLNZpoPLuBinvhkXZo3DC133Np" - "CBpy6ZktBwamqyixAyuk/NU6OjgXqwwxfQ7di1AInLIU792c7hFyNXSUCG7At8If" - "i3YwBX9Ba6u/1d6rWTGZJrdCq3QU11RkKYyTq2KT5mceTv9iGKqSkSTlp8puy/9S" - "Z/3DbU3U+BuqCFqeSlz7zjwFmk35acdCilpJlVDDN5C/RCh8/UKc8PaL+cxlt531" - "qoTENvYrflBno14YEZlCBZsPiFeUSILpKEj3Ccwhy0eLEucWQ72YZU8mUzXBoXGn" - "0zA0crFl5ci/2sTBBGZsylNBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEF" - "BQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB" - "BQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB" - "RzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9v" - "Y3NwMB0GA1UdDgQWBBS/bzHxcE73Q4j3slC4BLbMtLjGGjAMBgNVHRMBAf8EAjAA" - "MB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYK" - "KwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5j" - "b20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAbqdWPZEHk0X7iKPCTHL6S" - "3w6q1eR67goxZGFSM1lk1hjwyu7XcLJuvALVV9uY3ovEkQZSHwT+pyOPWQhsSjO+" - "1GyjvCvK/CAwiUmBX+bQRGaqHsRcio7xSbdVcajQ3bXdX+s0WdbOpn6MStKAiBVl" - "oPlSxEI8pxY6x/BBCnTIk/+DMB17uZlOjG3vbAnkDkP+n0OTucD9sHV7EVj9XUxi" - "51nOfNBCN/s7lpUjDS/NJ4k3iwOtbCPswiot8vLO779af07vR03r349Iz/KTzk95" - "rlFtX0IU+KYNxFNsanIXZ+C9FYGRXkwhHcvFb4qMUB1yTTlM80jBMOwyjZXmjRAh" - "MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT" - "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i" - "YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG" - "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy" - "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB" - "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP" - "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv" - "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE" - "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ" - "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC" - "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7" - "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD" - "VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov" - "L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig" - "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ" - "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+" - "3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI" - "hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI" - "Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X" - "Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm" - "X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40" - "fsg12DCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG" - "EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUg" - "Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0" - "MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZ" - "BgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP" - "ADCCAQoCggEBANrMGGMw/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI" - "2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2t" - "mEaSLk/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb/JVSvN" - "0Jc+nCZkzN/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3" - "lQI5kQsO/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIE" - "ceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAW" - "gBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9" - "ZbjKzE4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMw" - "MTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5j" - "cmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3" - "Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUF" - "AAOBgQB24RJuTksWEoYwBrKBCM/wCMfHcX5m7sLt1Dsf//DwyE7WQziwuTB9GNBV" - "g6JqyzYRnOhIZqNtf7gT1Ef+i1pcc/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+D" - "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg=="; - // kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing // the final (optional) element of |kCustomSession| with tag number 30. static const char kBadSessionExtraField[] = @@ -498,18 +359,6 @@ static const char kBadSessionVersion[] = "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF"; -// kBadSessionTrailingData is a custom serialized SSL_SESSION with trailing data -// appended. -static const char kBadSessionTrailingData[] = - "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" - "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" - "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE" - "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe" - "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751" - "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP" - "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" - "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEFAAAA"; - static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) { size_t len; if (!EVP_DecodedLength(&len, strlen(in))) { @@ -538,10 +387,10 @@ static bool TestSSL_SESSIONEncoding(const char *input_b64) { } // Verify the SSL_SESSION decodes. - ScopedSSL_SESSION session(SSL_SESSION_from_bytes(bssl::vector_data(&input), - input.size())); - if (!session) { - fprintf(stderr, "SSL_SESSION_from_bytes failed\n"); + cptr = bssl::vector_data(&input); + ScopedSSL_SESSION session(d2i_SSL_SESSION(NULL, &cptr, input.size())); + if (!session || cptr != bssl::vector_data(&input) + input.size()) { + fprintf(stderr, "d2i_SSL_SESSION failed\n"); return false; } @@ -557,16 +406,6 @@ static bool TestSSL_SESSIONEncoding(const char *input_b64) { if (encoded_len != input.size() || memcmp(bssl::vector_data(&input), encoded.get(), input.size()) != 0) { fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n"); - hexdump(stderr, "Before: ", input.data(), input.size()); - hexdump(stderr, "After: ", encoded_raw, encoded_len); - return false; - } - - // Verify the SSL_SESSION also decodes with the legacy API. - cptr = bssl::vector_data(&input); - session.reset(d2i_SSL_SESSION(NULL, &cptr, input.size())); - if (!session || cptr != bssl::vector_data(&input) + input.size()) { - fprintf(stderr, "d2i_SSL_SESSION failed\n"); return false; } @@ -608,10 +447,10 @@ static bool TestBadSSL_SESSIONEncoding(const char *input_b64) { } // Verify that the SSL_SESSION fails to decode. - ScopedSSL_SESSION session(SSL_SESSION_from_bytes(bssl::vector_data(&input), - input.size())); + const uint8_t *ptr = bssl::vector_data(&input); + ScopedSSL_SESSION session(d2i_SSL_SESSION(NULL, &ptr, input.size())); if (session) { - fprintf(stderr, "SSL_SESSION_from_bytes unexpectedly succeeded\n"); + fprintf(stderr, "d2i_SSL_SESSION unexpectedly succeeded\n"); return false; } ERR_clear_error(); @@ -690,144 +529,14 @@ static bool TestCipherGetRFCName(void) { return true; } -// CreateSessionWithTicket returns a sample |SSL_SESSION| with the ticket -// replaced for one of length |ticket_len| or nullptr on failure. -static ScopedSSL_SESSION CreateSessionWithTicket(size_t ticket_len) { - std::vector<uint8_t> der; - if (!DecodeBase64(&der, kOpenSSLSession)) { - return nullptr; - } - ScopedSSL_SESSION session(SSL_SESSION_from_bytes(bssl::vector_data(&der), - der.size())); - if (!session) { - return nullptr; - } - - // Swap out the ticket for a garbage one. - OPENSSL_free(session->tlsext_tick); - session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len)); - if (session->tlsext_tick == nullptr) { - return nullptr; - } - memset(session->tlsext_tick, 'a', ticket_len); - session->tlsext_ticklen = ticket_len; - return session; -} - -// GetClientHelloLen creates a client SSL connection with a ticket of length -// |ticket_len| and records the ClientHello. It returns the length of the -// ClientHello, not including the record header, on success and zero on error. -static size_t GetClientHelloLen(size_t ticket_len) { - ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method())); - ScopedSSL_SESSION session = CreateSessionWithTicket(ticket_len); - if (!ctx || !session) { - return 0; - } - ScopedSSL ssl(SSL_new(ctx.get())); - ScopedBIO bio(BIO_new(BIO_s_mem())); - if (!ssl || !bio || !SSL_set_session(ssl.get(), session.get())) { - return 0; - } - // Do not configure a reading BIO, but record what's written to a memory BIO. - SSL_set_bio(ssl.get(), nullptr /* rbio */, BIO_up_ref(bio.get())); - int ret = SSL_connect(ssl.get()); - if (ret > 0) { - // SSL_connect should fail without a BIO to write to. - return 0; - } - ERR_clear_error(); - - const uint8_t *unused; - size_t client_hello_len; - if (!BIO_mem_contents(bio.get(), &unused, &client_hello_len) || - client_hello_len <= SSL3_RT_HEADER_LENGTH) { - return 0; - } - return client_hello_len - SSL3_RT_HEADER_LENGTH; -} - -struct PaddingTest { - size_t input_len, padded_len; -}; - -static const PaddingTest kPaddingTests[] = { - // ClientHellos of length below 0x100 do not require padding. - {0xfe, 0xfe}, - {0xff, 0xff}, - // ClientHellos of length 0x100 through 0x1fb are padded up to 0x200. - {0x100, 0x200}, - {0x123, 0x200}, - {0x1fb, 0x200}, - // ClientHellos of length 0x1fc through 0x1ff get padded beyond 0x200. The - // padding extension takes a minimum of four bytes plus one required content - // byte. (To work around yet more server bugs, we avoid empty final - // extensions.) - {0x1fc, 0x201}, - {0x1fd, 0x202}, - {0x1fe, 0x203}, - {0x1ff, 0x204}, - // Finally, larger ClientHellos need no padding. - {0x200, 0x200}, - {0x201, 0x201}, -}; - -static bool TestPaddingExtension() { - // Sample a baseline length. - size_t base_len = GetClientHelloLen(1); - if (base_len == 0) { - return false; - } - - for (const PaddingTest &test : kPaddingTests) { - if (base_len > test.input_len) { - fprintf(stderr, "Baseline ClientHello too long.\n"); - return false; - } - - size_t padded_len = GetClientHelloLen(1 + test.input_len - base_len); - if (padded_len != test.padded_len) { - fprintf(stderr, "%u-byte ClientHello padded to %u bytes, not %u.\n", - static_cast<unsigned>(test.input_len), - static_cast<unsigned>(padded_len), - static_cast<unsigned>(test.padded_len)); - return false; - } - } - return true; -} - -// Test that |SSL_get_client_CA_list| echoes back the configured parameter even -// before configuring as a server. -static bool TestClientCAList() { - ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method())); - if (!ctx) { - return false; - } - ScopedSSL ssl(SSL_new(ctx.get())); - if (!ssl) { - return false; - } - - STACK_OF(X509_NAME) *stack = sk_X509_NAME_new_null(); - if (stack == nullptr) { - return false; - } - // |SSL_set_client_CA_list| takes ownership. - SSL_set_client_CA_list(ssl.get(), stack); - - return SSL_get_client_CA_list(ssl.get()) == stack; -} - -int main() { +int main(void) { SSL_library_init(); if (!TestCipherRules() || !TestSSL_SESSIONEncoding(kOpenSSLSession) || !TestSSL_SESSIONEncoding(kCustomSession) || - !TestSSL_SESSIONEncoding(kBoringSSLSession) || !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) || !TestBadSSL_SESSIONEncoding(kBadSessionVersion) || - !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) || !TestDefaultVersion(0, &TLS_method) || !TestDefaultVersion(SSL3_VERSION, &SSLv3_method) || !TestDefaultVersion(TLS1_VERSION, &TLSv1_method) || @@ -836,9 +545,7 @@ int main() { !TestDefaultVersion(0, &DTLS_method) || !TestDefaultVersion(DTLS1_VERSION, &DTLSv1_method) || !TestDefaultVersion(DTLS1_2_VERSION, &DTLSv1_2_method) || - !TestCipherGetRFCName() || - !TestPaddingExtension() || - !TestClientCAList()) { + !TestCipherGetRFCName()) { ERR_print_errors_fp(stderr); return 1; } |