1 /* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include "test_config.h"
16
17 #include <assert.h>
18 #include <ctype.h>
19 #include <errno.h>
20 #include <limits.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24
25 #include <algorithm>
26 #include <functional>
27 #include <limits>
28 #include <memory>
29 #include <type_traits>
30
31 #include <openssl/base64.h>
32 #include <openssl/hmac.h>
33 #include <openssl/hpke.h>
34 #include <openssl/rand.h>
35 #include <openssl/span.h>
36 #include <openssl/ssl.h>
37
38 #include "../../crypto/internal.h"
39 #include "../internal.h"
40 #include "handshake_util.h"
41 #include "mock_quic_transport.h"
42 #include "test_state.h"
43
44 namespace {
45
46 template <typename Config>
47 struct Flag {
48 const char *name;
49 bool has_param;
50 // skip_handshaker, if true, causes this flag to be skipped when
51 // forwarding flags to the handshaker. This should be used with flags
52 // that only impact connecting to the runner.
53 bool skip_handshaker;
54 // If |has_param| is false, |param| will be nullptr.
55 std::function<bool(Config *config, const char *param)> set_param;
56 };
57
58 template <typename Config>
BoolFlag(const char * name,bool Config::* field,bool skip_handshaker=false)59 Flag<Config> BoolFlag(const char *name, bool Config::*field,
60 bool skip_handshaker = false) {
61 return Flag<Config>{name, false, skip_handshaker,
62 [=](Config *config, const char *) -> bool {
63 config->*field = true;
64 return true;
65 }};
66 }
67
68 template <typename T>
StringToInt(T * out,const char * str)69 bool StringToInt(T *out, const char *str) {
70 static_assert(std::is_integral<T>::value, "not an integral type");
71
72 // |strtoull| allows leading '-' with wraparound. Additionally, both
73 // functions accept empty strings and leading whitespace.
74 if (!OPENSSL_isdigit(static_cast<unsigned char>(*str)) &&
75 (!std::is_signed<T>::value || *str != '-')) {
76 return false;
77 }
78
79 errno = 0;
80 char *end;
81 if (std::is_signed<T>::value) {
82 static_assert(sizeof(T) <= sizeof(long long),
83 "type too large for long long");
84 long long value = strtoll(str, &end, 10);
85 if (value < static_cast<long long>(std::numeric_limits<T>::min()) ||
86 value > static_cast<long long>(std::numeric_limits<T>::max())) {
87 return false;
88 }
89 *out = static_cast<T>(value);
90 } else {
91 static_assert(sizeof(T) <= sizeof(unsigned long long),
92 "type too large for unsigned long long");
93 unsigned long long value = strtoull(str, &end, 10);
94 if (value >
95 static_cast<unsigned long long>(std::numeric_limits<T>::max())) {
96 return false;
97 }
98 *out = static_cast<T>(value);
99 }
100
101 // Check for overflow and that the whole input was consumed.
102 return errno != ERANGE && *end == '\0';
103 }
104
105 template <typename Config, typename T>
IntFlag(const char * name,T Config::* field,bool skip_handshaker=false)106 Flag<Config> IntFlag(const char *name, T Config::*field,
107 bool skip_handshaker = false) {
108 return Flag<Config>{name, true, skip_handshaker,
109 [=](Config *config, const char *param) -> bool {
110 return StringToInt(&(config->*field), param);
111 }};
112 }
113
114 template <typename Config, typename T>
IntVectorFlag(const char * name,std::vector<T> Config::* field,bool skip_handshaker=false)115 Flag<Config> IntVectorFlag(const char *name, std::vector<T> Config::*field,
116 bool skip_handshaker = false) {
117 return Flag<Config>{name, true, skip_handshaker,
118 [=](Config *config, const char *param) -> bool {
119 T value;
120 if (!StringToInt(&value, param)) {
121 return false;
122 }
123 (config->*field).push_back(value);
124 return true;
125 }};
126 }
127
128 template <typename Config>
StringFlag(const char * name,std::string Config::* field,bool skip_handshaker=false)129 Flag<Config> StringFlag(const char *name, std::string Config::*field,
130 bool skip_handshaker = false) {
131 return Flag<Config>{name, true, skip_handshaker,
132 [=](Config *config, const char *param) -> bool {
133 config->*field = param;
134 return true;
135 }};
136 }
137
138 // TODO(davidben): When we can depend on C++17 or Abseil, switch this to
139 // std::optional or absl::optional.
140 template <typename Config>
OptionalStringFlag(const char * name,std::unique_ptr<std::string> Config::* field,bool skip_handshaker=false)141 Flag<Config> OptionalStringFlag(const char *name,
142 std::unique_ptr<std::string> Config::*field,
143 bool skip_handshaker = false) {
144 return Flag<Config>{name, true, skip_handshaker,
145 [=](Config *config, const char *param) -> bool {
146 (config->*field) = std::make_unique<std::string>(param);
147 return true;
148 }};
149 }
150
DecodeBase64(std::string * out,const std::string & in)151 bool DecodeBase64(std::string *out, const std::string &in) {
152 size_t len;
153 if (!EVP_DecodedLength(&len, in.size())) {
154 fprintf(stderr, "Invalid base64: %s.\n", in.c_str());
155 return false;
156 }
157 std::vector<uint8_t> buf(len);
158 if (!EVP_DecodeBase64(buf.data(), &len, buf.size(),
159 reinterpret_cast<const uint8_t *>(in.data()),
160 in.size())) {
161 fprintf(stderr, "Invalid base64: %s.\n", in.c_str());
162 return false;
163 }
164 out->assign(reinterpret_cast<const char *>(buf.data()), len);
165 return true;
166 }
167
168 template <typename Config>
Base64Flag(const char * name,std::string Config::* field,bool skip_handshaker=false)169 Flag<Config> Base64Flag(const char *name, std::string Config::*field,
170 bool skip_handshaker = false) {
171 return Flag<Config>{name, true, skip_handshaker,
172 [=](Config *config, const char *param) -> bool {
173 return DecodeBase64(&(config->*field), param);
174 }};
175 }
176
177 template <typename Config>
Base64VectorFlag(const char * name,std::vector<std::string> Config::* field,bool skip_handshaker=false)178 Flag<Config> Base64VectorFlag(const char *name,
179 std::vector<std::string> Config::*field,
180 bool skip_handshaker = false) {
181 return Flag<Config>{name, true, skip_handshaker,
182 [=](Config *config, const char *param) -> bool {
183 std::string value;
184 if (!DecodeBase64(&value, param)) {
185 return false;
186 }
187 (config->*field).push_back(std::move(value));
188 return true;
189 }};
190 }
191
192 template <typename Config>
StringPairVectorFlag(const char * name,std::vector<std::pair<std::string,std::string>> Config::* field,bool skip_handshaker=false)193 Flag<Config> StringPairVectorFlag(
194 const char *name,
195 std::vector<std::pair<std::string, std::string>> Config::*field,
196 bool skip_handshaker = false) {
197 return Flag<Config>{
198 name, true, skip_handshaker,
199 [=](Config *config, const char *param) -> bool {
200 const char *comma = strchr(param, ',');
201 if (!comma) {
202 return false;
203 }
204 (config->*field)
205 .push_back(std::make_pair(std::string(param, comma - param),
206 std::string(comma + 1)));
207 return true;
208 }};
209 }
210
NewCredentialFlag(const char * name,CredentialConfigType type)211 Flag<TestConfig> NewCredentialFlag(const char *name,
212 CredentialConfigType type) {
213 return Flag<TestConfig>{name, /*has_param=*/false, /*skip_handshaker=*/false,
214 [=](TestConfig *config, const char *param) -> bool {
215 config->credentials.emplace_back();
216 config->credentials.back().type = type;
217 return true;
218 }};
219 }
220
CredentialFlagWithDefault(Flag<TestConfig> default_flag,Flag<CredentialConfig> flag)221 Flag<TestConfig> CredentialFlagWithDefault(Flag<TestConfig> default_flag,
222 Flag<CredentialConfig> flag) {
223 BSSL_CHECK(strcmp(default_flag.name, flag.name) == 0);
224 BSSL_CHECK(default_flag.has_param == flag.has_param);
225 return Flag<TestConfig>{flag.name, flag.has_param, /*skip_handshaker=*/false,
226 [=](TestConfig *config, const char *param) -> bool {
227 if (config->credentials.empty()) {
228 return default_flag.set_param(config, param);
229 }
230 return flag.set_param(&config->credentials.back(),
231 param);
232 }};
233 }
234
CredentialFlag(Flag<CredentialConfig> flag)235 Flag<TestConfig> CredentialFlag(Flag<CredentialConfig> flag) {
236 return Flag<TestConfig>{flag.name, flag.has_param, /*skip_handshaker=*/false,
237 [=](TestConfig *config, const char *param) -> bool {
238 if (config->credentials.empty()) {
239 fprintf(stderr, "No credentials configured.\n");
240 return false;
241 }
242 return flag.set_param(&config->credentials.back(),
243 param);
244 }};
245 }
246
247 struct FlagNameComparator {
248 template <typename Config>
operator ()__anon400e40370111::FlagNameComparator249 bool operator()(const Flag<Config> &flag1, const Flag<Config> &flag2) const {
250 return strcmp(flag1.name, flag2.name) < 0;
251 }
252
253 template <typename Config>
operator ()__anon400e40370111::FlagNameComparator254 bool operator()(const Flag<Config> &flag, const char *name) const {
255 return strcmp(flag.name, name) < 0;
256 }
257 };
258
FindFlag(const char * name)259 const Flag<TestConfig> *FindFlag(const char *name) {
260 static const std::vector<Flag<TestConfig>> flags = [] {
261 std::vector<Flag<TestConfig>> ret = {
262 IntFlag("-port", &TestConfig::port, /*skip_handshaker=*/true),
263 BoolFlag("-ipv6", &TestConfig::ipv6, /*skip_handshaker=*/true),
264 IntFlag("-shim-id", &TestConfig::shim_id, /*skip_handshaker=*/true),
265 BoolFlag("-server", &TestConfig::is_server),
266 BoolFlag("-dtls", &TestConfig::is_dtls),
267 BoolFlag("-quic", &TestConfig::is_quic),
268 IntFlag("-resume-count", &TestConfig::resume_count),
269 StringFlag("-write-settings", &TestConfig::write_settings),
270 BoolFlag("-fallback-scsv", &TestConfig::fallback_scsv),
271 IntVectorFlag("-verify-prefs", &TestConfig::verify_prefs),
272 IntVectorFlag("-expect-peer-verify-pref",
273 &TestConfig::expect_peer_verify_prefs),
274 IntVectorFlag("-curves", &TestConfig::curves),
275 StringFlag("-trust-cert", &TestConfig::trust_cert),
276 StringFlag("-expect-server-name", &TestConfig::expect_server_name),
277 BoolFlag("-enable-ech-grease", &TestConfig::enable_ech_grease),
278 Base64VectorFlag("-ech-server-config", &TestConfig::ech_server_configs),
279 Base64VectorFlag("-ech-server-key", &TestConfig::ech_server_keys),
280 IntVectorFlag("-ech-is-retry-config", &TestConfig::ech_is_retry_config),
281 BoolFlag("-expect-ech-accept", &TestConfig::expect_ech_accept),
282 StringFlag("-expect-ech-name-override",
283 &TestConfig::expect_ech_name_override),
284 BoolFlag("-expect-no-ech-name-override",
285 &TestConfig::expect_no_ech_name_override),
286 Base64Flag("-expect-ech-retry-configs",
287 &TestConfig::expect_ech_retry_configs),
288 BoolFlag("-expect-no-ech-retry-configs",
289 &TestConfig::expect_no_ech_retry_configs),
290 Base64Flag("-ech-config-list", &TestConfig::ech_config_list),
291 Base64Flag("-expect-certificate-types",
292 &TestConfig::expect_certificate_types),
293 BoolFlag("-require-any-client-certificate",
294 &TestConfig::require_any_client_certificate),
295 StringFlag("-advertise-npn", &TestConfig::advertise_npn),
296 StringFlag("-expect-next-proto", &TestConfig::expect_next_proto),
297 BoolFlag("-false-start", &TestConfig::false_start),
298 StringFlag("-select-next-proto", &TestConfig::select_next_proto),
299 BoolFlag("-async", &TestConfig::async),
300 BoolFlag("-write-different-record-sizes",
301 &TestConfig::write_different_record_sizes),
302 BoolFlag("-cbc-record-splitting", &TestConfig::cbc_record_splitting),
303 BoolFlag("-partial-write", &TestConfig::partial_write),
304 BoolFlag("-no-tls13", &TestConfig::no_tls13),
305 BoolFlag("-no-tls12", &TestConfig::no_tls12),
306 BoolFlag("-no-tls11", &TestConfig::no_tls11),
307 BoolFlag("-no-tls1", &TestConfig::no_tls1),
308 BoolFlag("-no-ticket", &TestConfig::no_ticket),
309 Base64Flag("-expect-channel-id", &TestConfig::expect_channel_id),
310 BoolFlag("-enable-channel-id", &TestConfig::enable_channel_id),
311 StringFlag("-send-channel-id", &TestConfig::send_channel_id),
312 BoolFlag("-shim-writes-first", &TestConfig::shim_writes_first),
313 StringFlag("-host-name", &TestConfig::host_name),
314 StringFlag("-advertise-alpn", &TestConfig::advertise_alpn),
315 StringFlag("-expect-alpn", &TestConfig::expect_alpn),
316 StringFlag("-expect-advertised-alpn",
317 &TestConfig::expect_advertised_alpn),
318 StringFlag("-select-alpn", &TestConfig::select_alpn),
319 BoolFlag("-decline-alpn", &TestConfig::decline_alpn),
320 BoolFlag("-reject-alpn", &TestConfig::reject_alpn),
321 BoolFlag("-select-empty-alpn", &TestConfig::select_empty_alpn),
322 BoolFlag("-defer-alps", &TestConfig::defer_alps),
323 StringPairVectorFlag("-application-settings",
324 &TestConfig::application_settings),
325 OptionalStringFlag("-expect-peer-application-settings",
326 &TestConfig::expect_peer_application_settings),
327 BoolFlag("-alps-use-new-codepoint",
328 &TestConfig::alps_use_new_codepoint),
329 Base64Flag("-quic-transport-params",
330 &TestConfig::quic_transport_params),
331 Base64Flag("-expect-quic-transport-params",
332 &TestConfig::expect_quic_transport_params),
333 IntFlag("-quic-use-legacy-codepoint",
334 &TestConfig::quic_use_legacy_codepoint),
335 BoolFlag("-expect-session-miss", &TestConfig::expect_session_miss),
336 BoolFlag("-expect-extended-master-secret",
337 &TestConfig::expect_extended_master_secret),
338 StringFlag("-psk", &TestConfig::psk),
339 StringFlag("-psk-identity", &TestConfig::psk_identity),
340 StringFlag("-srtp-profiles", &TestConfig::srtp_profiles),
341 BoolFlag("-enable-ocsp-stapling", &TestConfig::enable_ocsp_stapling),
342 BoolFlag("-enable-signed-cert-timestamps",
343 &TestConfig::enable_signed_cert_timestamps),
344 Base64Flag("-expect-signed-cert-timestamps",
345 &TestConfig::expect_signed_cert_timestamps),
346 IntFlag("-min-version", &TestConfig::min_version),
347 IntFlag("-max-version", &TestConfig::max_version),
348 IntFlag("-expect-version", &TestConfig::expect_version),
349 IntFlag("-mtu", &TestConfig::mtu),
350 BoolFlag("-implicit-handshake", &TestConfig::implicit_handshake),
351 BoolFlag("-use-early-callback", &TestConfig::use_early_callback),
352 BoolFlag("-fail-early-callback", &TestConfig::fail_early_callback),
353 BoolFlag("-install-ddos-callback", &TestConfig::install_ddos_callback),
354 BoolFlag("-fail-ddos-callback", &TestConfig::fail_ddos_callback),
355 BoolFlag("-fail-cert-callback", &TestConfig::fail_cert_callback),
356 StringFlag("-cipher", &TestConfig::cipher),
357 BoolFlag("-handshake-never-done", &TestConfig::handshake_never_done),
358 IntFlag("-export-keying-material", &TestConfig::export_keying_material),
359 StringFlag("-export-label", &TestConfig::export_label),
360 StringFlag("-export-context", &TestConfig::export_context),
361 BoolFlag("-use-export-context", &TestConfig::use_export_context),
362 BoolFlag("-tls-unique", &TestConfig::tls_unique),
363 BoolFlag("-expect-ticket-renewal", &TestConfig::expect_ticket_renewal),
364 BoolFlag("-expect-no-session", &TestConfig::expect_no_session),
365 BoolFlag("-expect-ticket-supports-early-data",
366 &TestConfig::expect_ticket_supports_early_data),
367 BoolFlag("-expect-accept-early-data",
368 &TestConfig::expect_accept_early_data),
369 BoolFlag("-expect-reject-early-data",
370 &TestConfig::expect_reject_early_data),
371 BoolFlag("-expect-no-offer-early-data",
372 &TestConfig::expect_no_offer_early_data),
373 BoolFlag("-use-ticket-callback", &TestConfig::use_ticket_callback),
374 BoolFlag("-renew-ticket", &TestConfig::renew_ticket),
375 BoolFlag("-enable-early-data", &TestConfig::enable_early_data),
376 Base64Flag("-expect-ocsp-response", &TestConfig::expect_ocsp_response),
377 BoolFlag("-check-close-notify", &TestConfig::check_close_notify),
378 BoolFlag("-shim-shuts-down", &TestConfig::shim_shuts_down),
379 BoolFlag("-verify-fail", &TestConfig::verify_fail),
380 BoolFlag("-verify-peer", &TestConfig::verify_peer),
381 BoolFlag("-verify-peer-if-no-obc", &TestConfig::verify_peer_if_no_obc),
382 BoolFlag("-expect-verify-result", &TestConfig::expect_verify_result),
383 IntFlag("-expect-total-renegotiations",
384 &TestConfig::expect_total_renegotiations),
385 BoolFlag("-renegotiate-once", &TestConfig::renegotiate_once),
386 BoolFlag("-renegotiate-freely", &TestConfig::renegotiate_freely),
387 BoolFlag("-renegotiate-ignore", &TestConfig::renegotiate_ignore),
388 BoolFlag("-renegotiate-explicit", &TestConfig::renegotiate_explicit),
389 BoolFlag("-forbid-renegotiation-after-handshake",
390 &TestConfig::forbid_renegotiation_after_handshake),
391 IntFlag("-expect-peer-signature-algorithm",
392 &TestConfig::expect_peer_signature_algorithm),
393 IntFlag("-expect-curve-id", &TestConfig::expect_curve_id),
394 BoolFlag("-use-old-client-cert-callback",
395 &TestConfig::use_old_client_cert_callback),
396 IntFlag("-initial-timeout-duration-ms",
397 &TestConfig::initial_timeout_duration_ms),
398 StringFlag("-use-client-ca-list", &TestConfig::use_client_ca_list),
399 StringFlag("-expect-client-ca-list",
400 &TestConfig::expect_client_ca_list),
401 BoolFlag("-send-alert", &TestConfig::send_alert),
402 BoolFlag("-peek-then-read", &TestConfig::peek_then_read),
403 BoolFlag("-enable-grease", &TestConfig::enable_grease),
404 BoolFlag("-permute-extensions", &TestConfig::permute_extensions),
405 IntFlag("-max-cert-list", &TestConfig::max_cert_list),
406 Base64Flag("-ticket-key", &TestConfig::ticket_key),
407 BoolFlag("-use-exporter-between-reads",
408 &TestConfig::use_exporter_between_reads),
409 IntFlag("-expect-cipher-aes", &TestConfig::expect_cipher_aes),
410 IntFlag("-expect-cipher-no-aes", &TestConfig::expect_cipher_no_aes),
411 IntFlag("-expect-cipher", &TestConfig::expect_cipher),
412 StringFlag("-expect-peer-cert-file",
413 &TestConfig::expect_peer_cert_file),
414 IntFlag("-resumption-delay", &TestConfig::resumption_delay),
415 BoolFlag("-retain-only-sha256-client-cert",
416 &TestConfig::retain_only_sha256_client_cert),
417 BoolFlag("-expect-sha256-client-cert",
418 &TestConfig::expect_sha256_client_cert),
419 BoolFlag("-read-with-unfinished-write",
420 &TestConfig::read_with_unfinished_write),
421 BoolFlag("-expect-secure-renegotiation",
422 &TestConfig::expect_secure_renegotiation),
423 BoolFlag("-expect-no-secure-renegotiation",
424 &TestConfig::expect_no_secure_renegotiation),
425 IntFlag("-max-send-fragment", &TestConfig::max_send_fragment),
426 IntFlag("-read-size", &TestConfig::read_size),
427 BoolFlag("-expect-session-id", &TestConfig::expect_session_id),
428 BoolFlag("-expect-no-session-id", &TestConfig::expect_no_session_id),
429 IntFlag("-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew),
430 BoolFlag("-no-op-extra-handshake", &TestConfig::no_op_extra_handshake),
431 BoolFlag("-handshake-twice", &TestConfig::handshake_twice),
432 BoolFlag("-allow-unknown-alpn-protos",
433 &TestConfig::allow_unknown_alpn_protos),
434 BoolFlag("-use-custom-verify-callback",
435 &TestConfig::use_custom_verify_callback),
436 StringFlag("-expect-msg-callback", &TestConfig::expect_msg_callback),
437 BoolFlag("-allow-false-start-without-alpn",
438 &TestConfig::allow_false_start_without_alpn),
439 BoolFlag("-handoff", &TestConfig::handoff),
440 BoolFlag("-handshake-hints", &TestConfig::handshake_hints),
441 BoolFlag("-allow-hint-mismatch", &TestConfig::allow_hint_mismatch),
442 BoolFlag("-use-ocsp-callback", &TestConfig::use_ocsp_callback),
443 BoolFlag("-set-ocsp-in-callback", &TestConfig::set_ocsp_in_callback),
444 BoolFlag("-decline-ocsp-callback", &TestConfig::decline_ocsp_callback),
445 BoolFlag("-fail-ocsp-callback", &TestConfig::fail_ocsp_callback),
446 BoolFlag("-install-cert-compression-algs",
447 &TestConfig::install_cert_compression_algs),
448 IntFlag("-install-one-cert-compression-alg",
449 &TestConfig::install_one_cert_compression_alg),
450 BoolFlag("-reverify-on-resume", &TestConfig::reverify_on_resume),
451 BoolFlag("-ignore-rsa-key-usage", &TestConfig::ignore_rsa_key_usage),
452 BoolFlag("-expect-key-usage-invalid",
453 &TestConfig::expect_key_usage_invalid),
454 BoolFlag("-is-handshaker-supported",
455 &TestConfig::is_handshaker_supported),
456 BoolFlag("-handshaker-resume", &TestConfig::handshaker_resume),
457 StringFlag("-handshaker-path", &TestConfig::handshaker_path),
458 BoolFlag("-jdk11-workaround", &TestConfig::jdk11_workaround),
459 BoolFlag("-server-preference", &TestConfig::server_preference),
460 BoolFlag("-export-traffic-secrets",
461 &TestConfig::export_traffic_secrets),
462 BoolFlag("-key-update", &TestConfig::key_update),
463 StringFlag("-expect-early-data-reason",
464 &TestConfig::expect_early_data_reason),
465 BoolFlag("-expect-hrr", &TestConfig::expect_hrr),
466 BoolFlag("-expect-no-hrr", &TestConfig::expect_no_hrr),
467 BoolFlag("-wait-for-debugger", &TestConfig::wait_for_debugger),
468 StringFlag("-quic-early-data-context",
469 &TestConfig::quic_early_data_context),
470 IntFlag("-early-write-after-message",
471 &TestConfig::early_write_after_message),
472 BoolFlag("-fips-202205", &TestConfig::fips_202205),
473 BoolFlag("-wpa-202304", &TestConfig::wpa_202304),
474 BoolFlag("-no-check-client-certificate-type",
475 &TestConfig::no_check_client_certificate_type),
476 BoolFlag("-no-check-ecdsa-curve", &TestConfig::no_check_ecdsa_curve),
477 IntFlag("-expect-selected-credential",
478 &TestConfig::expect_selected_credential),
479 // Credential flags are stateful. First, use one of the
480 // -new-*-credential flags to introduce a new credential. Then the flags
481 // below switch from acting on the default credential to the newly-added
482 // one. Repeat this process to continue adding them.
483 NewCredentialFlag("-new-x509-credential", CredentialConfigType::kX509),
484 NewCredentialFlag("-new-delegated-credential",
485 CredentialConfigType::kDelegated),
486 CredentialFlagWithDefault(
487 StringFlag("-cert-file", &TestConfig::cert_file),
488 StringFlag("-cert-file", &CredentialConfig::cert_file)),
489 CredentialFlagWithDefault(
490 StringFlag("-key-file", &TestConfig::key_file),
491 StringFlag("-key-file", &CredentialConfig::key_file)),
492 CredentialFlagWithDefault(
493 IntVectorFlag("-signing-prefs", &TestConfig::signing_prefs),
494 IntVectorFlag("-signing-prefs", &CredentialConfig::signing_prefs)),
495 CredentialFlag(Base64Flag("-delegated-credential",
496 &CredentialConfig::delegated_credential)),
497 CredentialFlagWithDefault(
498 Base64Flag("-ocsp-response", &TestConfig::ocsp_response),
499 Base64Flag("-ocsp-response", &CredentialConfig::ocsp_response)),
500 CredentialFlagWithDefault(
501 Base64Flag("-signed-cert-timestamps",
502 &TestConfig::signed_cert_timestamps),
503 Base64Flag("-signed-cert-timestamps",
504 &CredentialConfig::signed_cert_timestamps)),
505 };
506 std::sort(ret.begin(), ret.end(), FlagNameComparator{});
507 return ret;
508 }();
509 auto iter =
510 std::lower_bound(flags.begin(), flags.end(), name, FlagNameComparator{});
511 if (iter == flags.end() || strcmp(iter->name, name) != 0) {
512 return nullptr;
513 }
514 return &*iter;
515 }
516
517 // RemovePrefix checks if |*str| begins with |prefix| + "-". If so, it advances
518 // |*str| past |prefix| (but not past the "-") and returns true. Otherwise, it
519 // returns false and leaves |*str| unmodified.
RemovePrefix(const char ** str,const char * prefix)520 bool RemovePrefix(const char **str, const char *prefix) {
521 size_t prefix_len = strlen(prefix);
522 if (strncmp(*str, prefix, strlen(prefix)) == 0 && (*str)[prefix_len] == '-') {
523 *str += strlen(prefix);
524 return true;
525 }
526 return false;
527 }
528
529 } // namespace
530
ParseConfig(int argc,char ** argv,bool is_shim,TestConfig * out_initial,TestConfig * out_resume,TestConfig * out_retry)531 bool ParseConfig(int argc, char **argv, bool is_shim,
532 TestConfig *out_initial,
533 TestConfig *out_resume,
534 TestConfig *out_retry) {
535 for (int i = 0; i < argc; i++) {
536 bool skip = false;
537 const char *arg = argv[i];
538 const char *name = arg;
539
540 // -on-shim and -on-handshaker prefixes enable flags only on the shim or
541 // handshaker.
542 if (RemovePrefix(&name, "-on-shim")) {
543 if (!is_shim) {
544 skip = true;
545 }
546 } else if (RemovePrefix(&name, "-on-handshaker")) {
547 if (is_shim) {
548 skip = true;
549 }
550 }
551
552 // The following prefixes allow different configurations for each of the
553 // initial, resumption, and 0-RTT retry handshakes.
554 TestConfig *out = nullptr;
555 if (RemovePrefix(&name, "-on-initial")) {
556 out = out_initial;
557 } else if (RemovePrefix(&name, "-on-resume")) {
558 out = out_resume;
559 } else if (RemovePrefix(&name, "-on-retry")) {
560 out = out_retry;
561 }
562
563 const Flag<TestConfig> *flag = FindFlag(name);
564 if (flag == nullptr) {
565 fprintf(stderr, "Unrecognized flag: %s\n", name);
566 return false;
567 }
568
569 const char *param = nullptr;
570 if (flag->has_param) {
571 if (i >= argc) {
572 fprintf(stderr, "Missing parameter for %s\n", name);
573 return false;
574 }
575 i++;
576 param = argv[i];
577 }
578
579 if (!flag->skip_handshaker) {
580 out_initial->handshaker_args.push_back(arg);
581 if (flag->has_param) {
582 out_initial->handshaker_args.push_back(param);
583 }
584 }
585
586 if (!skip) {
587 if (out != nullptr) {
588 if (!flag->set_param(out, param)) {
589 fprintf(stderr, "Invalid parameter for %s: %s\n", name, param);
590 return false;
591 }
592 } else {
593 // Unprefixed flags apply to all three.
594 if (!flag->set_param(out_initial, param) ||
595 !flag->set_param(out_resume, param) ||
596 !flag->set_param(out_retry, param)) {
597 fprintf(stderr, "Invalid parameter for %s: %s\n", name, param);
598 return false;
599 }
600 }
601 }
602 }
603
604 out_resume->handshaker_args = out_initial->handshaker_args;
605 out_retry->handshaker_args = out_initial->handshaker_args;
606 return true;
607 }
608
BufferPool()609 static CRYPTO_BUFFER_POOL *BufferPool() {
610 static CRYPTO_BUFFER_POOL *pool = [&] {
611 OPENSSL_disable_malloc_failures_for_testing();
612 CRYPTO_BUFFER_POOL *ret = CRYPTO_BUFFER_POOL_new();
613 BSSL_CHECK(ret != nullptr);
614 OPENSSL_enable_malloc_failures_for_testing();
615 return ret;
616 }();
617 return pool;
618 }
619
TestConfigExDataIndex()620 static int TestConfigExDataIndex() {
621 static int index = [&] {
622 OPENSSL_disable_malloc_failures_for_testing();
623 int ret = SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
624 BSSL_CHECK(ret >= 0);
625 OPENSSL_enable_malloc_failures_for_testing();
626 return ret;
627 }();
628 return index;
629 }
630
SetTestConfig(SSL * ssl,const TestConfig * config)631 bool SetTestConfig(SSL *ssl, const TestConfig *config) {
632 return SSL_set_ex_data(ssl, TestConfigExDataIndex(), (void *)config) == 1;
633 }
634
GetTestConfig(const SSL * ssl)635 const TestConfig *GetTestConfig(const SSL *ssl) {
636 return static_cast<const TestConfig *>(
637 SSL_get_ex_data(ssl, TestConfigExDataIndex()));
638 }
639
640 struct CredentialInfo {
641 int number = -1;
642 bssl::UniquePtr<EVP_PKEY> private_key;
643 };
644
CredentialInfoExDataFree(void * parent,void * ptr,CRYPTO_EX_DATA * ad,int index,long argl,void * argp)645 static void CredentialInfoExDataFree(void *parent, void *ptr,
646 CRYPTO_EX_DATA *ad, int index, long argl,
647 void *argp) {
648 delete static_cast<CredentialInfo*>(ptr);
649 }
650
CredentialInfoExDataIndex()651 static int CredentialInfoExDataIndex() {
652 static int index = [&] {
653 OPENSSL_disable_malloc_failures_for_testing();
654 int ret = SSL_CREDENTIAL_get_ex_new_index(0, nullptr, nullptr, nullptr,
655 CredentialInfoExDataFree);
656 BSSL_CHECK(ret >= 0);
657 OPENSSL_enable_malloc_failures_for_testing();
658 return ret;
659 }();
660 return index;
661 }
662
GetCredentialInfo(const SSL_CREDENTIAL * cred)663 static const CredentialInfo *GetCredentialInfo(const SSL_CREDENTIAL *cred) {
664 return static_cast<const CredentialInfo *>(
665 SSL_CREDENTIAL_get_ex_data(cred, CredentialInfoExDataIndex()));
666 }
667
SetCredentialInfo(SSL_CREDENTIAL * cred,std::unique_ptr<CredentialInfo> info)668 static bool SetCredentialInfo(SSL_CREDENTIAL *cred,
669 std::unique_ptr<CredentialInfo> info) {
670 if (!SSL_CREDENTIAL_set_ex_data(cred, CredentialInfoExDataIndex(),
671 info.get())) {
672 return false;
673 }
674 info.release(); // |cred| takes ownership on success.
675 return true;
676 }
677
LegacyOCSPCallback(SSL * ssl,void * arg)678 static int LegacyOCSPCallback(SSL *ssl, void *arg) {
679 const TestConfig *config = GetTestConfig(ssl);
680 if (!SSL_is_server(ssl)) {
681 return !config->fail_ocsp_callback;
682 }
683
684 if (!config->ocsp_response.empty() && config->set_ocsp_in_callback &&
685 !SSL_set_ocsp_response(ssl, (const uint8_t *)config->ocsp_response.data(),
686 config->ocsp_response.size())) {
687 return SSL_TLSEXT_ERR_ALERT_FATAL;
688 }
689 if (config->fail_ocsp_callback) {
690 return SSL_TLSEXT_ERR_ALERT_FATAL;
691 }
692 if (config->decline_ocsp_callback) {
693 return SSL_TLSEXT_ERR_NOACK;
694 }
695 return SSL_TLSEXT_ERR_OK;
696 }
697
ServerNameCallback(SSL * ssl,int * out_alert,void * arg)698 static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) {
699 // SNI must be accessible from the SNI callback.
700 const TestConfig *config = GetTestConfig(ssl);
701 const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
702 if (server_name == nullptr ||
703 std::string(server_name) != config->expect_server_name) {
704 fprintf(stderr, "servername mismatch (got %s; want %s).\n", server_name,
705 config->expect_server_name.c_str());
706 return SSL_TLSEXT_ERR_ALERT_FATAL;
707 }
708
709 return SSL_TLSEXT_ERR_OK;
710 }
711
NextProtoSelectCallback(SSL * ssl,uint8_t ** out,uint8_t * outlen,const uint8_t * in,unsigned inlen,void * arg)712 static int NextProtoSelectCallback(SSL *ssl, uint8_t **out, uint8_t *outlen,
713 const uint8_t *in, unsigned inlen,
714 void *arg) {
715 const TestConfig *config = GetTestConfig(ssl);
716 if (config->select_next_proto.empty()) {
717 return SSL_TLSEXT_ERR_NOACK;
718 }
719
720 *out = (uint8_t *)config->select_next_proto.data();
721 *outlen = config->select_next_proto.size();
722 return SSL_TLSEXT_ERR_OK;
723 }
724
NextProtosAdvertisedCallback(SSL * ssl,const uint8_t ** out,unsigned int * out_len,void * arg)725 static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out,
726 unsigned int *out_len, void *arg) {
727 const TestConfig *config = GetTestConfig(ssl);
728 if (config->advertise_npn.empty()) {
729 return SSL_TLSEXT_ERR_NOACK;
730 }
731
732 if (config->advertise_npn.size() > UINT_MAX) {
733 fprintf(stderr, "NPN value too large.\n");
734 return SSL_TLSEXT_ERR_ALERT_FATAL;
735 }
736
737 *out = reinterpret_cast<const uint8_t *>(config->advertise_npn.data());
738 *out_len = static_cast<unsigned>(config->advertise_npn.size());
739 return SSL_TLSEXT_ERR_OK;
740 }
741
MessageCallback(int is_write,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg)742 static void MessageCallback(int is_write, int version, int content_type,
743 const void *buf, size_t len, SSL *ssl, void *arg) {
744 const uint8_t *buf_u8 = reinterpret_cast<const uint8_t *>(buf);
745 const TestConfig *config = GetTestConfig(ssl);
746 TestState *state = GetTestState(ssl);
747 if (!state->msg_callback_ok) {
748 return;
749 }
750
751 if (content_type == SSL3_RT_HEADER) {
752 size_t header_len =
753 config->is_dtls ? DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH;
754 if (len != header_len) {
755 fprintf(stderr, "Incorrect length for record header: %zu.\n", len);
756 state->msg_callback_ok = false;
757 }
758 return;
759 }
760
761 state->msg_callback_text += is_write ? "write " : "read ";
762 switch (content_type) {
763 case 0:
764 if (version != SSL2_VERSION) {
765 fprintf(stderr, "Incorrect version for V2ClientHello: %x.\n",
766 static_cast<unsigned>(version));
767 state->msg_callback_ok = false;
768 return;
769 }
770 state->msg_callback_text += "v2clienthello\n";
771 return;
772
773 case SSL3_RT_CLIENT_HELLO_INNER:
774 case SSL3_RT_HANDSHAKE: {
775 CBS cbs;
776 CBS_init(&cbs, buf_u8, len);
777 uint8_t type;
778 uint32_t msg_len;
779 if (!CBS_get_u8(&cbs, &type) ||
780 // TODO(davidben): Reporting on entire messages would be more
781 // consistent than fragments.
782 (config->is_dtls &&
783 !CBS_skip(&cbs, 3 /* total */ + 2 /* seq */ + 3 /* frag_off */)) ||
784 !CBS_get_u24(&cbs, &msg_len) || !CBS_skip(&cbs, msg_len) ||
785 CBS_len(&cbs) != 0) {
786 fprintf(stderr, "Could not parse handshake message.\n");
787 state->msg_callback_ok = false;
788 return;
789 }
790 char text[16];
791 if (content_type == SSL3_RT_CLIENT_HELLO_INNER) {
792 if (type != SSL3_MT_CLIENT_HELLO) {
793 fprintf(stderr, "Invalid header for ClientHelloInner.\n");
794 state->msg_callback_ok = false;
795 return;
796 }
797 state->msg_callback_text += "clienthelloinner\n";
798 } else {
799 snprintf(text, sizeof(text), "hs %d\n", type);
800 state->msg_callback_text += text;
801 if (!is_write) {
802 state->last_message_received = type;
803 }
804 }
805 return;
806 }
807
808 case SSL3_RT_CHANGE_CIPHER_SPEC:
809 if (len != 1 || buf_u8[0] != 1) {
810 fprintf(stderr, "Invalid ChangeCipherSpec.\n");
811 state->msg_callback_ok = false;
812 return;
813 }
814 state->msg_callback_text += "ccs\n";
815 return;
816
817 case SSL3_RT_ALERT:
818 if (len != 2) {
819 fprintf(stderr, "Invalid alert.\n");
820 state->msg_callback_ok = false;
821 return;
822 }
823 char text[16];
824 snprintf(text, sizeof(text), "alert %d %d\n", buf_u8[0], buf_u8[1]);
825 state->msg_callback_text += text;
826 return;
827
828 default:
829 fprintf(stderr, "Invalid content_type: %d.\n", content_type);
830 state->msg_callback_ok = false;
831 }
832 }
833
TicketKeyCallback(SSL * ssl,uint8_t * key_name,uint8_t * iv,EVP_CIPHER_CTX * ctx,HMAC_CTX * hmac_ctx,int encrypt)834 static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
835 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
836 int encrypt) {
837 if (!encrypt) {
838 if (GetTestState(ssl)->ticket_decrypt_done) {
839 fprintf(stderr, "TicketKeyCallback called after completion.\n");
840 return -1;
841 }
842
843 GetTestState(ssl)->ticket_decrypt_done = true;
844 }
845
846 // This is just test code, so use the all-zeros key.
847 static const uint8_t kZeros[16] = {0};
848
849 if (encrypt) {
850 OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
851 RAND_bytes(iv, 16);
852 } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
853 return 0;
854 }
855
856 if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
857 !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
858 return -1;
859 }
860
861 if (!encrypt) {
862 return GetTestConfig(ssl)->renew_ticket ? 2 : 1;
863 }
864 return 1;
865 }
866
NewSessionCallback(SSL * ssl,SSL_SESSION * session)867 static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) {
868 // This callback is called as the handshake completes. |SSL_get_session|
869 // must continue to work and, historically, |SSL_in_init| returned false at
870 // this point.
871 if (SSL_in_init(ssl) || SSL_get_session(ssl) == nullptr) {
872 fprintf(stderr, "Invalid state for NewSessionCallback.\n");
873 abort();
874 }
875
876 GetTestState(ssl)->got_new_session = true;
877 GetTestState(ssl)->new_session.reset(session);
878 return 1;
879 }
880
InfoCallback(const SSL * ssl,int type,int val)881 static void InfoCallback(const SSL *ssl, int type, int val) {
882 if (type == SSL_CB_HANDSHAKE_DONE) {
883 if (GetTestConfig(ssl)->handshake_never_done) {
884 fprintf(stderr, "Handshake unexpectedly completed.\n");
885 // Abort before any expected error code is printed, to ensure the overall
886 // test fails.
887 abort();
888 }
889
890 // This callback is called when the handshake completes. |SSL_get_session|
891 // must continue to work and |SSL_in_init| must return false.
892 if (SSL_in_init(ssl) || SSL_get_session(ssl) == nullptr) {
893 fprintf(stderr, "Invalid state for SSL_CB_HANDSHAKE_DONE.\n");
894 abort();
895 }
896
897 TestState *test_state = GetTestState(ssl);
898 test_state->handshake_done = true;
899
900 // Save the selected credential for the tests to assert on.
901 const SSL_CREDENTIAL *cred = SSL_get0_selected_credential(ssl);
902 const CredentialInfo *cred_info =
903 cred != nullptr ? GetCredentialInfo(cred) : nullptr;
904 test_state->selected_credential =
905 cred_info != nullptr ? cred_info->number : -1;
906 }
907 }
908
GetSessionCallback(SSL * ssl,const uint8_t * data,int len,int * copy)909 static SSL_SESSION *GetSessionCallback(SSL *ssl, const uint8_t *data, int len,
910 int *copy) {
911 TestState *async_state = GetTestState(ssl);
912 if (async_state->session) {
913 *copy = 0;
914 return async_state->session.release();
915 } else if (async_state->pending_session) {
916 return SSL_magic_pending_session_ptr();
917 } else {
918 return NULL;
919 }
920 }
921
CurrentTimeCallback(const SSL * ssl,timeval * out_clock)922 static void CurrentTimeCallback(const SSL *ssl, timeval *out_clock) {
923 *out_clock = *GetClock();
924 }
925
AlpnSelectCallback(SSL * ssl,const uint8_t ** out,uint8_t * outlen,const uint8_t * in,unsigned inlen,void * arg)926 static int AlpnSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *outlen,
927 const uint8_t *in, unsigned inlen, void *arg) {
928 if (GetTestState(ssl)->alpn_select_done) {
929 fprintf(stderr, "AlpnSelectCallback called after completion.\n");
930 exit(1);
931 }
932
933 GetTestState(ssl)->alpn_select_done = true;
934
935 const TestConfig *config = GetTestConfig(ssl);
936 if (config->decline_alpn) {
937 return SSL_TLSEXT_ERR_NOACK;
938 }
939 if (config->reject_alpn) {
940 return SSL_TLSEXT_ERR_ALERT_FATAL;
941 }
942
943 if (!config->expect_advertised_alpn.empty() &&
944 (config->expect_advertised_alpn.size() != inlen ||
945 OPENSSL_memcmp(config->expect_advertised_alpn.data(), in, inlen) !=
946 0)) {
947 fprintf(stderr, "bad ALPN select callback inputs.\n");
948 exit(1);
949 }
950
951 if (config->defer_alps) {
952 for (const auto &pair : config->application_settings) {
953 if (!SSL_add_application_settings(
954 ssl, reinterpret_cast<const uint8_t *>(pair.first.data()),
955 pair.first.size(),
956 reinterpret_cast<const uint8_t *>(pair.second.data()),
957 pair.second.size())) {
958 fprintf(stderr, "error configuring ALPS.\n");
959 exit(1);
960 }
961 }
962 }
963
964 assert(config->select_alpn.empty() || !config->select_empty_alpn);
965 *out = (const uint8_t *)config->select_alpn.data();
966 *outlen = config->select_alpn.size();
967 return SSL_TLSEXT_ERR_OK;
968 }
969
CheckVerifyCallback(SSL * ssl)970 static bool CheckVerifyCallback(SSL *ssl) {
971 const TestConfig *config = GetTestConfig(ssl);
972 if (!config->expect_ocsp_response.empty()) {
973 const uint8_t *data;
974 size_t len;
975 SSL_get0_ocsp_response(ssl, &data, &len);
976 if (len == 0) {
977 fprintf(stderr, "OCSP response not available in verify callback.\n");
978 return false;
979 }
980 }
981
982 const char *name_override;
983 size_t name_override_len;
984 SSL_get0_ech_name_override(ssl, &name_override, &name_override_len);
985 if (config->expect_no_ech_name_override && name_override_len != 0) {
986 fprintf(stderr, "Unexpected ECH name override.\n");
987 return false;
988 }
989 if (!config->expect_ech_name_override.empty() &&
990 config->expect_ech_name_override !=
991 std::string(name_override, name_override_len)) {
992 fprintf(stderr, "ECH name did not match expected value.\n");
993 return false;
994 }
995
996 if (GetTestState(ssl)->cert_verified) {
997 fprintf(stderr, "Certificate verified twice.\n");
998 return false;
999 }
1000
1001 return true;
1002 }
1003
CertVerifyCallback(X509_STORE_CTX * store_ctx,void * arg)1004 static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) {
1005 SSL *ssl = (SSL *)X509_STORE_CTX_get_ex_data(
1006 store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
1007 const TestConfig *config = GetTestConfig(ssl);
1008 if (!CheckVerifyCallback(ssl)) {
1009 return 0;
1010 }
1011
1012 GetTestState(ssl)->cert_verified = true;
1013 if (config->verify_fail) {
1014 X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_APPLICATION_VERIFICATION);
1015 return 0;
1016 }
1017
1018 return 1;
1019 }
1020
LoadCertificate(bssl::UniquePtr<X509> * out_x509,bssl::UniquePtr<STACK_OF (X509)> * out_chain,const std::string & file)1021 bool LoadCertificate(bssl::UniquePtr<X509> *out_x509,
1022 bssl::UniquePtr<STACK_OF(X509)> *out_chain,
1023 const std::string &file) {
1024 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
1025 if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
1026 return false;
1027 }
1028
1029 out_x509->reset(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1030 if (!*out_x509) {
1031 return false;
1032 }
1033
1034 out_chain->reset(sk_X509_new_null());
1035 if (!*out_chain) {
1036 return false;
1037 }
1038
1039 // Keep reading the certificate chain.
1040 for (;;) {
1041 bssl::UniquePtr<X509> cert(
1042 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1043 if (!cert) {
1044 break;
1045 }
1046
1047 if (!bssl::PushToStack(out_chain->get(), std::move(cert))) {
1048 return false;
1049 }
1050 }
1051
1052 uint32_t err = ERR_peek_last_error();
1053 if (ERR_GET_LIB(err) != ERR_LIB_PEM ||
1054 ERR_GET_REASON(err) != PEM_R_NO_START_LINE) {
1055 return false;
1056 }
1057
1058 ERR_clear_error();
1059 return true;
1060 }
1061
LoadPrivateKey(const std::string & file)1062 bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) {
1063 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
1064 if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
1065 return nullptr;
1066 }
1067 return bssl::UniquePtr<EVP_PKEY>(
1068 PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL));
1069 }
1070
X509ToBuffer(X509 * x509)1071 static bssl::UniquePtr<CRYPTO_BUFFER> X509ToBuffer(X509 *x509) {
1072 uint8_t *der = nullptr;
1073 int der_len = i2d_X509(x509, &der);
1074 if (der_len < 0) {
1075 return nullptr;
1076 }
1077 bssl::UniquePtr<uint8_t> free_der(der);
1078 return bssl::UniquePtr<CRYPTO_BUFFER>(
1079 CRYPTO_BUFFER_new(der, der_len, nullptr));
1080 }
1081
1082
1083 static ssl_private_key_result_t AsyncPrivateKeyComplete(SSL *ssl, uint8_t *out,
1084 size_t *out_len,
1085 size_t max_out);
1086
GetPrivateKey(SSL * ssl)1087 static EVP_PKEY *GetPrivateKey(SSL *ssl) {
1088 const CredentialInfo *cred_info =
1089 GetCredentialInfo(SSL_get0_selected_credential(ssl));
1090 if (cred_info != nullptr) {
1091 return cred_info->private_key.get();
1092 }
1093
1094 return GetTestState(ssl)->private_key.get();
1095 }
1096
AsyncPrivateKeySign(SSL * ssl,uint8_t * out,size_t * out_len,size_t max_out,uint16_t signature_algorithm,const uint8_t * in,size_t in_len)1097 static ssl_private_key_result_t AsyncPrivateKeySign(
1098 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
1099 uint16_t signature_algorithm, const uint8_t *in, size_t in_len) {
1100 TestState *test_state = GetTestState(ssl);
1101 test_state->used_private_key = true;
1102 if (!test_state->private_key_result.empty()) {
1103 fprintf(stderr, "AsyncPrivateKeySign called with operation pending.\n");
1104 abort();
1105 }
1106
1107 EVP_PKEY *private_key = GetPrivateKey(ssl);
1108 if (EVP_PKEY_id(private_key) !=
1109 SSL_get_signature_algorithm_key_type(signature_algorithm)) {
1110 fprintf(stderr, "Key type does not match signature algorithm.\n");
1111 abort();
1112 }
1113
1114 // Determine the hash.
1115 const EVP_MD *md = SSL_get_signature_algorithm_digest(signature_algorithm);
1116 bssl::ScopedEVP_MD_CTX ctx;
1117 EVP_PKEY_CTX *pctx;
1118 if (!EVP_DigestSignInit(ctx.get(), &pctx, md, nullptr, private_key)) {
1119 return ssl_private_key_failure;
1120 }
1121
1122 // Configure additional signature parameters.
1123 if (SSL_is_signature_algorithm_rsa_pss(signature_algorithm)) {
1124 if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
1125 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* salt len = hash len */)) {
1126 return ssl_private_key_failure;
1127 }
1128 }
1129
1130 // Write the signature into |test_state|.
1131 size_t len = 0;
1132 if (!EVP_DigestSign(ctx.get(), nullptr, &len, in, in_len)) {
1133 return ssl_private_key_failure;
1134 }
1135 test_state->private_key_result.resize(len);
1136 if (!EVP_DigestSign(ctx.get(), test_state->private_key_result.data(), &len,
1137 in, in_len)) {
1138 return ssl_private_key_failure;
1139 }
1140 test_state->private_key_result.resize(len);
1141
1142 return AsyncPrivateKeyComplete(ssl, out, out_len, max_out);
1143 }
1144
AsyncPrivateKeyDecrypt(SSL * ssl,uint8_t * out,size_t * out_len,size_t max_out,const uint8_t * in,size_t in_len)1145 static ssl_private_key_result_t AsyncPrivateKeyDecrypt(SSL *ssl, uint8_t *out,
1146 size_t *out_len,
1147 size_t max_out,
1148 const uint8_t *in,
1149 size_t in_len) {
1150 TestState *test_state = GetTestState(ssl);
1151 test_state->used_private_key = true;
1152 if (!test_state->private_key_result.empty()) {
1153 fprintf(stderr, "AsyncPrivateKeyDecrypt called with operation pending.\n");
1154 abort();
1155 }
1156
1157 EVP_PKEY *private_key = GetPrivateKey(ssl);
1158 RSA *rsa = EVP_PKEY_get0_RSA(private_key);
1159 if (rsa == NULL) {
1160 fprintf(stderr, "AsyncPrivateKeyDecrypt called with incorrect key type.\n");
1161 abort();
1162 }
1163 test_state->private_key_result.resize(RSA_size(rsa));
1164 if (!RSA_decrypt(rsa, out_len, test_state->private_key_result.data(),
1165 RSA_size(rsa), in, in_len, RSA_NO_PADDING)) {
1166 return ssl_private_key_failure;
1167 }
1168
1169 test_state->private_key_result.resize(*out_len);
1170
1171 return AsyncPrivateKeyComplete(ssl, out, out_len, max_out);
1172 }
1173
AsyncPrivateKeyComplete(SSL * ssl,uint8_t * out,size_t * out_len,size_t max_out)1174 static ssl_private_key_result_t AsyncPrivateKeyComplete(SSL *ssl, uint8_t *out,
1175 size_t *out_len,
1176 size_t max_out) {
1177 TestState *test_state = GetTestState(ssl);
1178 if (test_state->private_key_result.empty()) {
1179 fprintf(stderr,
1180 "AsyncPrivateKeyComplete called without operation pending.\n");
1181 abort();
1182 }
1183
1184 if (GetTestConfig(ssl)->async && test_state->private_key_retries < 2) {
1185 // Only return the decryption on the second attempt, to test both incomplete
1186 // |sign|/|decrypt| and |complete|.
1187 return ssl_private_key_retry;
1188 }
1189
1190 if (max_out < test_state->private_key_result.size()) {
1191 fprintf(stderr, "Output buffer too small.\n");
1192 return ssl_private_key_failure;
1193 }
1194 OPENSSL_memcpy(out, test_state->private_key_result.data(),
1195 test_state->private_key_result.size());
1196 *out_len = test_state->private_key_result.size();
1197
1198 test_state->private_key_result.clear();
1199 test_state->private_key_retries = 0;
1200 return ssl_private_key_success;
1201 }
1202
1203 static const SSL_PRIVATE_KEY_METHOD g_async_private_key_method = {
1204 AsyncPrivateKeySign,
1205 AsyncPrivateKeyDecrypt,
1206 AsyncPrivateKeyComplete,
1207 };
1208
CredentialFromConfig(const TestConfig & config,const CredentialConfig & cred_config,int number)1209 static bssl::UniquePtr<SSL_CREDENTIAL> CredentialFromConfig(
1210 const TestConfig &config, const CredentialConfig &cred_config, int number) {
1211 bssl::UniquePtr<SSL_CREDENTIAL> cred;
1212 switch (cred_config.type) {
1213 case CredentialConfigType::kX509:
1214 cred.reset(SSL_CREDENTIAL_new_x509());
1215 break;
1216 case CredentialConfigType::kDelegated:
1217 cred.reset(SSL_CREDENTIAL_new_delegated());
1218 break;
1219 }
1220 if (cred == nullptr) {
1221 return nullptr;
1222 }
1223
1224 auto info = std::make_unique<CredentialInfo>();
1225 info->number = number;
1226
1227 if (!cred_config.cert_file.empty()) {
1228 bssl::UniquePtr<X509> x509;
1229 bssl::UniquePtr<STACK_OF(X509)> chain;
1230 if (!LoadCertificate(&x509, &chain, cred_config.cert_file.c_str())) {
1231 return nullptr;
1232 }
1233 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> buffers;
1234 buffers.push_back(X509ToBuffer(x509.get()));
1235 if (buffers.back() == nullptr) {
1236 return nullptr;
1237 }
1238 for (X509 *cert : chain.get()) {
1239 buffers.push_back(X509ToBuffer(cert));
1240 if (buffers.back() == nullptr) {
1241 return nullptr;
1242 }
1243 }
1244 std::vector<CRYPTO_BUFFER *> buffers_raw;
1245 for (const auto &buffer : buffers) {
1246 buffers_raw.push_back(buffer.get());
1247 }
1248 if (!SSL_CREDENTIAL_set1_cert_chain(cred.get(), buffers_raw.data(),
1249 buffers_raw.size())) {
1250 return nullptr;
1251 }
1252 }
1253
1254 if (!cred_config.key_file.empty()) {
1255 bssl::UniquePtr<EVP_PKEY> pkey =
1256 LoadPrivateKey(cred_config.key_file.c_str());
1257 if (pkey == nullptr) {
1258 return nullptr;
1259 }
1260 if (config.async || config.handshake_hints) {
1261 info->private_key = std::move(pkey);
1262 if (!SSL_CREDENTIAL_set_private_key_method(cred.get(),
1263 &g_async_private_key_method)) {
1264 return nullptr;
1265 }
1266 } else {
1267 if (!SSL_CREDENTIAL_set1_private_key(cred.get(), pkey.get())) {
1268 return nullptr;
1269 }
1270 }
1271 }
1272
1273 if (!cred_config.signing_prefs.empty() &&
1274 !SSL_CREDENTIAL_set1_signing_algorithm_prefs(
1275 cred.get(), cred_config.signing_prefs.data(),
1276 cred_config.signing_prefs.size())) {
1277 return nullptr;
1278 }
1279
1280 if (!cred_config.delegated_credential.empty()) {
1281 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1282 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t *>(
1283 cred_config.delegated_credential.data()),
1284 cred_config.delegated_credential.size(), nullptr));
1285 if (buf == nullptr ||
1286 !SSL_CREDENTIAL_set1_delegated_credential(cred.get(), buf.get())) {
1287 return nullptr;
1288 }
1289 }
1290
1291 if (!cred_config.ocsp_response.empty()) {
1292 bssl::UniquePtr<CRYPTO_BUFFER> buf(CRYPTO_BUFFER_new(
1293 reinterpret_cast<const uint8_t *>(cred_config.ocsp_response.data()),
1294 cred_config.ocsp_response.size(), nullptr));
1295 if (buf == nullptr ||
1296 !SSL_CREDENTIAL_set1_ocsp_response(cred.get(), buf.get())) {
1297 return nullptr;
1298 }
1299 }
1300
1301 if (!cred_config.signed_cert_timestamps.empty()) {
1302 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1303 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t *>(
1304 cred_config.signed_cert_timestamps.data()),
1305 cred_config.signed_cert_timestamps.size(), nullptr));
1306 if (buf == nullptr || !SSL_CREDENTIAL_set1_signed_cert_timestamp_list(
1307 cred.get(), buf.get())) {
1308 return nullptr;
1309 }
1310 }
1311
1312 if (!SetCredentialInfo(cred.get(), std::move(info))) {
1313 return nullptr;
1314 }
1315
1316 return cred;
1317 }
1318
GetCertificate(SSL * ssl,bssl::UniquePtr<X509> * out_x509,bssl::UniquePtr<STACK_OF (X509)> * out_chain,bssl::UniquePtr<EVP_PKEY> * out_pkey)1319 static bool GetCertificate(SSL *ssl, bssl::UniquePtr<X509> *out_x509,
1320 bssl::UniquePtr<STACK_OF(X509)> *out_chain,
1321 bssl::UniquePtr<EVP_PKEY> *out_pkey) {
1322 const TestConfig *config = GetTestConfig(ssl);
1323
1324 if (!config->signing_prefs.empty()) {
1325 if (!SSL_set_signing_algorithm_prefs(ssl, config->signing_prefs.data(),
1326 config->signing_prefs.size())) {
1327 return false;
1328 }
1329 }
1330
1331 if (!config->key_file.empty()) {
1332 *out_pkey = LoadPrivateKey(config->key_file.c_str());
1333 if (!*out_pkey) {
1334 return false;
1335 }
1336 }
1337 if (!config->cert_file.empty() &&
1338 !LoadCertificate(out_x509, out_chain, config->cert_file.c_str())) {
1339 return false;
1340 }
1341 if (!config->ocsp_response.empty() && !config->set_ocsp_in_callback &&
1342 !SSL_set_ocsp_response(ssl, (const uint8_t *)config->ocsp_response.data(),
1343 config->ocsp_response.size())) {
1344 return false;
1345 }
1346
1347 for (size_t i = 0; i < config->credentials.size(); i++) {
1348 bssl::UniquePtr<SSL_CREDENTIAL> cred = CredentialFromConfig(
1349 *config, config->credentials[i], static_cast<int>(i));
1350 if (cred == nullptr || !SSL_add1_credential(ssl, cred.get())) {
1351 return false;
1352 }
1353 }
1354
1355 return true;
1356 }
1357
HexDecode(std::string * out,const std::string & in)1358 static bool HexDecode(std::string *out, const std::string &in) {
1359 if ((in.size() & 1) != 0) {
1360 return false;
1361 }
1362
1363 auto buf = std::make_unique<uint8_t[]>(in.size() / 2);
1364 for (size_t i = 0; i < in.size() / 2; i++) {
1365 uint8_t high, low;
1366 if (!OPENSSL_fromxdigit(&high, in[i * 2]) ||
1367 !OPENSSL_fromxdigit(&low, in[i * 2 + 1])) {
1368 return false;
1369 }
1370 buf[i] = (high << 4) | low;
1371 }
1372
1373 out->assign(reinterpret_cast<const char *>(buf.get()), in.size() / 2);
1374 return true;
1375 }
1376
SplitParts(const std::string & in,const char delim)1377 static std::vector<std::string> SplitParts(const std::string &in,
1378 const char delim) {
1379 std::vector<std::string> ret;
1380 size_t start = 0;
1381
1382 for (size_t i = 0; i < in.size(); i++) {
1383 if (in[i] == delim) {
1384 ret.push_back(in.substr(start, i - start));
1385 start = i + 1;
1386 }
1387 }
1388
1389 ret.push_back(in.substr(start, std::string::npos));
1390 return ret;
1391 }
1392
DecodeHexStrings(const std::string & hex_strings)1393 static std::vector<std::string> DecodeHexStrings(
1394 const std::string &hex_strings) {
1395 std::vector<std::string> ret;
1396 const std::vector<std::string> parts = SplitParts(hex_strings, ',');
1397
1398 for (const auto &part : parts) {
1399 std::string binary;
1400 if (!HexDecode(&binary, part)) {
1401 fprintf(stderr, "Bad hex string: %s.\n", part.c_str());
1402 return ret;
1403 }
1404
1405 ret.push_back(binary);
1406 }
1407
1408 return ret;
1409 }
1410
DecodeHexX509Names(const std::string & hex_names)1411 static bssl::UniquePtr<STACK_OF(X509_NAME)> DecodeHexX509Names(
1412 const std::string &hex_names) {
1413 const std::vector<std::string> der_names = DecodeHexStrings(hex_names);
1414 bssl::UniquePtr<STACK_OF(X509_NAME)> ret(sk_X509_NAME_new_null());
1415 if (!ret) {
1416 return nullptr;
1417 }
1418
1419 for (const auto &der_name : der_names) {
1420 const uint8_t *const data =
1421 reinterpret_cast<const uint8_t *>(der_name.data());
1422 const uint8_t *derp = data;
1423 bssl::UniquePtr<X509_NAME> name(
1424 d2i_X509_NAME(nullptr, &derp, der_name.size()));
1425 if (!name || derp != data + der_name.size()) {
1426 fprintf(stderr, "Failed to parse X509_NAME.\n");
1427 return nullptr;
1428 }
1429
1430 if (!bssl::PushToStack(ret.get(), std::move(name))) {
1431 return nullptr;
1432 }
1433 }
1434
1435 return ret;
1436 }
1437
CheckPeerVerifyPrefs(SSL * ssl)1438 static bool CheckPeerVerifyPrefs(SSL *ssl) {
1439 const TestConfig *config = GetTestConfig(ssl);
1440 if (!config->expect_peer_verify_prefs.empty()) {
1441 const uint16_t *peer_sigalgs;
1442 size_t num_peer_sigalgs =
1443 SSL_get0_peer_verify_algorithms(ssl, &peer_sigalgs);
1444 if (config->expect_peer_verify_prefs.size() != num_peer_sigalgs) {
1445 fprintf(stderr,
1446 "peer verify preferences length mismatch (got %zu, wanted %zu)\n",
1447 num_peer_sigalgs, config->expect_peer_verify_prefs.size());
1448 return false;
1449 }
1450 for (size_t i = 0; i < num_peer_sigalgs; i++) {
1451 if (peer_sigalgs[i] != config->expect_peer_verify_prefs[i]) {
1452 fprintf(stderr,
1453 "peer verify preference %zu mismatch (got %04x, wanted %04x\n",
1454 i, peer_sigalgs[i], config->expect_peer_verify_prefs[i]);
1455 return false;
1456 }
1457 }
1458 }
1459 return true;
1460 }
1461
CheckCertificateRequest(SSL * ssl)1462 static bool CheckCertificateRequest(SSL *ssl) {
1463 const TestConfig *config = GetTestConfig(ssl);
1464
1465 if (!CheckPeerVerifyPrefs(ssl)) {
1466 return false;
1467 }
1468
1469 if (!config->expect_certificate_types.empty()) {
1470 const uint8_t *certificate_types;
1471 size_t certificate_types_len =
1472 SSL_get0_certificate_types(ssl, &certificate_types);
1473 if (certificate_types_len != config->expect_certificate_types.size() ||
1474 OPENSSL_memcmp(certificate_types,
1475 config->expect_certificate_types.data(),
1476 certificate_types_len) != 0) {
1477 fprintf(stderr, "certificate types mismatch.\n");
1478 return false;
1479 }
1480 }
1481
1482 if (!config->expect_client_ca_list.empty()) {
1483 bssl::UniquePtr<STACK_OF(X509_NAME)> expected =
1484 DecodeHexX509Names(config->expect_client_ca_list);
1485 const size_t num_expected = sk_X509_NAME_num(expected.get());
1486
1487 const STACK_OF(X509_NAME) *received = SSL_get_client_CA_list(ssl);
1488 const size_t num_received = sk_X509_NAME_num(received);
1489
1490 if (num_received != num_expected) {
1491 fprintf(stderr, "expected %zu names in CertificateRequest but got %zu.\n",
1492 num_expected, num_received);
1493 return false;
1494 }
1495
1496 for (size_t i = 0; i < num_received; i++) {
1497 if (X509_NAME_cmp(sk_X509_NAME_value(received, i),
1498 sk_X509_NAME_value(expected.get(), i)) != 0) {
1499 fprintf(stderr, "names in CertificateRequest differ at index #%zu.\n",
1500 i);
1501 return false;
1502 }
1503 }
1504
1505 const STACK_OF(CRYPTO_BUFFER) *buffers = SSL_get0_server_requested_CAs(ssl);
1506 if (sk_CRYPTO_BUFFER_num(buffers) != num_received) {
1507 fprintf(stderr,
1508 "Mismatch between SSL_get_server_requested_CAs and "
1509 "SSL_get_client_CA_list.\n");
1510 return false;
1511 }
1512 }
1513
1514 return true;
1515 }
1516
ClientCertCallback(SSL * ssl,X509 ** out_x509,EVP_PKEY ** out_pkey)1517 static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) {
1518 if (!CheckCertificateRequest(ssl)) {
1519 return -1;
1520 }
1521
1522 if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) {
1523 return -1;
1524 }
1525
1526 bssl::UniquePtr<X509> x509;
1527 bssl::UniquePtr<STACK_OF(X509)> chain;
1528 bssl::UniquePtr<EVP_PKEY> pkey;
1529 if (!GetCertificate(ssl, &x509, &chain, &pkey)) {
1530 return -1;
1531 }
1532
1533 // Return zero for no certificate.
1534 if (!x509) {
1535 return 0;
1536 }
1537
1538 // Chains and asynchronous private keys are not supported with client_cert_cb.
1539 *out_x509 = x509.release();
1540 *out_pkey = pkey.release();
1541 return 1;
1542 }
1543
InstallCertificate(SSL * ssl)1544 static bool InstallCertificate(SSL *ssl) {
1545 bssl::UniquePtr<X509> x509;
1546 bssl::UniquePtr<STACK_OF(X509)> chain;
1547 bssl::UniquePtr<EVP_PKEY> pkey;
1548 if (!GetCertificate(ssl, &x509, &chain, &pkey)) {
1549 return false;
1550 }
1551
1552 if (pkey) {
1553 TestState *test_state = GetTestState(ssl);
1554 const TestConfig *config = GetTestConfig(ssl);
1555 if (config->async || config->handshake_hints) {
1556 // Install a custom private key if testing asynchronous callbacks, or if
1557 // testing handshake hints. In the handshake hints case, we wish to check
1558 // that hints only mismatch when allowed.
1559 test_state->private_key = std::move(pkey);
1560 SSL_set_private_key_method(ssl, &g_async_private_key_method);
1561 } else if (!SSL_use_PrivateKey(ssl, pkey.get())) {
1562 return false;
1563 }
1564 }
1565
1566 if (x509 && !SSL_use_certificate(ssl, x509.get())) {
1567 return false;
1568 }
1569
1570 if (sk_X509_num(chain.get()) > 0 && !SSL_set1_chain(ssl, chain.get())) {
1571 return false;
1572 }
1573
1574 return true;
1575 }
1576
SelectCertificateCallback(const SSL_CLIENT_HELLO * client_hello)1577 static enum ssl_select_cert_result_t SelectCertificateCallback(
1578 const SSL_CLIENT_HELLO *client_hello) {
1579 SSL *ssl = client_hello->ssl;
1580 const TestConfig *config = GetTestConfig(ssl);
1581 TestState *test_state = GetTestState(ssl);
1582 test_state->early_callback_called = true;
1583
1584 if (!config->expect_server_name.empty()) {
1585 const char *server_name =
1586 SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
1587 if (server_name == nullptr ||
1588 std::string(server_name) != config->expect_server_name) {
1589 fprintf(stderr,
1590 "Server name mismatch in early callback (got %s; want %s).\n",
1591 server_name, config->expect_server_name.c_str());
1592 return ssl_select_cert_error;
1593 }
1594 }
1595
1596 if (config->fail_early_callback) {
1597 return ssl_select_cert_error;
1598 }
1599
1600 // Simulate some asynchronous work in the early callback.
1601 if ((config->use_early_callback || test_state->get_handshake_hints_cb) &&
1602 config->async && !test_state->early_callback_ready) {
1603 return ssl_select_cert_retry;
1604 }
1605
1606 if (test_state->get_handshake_hints_cb &&
1607 !test_state->get_handshake_hints_cb(client_hello)) {
1608 return ssl_select_cert_error;
1609 }
1610
1611 if (config->use_early_callback && !InstallCertificate(ssl)) {
1612 return ssl_select_cert_error;
1613 }
1614
1615 return ssl_select_cert_success;
1616 }
1617
SetQuicReadSecret(SSL * ssl,enum ssl_encryption_level_t level,const SSL_CIPHER * cipher,const uint8_t * secret,size_t secret_len)1618 static int SetQuicReadSecret(SSL *ssl, enum ssl_encryption_level_t level,
1619 const SSL_CIPHER *cipher, const uint8_t *secret,
1620 size_t secret_len) {
1621 MockQuicTransport *quic_transport = GetTestState(ssl)->quic_transport.get();
1622 if (quic_transport == nullptr) {
1623 fprintf(stderr, "No QUIC transport.\n");
1624 return 0;
1625 }
1626 return quic_transport->SetReadSecret(level, cipher, secret, secret_len);
1627 }
1628
SetQuicWriteSecret(SSL * ssl,enum ssl_encryption_level_t level,const SSL_CIPHER * cipher,const uint8_t * secret,size_t secret_len)1629 static int SetQuicWriteSecret(SSL *ssl, enum ssl_encryption_level_t level,
1630 const SSL_CIPHER *cipher, const uint8_t *secret,
1631 size_t secret_len) {
1632 MockQuicTransport *quic_transport = GetTestState(ssl)->quic_transport.get();
1633 if (quic_transport == nullptr) {
1634 fprintf(stderr, "No QUIC transport.\n");
1635 return 0;
1636 }
1637 return quic_transport->SetWriteSecret(level, cipher, secret, secret_len);
1638 }
1639
AddQuicHandshakeData(SSL * ssl,enum ssl_encryption_level_t level,const uint8_t * data,size_t len)1640 static int AddQuicHandshakeData(SSL *ssl, enum ssl_encryption_level_t level,
1641 const uint8_t *data, size_t len) {
1642 MockQuicTransport *quic_transport = GetTestState(ssl)->quic_transport.get();
1643 if (quic_transport == nullptr) {
1644 fprintf(stderr, "No QUIC transport.\n");
1645 return 0;
1646 }
1647 return quic_transport->WriteHandshakeData(level, data, len);
1648 }
1649
FlushQuicFlight(SSL * ssl)1650 static int FlushQuicFlight(SSL *ssl) {
1651 MockQuicTransport *quic_transport = GetTestState(ssl)->quic_transport.get();
1652 if (quic_transport == nullptr) {
1653 fprintf(stderr, "No QUIC transport.\n");
1654 return 0;
1655 }
1656 return quic_transport->Flush();
1657 }
1658
SendQuicAlert(SSL * ssl,enum ssl_encryption_level_t level,uint8_t alert)1659 static int SendQuicAlert(SSL *ssl, enum ssl_encryption_level_t level,
1660 uint8_t alert) {
1661 MockQuicTransport *quic_transport = GetTestState(ssl)->quic_transport.get();
1662 if (quic_transport == nullptr) {
1663 fprintf(stderr, "No QUIC transport.\n");
1664 return 0;
1665 }
1666 return quic_transport->SendAlert(level, alert);
1667 }
1668
1669 static const SSL_QUIC_METHOD g_quic_method = {
1670 SetQuicReadSecret,
1671 SetQuicWriteSecret,
1672 AddQuicHandshakeData,
1673 FlushQuicFlight,
1674 SendQuicAlert,
1675 };
1676
MaybeInstallCertCompressionAlg(const TestConfig * config,SSL_CTX * ssl_ctx,uint16_t alg,ssl_cert_compression_func_t compress,ssl_cert_decompression_func_t decompress)1677 static bool MaybeInstallCertCompressionAlg(
1678 const TestConfig *config, SSL_CTX *ssl_ctx, uint16_t alg,
1679 ssl_cert_compression_func_t compress,
1680 ssl_cert_decompression_func_t decompress) {
1681 if (!config->install_cert_compression_algs &&
1682 config->install_one_cert_compression_alg != alg) {
1683 return true;
1684 }
1685 return SSL_CTX_add_cert_compression_alg(ssl_ctx, alg, compress, decompress);
1686 }
1687
SetupCtx(SSL_CTX * old_ctx) const1688 bssl::UniquePtr<SSL_CTX> TestConfig::SetupCtx(SSL_CTX *old_ctx) const {
1689 bssl::UniquePtr<SSL_CTX> ssl_ctx(
1690 SSL_CTX_new(is_dtls ? DTLS_method() : TLS_method()));
1691 if (!ssl_ctx) {
1692 return nullptr;
1693 }
1694
1695 SSL_CTX_set0_buffer_pool(ssl_ctx.get(), BufferPool());
1696
1697 std::string cipher_list = "ALL:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
1698 if (!cipher.empty()) {
1699 cipher_list = cipher;
1700 SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
1701 }
1702 if (!SSL_CTX_set_strict_cipher_list(ssl_ctx.get(), cipher_list.c_str())) {
1703 return nullptr;
1704 }
1705
1706 if (async && is_server) {
1707 // Disable the internal session cache. To test asynchronous session lookup,
1708 // we use an external session cache.
1709 SSL_CTX_set_session_cache_mode(
1710 ssl_ctx.get(), SSL_SESS_CACHE_BOTH | SSL_SESS_CACHE_NO_INTERNAL);
1711 SSL_CTX_sess_set_get_cb(ssl_ctx.get(), GetSessionCallback);
1712 } else {
1713 SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH);
1714 }
1715
1716 SSL_CTX_set_select_certificate_cb(ssl_ctx.get(), SelectCertificateCallback);
1717
1718 if (use_old_client_cert_callback) {
1719 SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback);
1720 }
1721
1722 SSL_CTX_set_next_protos_advertised_cb(ssl_ctx.get(),
1723 NextProtosAdvertisedCallback, NULL);
1724 if (!select_next_proto.empty()) {
1725 SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback,
1726 NULL);
1727 }
1728
1729 if (!select_alpn.empty() || decline_alpn || reject_alpn ||
1730 select_empty_alpn) {
1731 SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL);
1732 }
1733
1734 SSL_CTX_set_current_time_cb(ssl_ctx.get(), CurrentTimeCallback);
1735
1736 SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback);
1737 SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
1738
1739 if (use_ticket_callback || handshake_hints) {
1740 // If using handshake hints, always enable the ticket callback, so we can
1741 // check that hints only mismatch when allowed. The ticket callback also
1742 // uses a constant key, which simplifies the test.
1743 SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback);
1744 }
1745
1746 if (!use_custom_verify_callback) {
1747 SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), CertVerifyCallback, NULL);
1748 }
1749
1750 if (!signed_cert_timestamps.empty() &&
1751 !SSL_CTX_set_signed_cert_timestamp_list(
1752 ssl_ctx.get(), (const uint8_t *)signed_cert_timestamps.data(),
1753 signed_cert_timestamps.size())) {
1754 return nullptr;
1755 }
1756
1757 if (!use_client_ca_list.empty()) {
1758 if (use_client_ca_list == "<NULL>") {
1759 SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
1760 } else if (use_client_ca_list == "<EMPTY>") {
1761 bssl::UniquePtr<STACK_OF(X509_NAME)> names;
1762 SSL_CTX_set_client_CA_list(ssl_ctx.get(), names.release());
1763 } else {
1764 bssl::UniquePtr<STACK_OF(X509_NAME)> names =
1765 DecodeHexX509Names(use_client_ca_list);
1766 SSL_CTX_set_client_CA_list(ssl_ctx.get(), names.release());
1767 }
1768 }
1769
1770 if (enable_grease) {
1771 SSL_CTX_set_grease_enabled(ssl_ctx.get(), 1);
1772 }
1773
1774 if (permute_extensions) {
1775 SSL_CTX_set_permute_extensions(ssl_ctx.get(), 1);
1776 }
1777
1778 if (!expect_server_name.empty()) {
1779 SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback);
1780 }
1781
1782 if (enable_early_data) {
1783 SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1);
1784 }
1785
1786 if (allow_unknown_alpn_protos) {
1787 SSL_CTX_set_allow_unknown_alpn_protos(ssl_ctx.get(), 1);
1788 }
1789
1790 if (!verify_prefs.empty()) {
1791 if (!SSL_CTX_set_verify_algorithm_prefs(ssl_ctx.get(), verify_prefs.data(),
1792 verify_prefs.size())) {
1793 return nullptr;
1794 }
1795 }
1796
1797 SSL_CTX_set_msg_callback(ssl_ctx.get(), MessageCallback);
1798
1799 if (allow_false_start_without_alpn) {
1800 SSL_CTX_set_false_start_allowed_without_alpn(ssl_ctx.get(), 1);
1801 }
1802
1803 if (use_ocsp_callback) {
1804 SSL_CTX_set_tlsext_status_cb(ssl_ctx.get(), LegacyOCSPCallback);
1805 }
1806
1807 if (old_ctx) {
1808 uint8_t keys[48];
1809 if (!SSL_CTX_get_tlsext_ticket_keys(old_ctx, &keys, sizeof(keys)) ||
1810 !SSL_CTX_set_tlsext_ticket_keys(ssl_ctx.get(), keys, sizeof(keys))) {
1811 return nullptr;
1812 }
1813 CopySessions(ssl_ctx.get(), old_ctx);
1814 } else if (!ticket_key.empty() &&
1815 !SSL_CTX_set_tlsext_ticket_keys(ssl_ctx.get(), ticket_key.data(),
1816 ticket_key.size())) {
1817 return nullptr;
1818 }
1819
1820 // These mock compression algorithms match the corresponding ones in
1821 // |addCertCompressionTests|.
1822 if (!MaybeInstallCertCompressionAlg(
1823 this, ssl_ctx.get(), 0xff02,
1824 [](SSL *ssl, CBB *out, const uint8_t *in, size_t in_len) -> int {
1825 if (!CBB_add_u8(out, 1) || !CBB_add_u8(out, 2) ||
1826 !CBB_add_u8(out, 3) || !CBB_add_u8(out, 4) ||
1827 !CBB_add_bytes(out, in, in_len)) {
1828 return 0;
1829 }
1830 return 1;
1831 },
1832 [](SSL *ssl, CRYPTO_BUFFER **out, size_t uncompressed_len,
1833 const uint8_t *in, size_t in_len) -> int {
1834 if (in_len < 4 || in[0] != 1 || in[1] != 2 || in[2] != 3 ||
1835 in[3] != 4 || uncompressed_len != in_len - 4) {
1836 return 0;
1837 }
1838 const bssl::Span<const uint8_t> uncompressed(in + 4, in_len - 4);
1839 *out = CRYPTO_BUFFER_new(uncompressed.data(), uncompressed.size(),
1840 nullptr);
1841 return *out != nullptr;
1842 }) ||
1843 !MaybeInstallCertCompressionAlg(
1844 this, ssl_ctx.get(), 0xff01,
1845 [](SSL *ssl, CBB *out, const uint8_t *in, size_t in_len) -> int {
1846 if (in_len < 2 || in[0] != 0 || in[1] != 0) {
1847 return 0;
1848 }
1849 return CBB_add_bytes(out, in + 2, in_len - 2);
1850 },
1851 [](SSL *ssl, CRYPTO_BUFFER **out, size_t uncompressed_len,
1852 const uint8_t *in, size_t in_len) -> int {
1853 if (uncompressed_len != 2 + in_len) {
1854 return 0;
1855 }
1856 auto buf = std::make_unique<uint8_t[]>(2 + in_len);
1857 buf[0] = 0;
1858 buf[1] = 0;
1859 OPENSSL_memcpy(&buf[2], in, in_len);
1860 *out = CRYPTO_BUFFER_new(buf.get(), 2 + in_len, nullptr);
1861 return *out != nullptr;
1862 }) ||
1863 !MaybeInstallCertCompressionAlg(
1864 this, ssl_ctx.get(), 0xff03,
1865 [](SSL *ssl, CBB *out, const uint8_t *in, size_t in_len) -> int {
1866 uint8_t byte;
1867 return RAND_bytes(&byte, 1) && //
1868 CBB_add_u8(out, byte) && //
1869 CBB_add_bytes(out, in, in_len);
1870 },
1871 [](SSL *ssl, CRYPTO_BUFFER **out, size_t uncompressed_len,
1872 const uint8_t *in, size_t in_len) -> int {
1873 if (uncompressed_len + 1 != in_len) {
1874 return 0;
1875 }
1876 *out = CRYPTO_BUFFER_new(in + 1, in_len - 1, nullptr);
1877 return *out != nullptr;
1878 })) {
1879 fprintf(stderr, "SSL_CTX_add_cert_compression_alg failed.\n");
1880 abort();
1881 }
1882
1883 if (server_preference) {
1884 SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
1885 }
1886
1887 if (is_quic) {
1888 SSL_CTX_set_quic_method(ssl_ctx.get(), &g_quic_method);
1889 }
1890
1891 return ssl_ctx;
1892 }
1893
DDoSCallback(const SSL_CLIENT_HELLO * client_hello)1894 static int DDoSCallback(const SSL_CLIENT_HELLO *client_hello) {
1895 const TestConfig *config = GetTestConfig(client_hello->ssl);
1896 return config->fail_ddos_callback ? 0 : 1;
1897 }
1898
PskClientCallback(SSL * ssl,const char * hint,char * out_identity,unsigned max_identity_len,uint8_t * out_psk,unsigned max_psk_len)1899 static unsigned PskClientCallback(SSL *ssl, const char *hint,
1900 char *out_identity, unsigned max_identity_len,
1901 uint8_t *out_psk, unsigned max_psk_len) {
1902 const TestConfig *config = GetTestConfig(ssl);
1903
1904 if (config->psk_identity.empty()) {
1905 if (hint != nullptr) {
1906 fprintf(stderr, "Server PSK hint was non-null.\n");
1907 return 0;
1908 }
1909 } else if (hint == nullptr ||
1910 strcmp(hint, config->psk_identity.c_str()) != 0) {
1911 fprintf(stderr, "Server PSK hint did not match.\n");
1912 return 0;
1913 }
1914
1915 // Account for the trailing '\0' for the identity.
1916 if (config->psk_identity.size() >= max_identity_len ||
1917 config->psk.size() > max_psk_len) {
1918 fprintf(stderr, "PSK buffers too small.\n");
1919 return 0;
1920 }
1921
1922 OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(), max_identity_len);
1923 OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
1924 return static_cast<unsigned>(config->psk.size());
1925 }
1926
PskServerCallback(SSL * ssl,const char * identity,uint8_t * out_psk,unsigned max_psk_len)1927 static unsigned PskServerCallback(SSL *ssl, const char *identity,
1928 uint8_t *out_psk, unsigned max_psk_len) {
1929 const TestConfig *config = GetTestConfig(ssl);
1930
1931 if (strcmp(identity, config->psk_identity.c_str()) != 0) {
1932 fprintf(stderr, "Client PSK identity did not match.\n");
1933 return 0;
1934 }
1935
1936 if (config->psk.size() > max_psk_len) {
1937 fprintf(stderr, "PSK buffers too small.\n");
1938 return 0;
1939 }
1940
1941 OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
1942 return static_cast<unsigned>(config->psk.size());
1943 }
1944
CustomVerifyCallback(SSL * ssl,uint8_t * out_alert)1945 static ssl_verify_result_t CustomVerifyCallback(SSL *ssl, uint8_t *out_alert) {
1946 const TestConfig *config = GetTestConfig(ssl);
1947 if (!CheckVerifyCallback(ssl)) {
1948 return ssl_verify_invalid;
1949 }
1950
1951 if (config->async && !GetTestState(ssl)->custom_verify_ready) {
1952 return ssl_verify_retry;
1953 }
1954
1955 GetTestState(ssl)->cert_verified = true;
1956 if (config->verify_fail) {
1957 return ssl_verify_invalid;
1958 }
1959
1960 return ssl_verify_ok;
1961 }
1962
CertCallback(SSL * ssl,void * arg)1963 static int CertCallback(SSL *ssl, void *arg) {
1964 const TestConfig *config = GetTestConfig(ssl);
1965
1966 // Check the peer certificate metadata is as expected.
1967 if ((!SSL_is_server(ssl) && !CheckCertificateRequest(ssl)) ||
1968 !CheckPeerVerifyPrefs(ssl)) {
1969 return -1;
1970 }
1971
1972 if (config->fail_cert_callback) {
1973 return 0;
1974 }
1975
1976 // The certificate will be installed via other means.
1977 if (!config->async || config->use_early_callback) {
1978 return 1;
1979 }
1980
1981 if (!GetTestState(ssl)->cert_ready) {
1982 return -1;
1983 }
1984 if (!InstallCertificate(ssl)) {
1985 return 0;
1986 }
1987 return 1;
1988 }
1989
NewSSL(SSL_CTX * ssl_ctx,SSL_SESSION * session,std::unique_ptr<TestState> test_state) const1990 bssl::UniquePtr<SSL> TestConfig::NewSSL(
1991 SSL_CTX *ssl_ctx, SSL_SESSION *session,
1992 std::unique_ptr<TestState> test_state) const {
1993 bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx));
1994 if (!ssl) {
1995 return nullptr;
1996 }
1997
1998 if (!SetTestConfig(ssl.get(), this)) {
1999 return nullptr;
2000 }
2001 if (test_state != nullptr) {
2002 if (!SetTestState(ssl.get(), std::move(test_state))) {
2003 return nullptr;
2004 }
2005 }
2006
2007 if (fallback_scsv && !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) {
2008 return nullptr;
2009 }
2010 // Install the certificate synchronously if nothing else will handle it.
2011 if (!use_early_callback && !use_old_client_cert_callback && !async &&
2012 !InstallCertificate(ssl.get())) {
2013 return nullptr;
2014 }
2015 if (!use_old_client_cert_callback) {
2016 SSL_set_cert_cb(ssl.get(), CertCallback, nullptr);
2017 }
2018 int mode = SSL_VERIFY_NONE;
2019 if (require_any_client_certificate) {
2020 mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
2021 }
2022 if (verify_peer) {
2023 mode = SSL_VERIFY_PEER;
2024 }
2025 if (verify_peer_if_no_obc) {
2026 // Set SSL_VERIFY_FAIL_IF_NO_PEER_CERT so testing whether client
2027 // certificates were requested is easy.
2028 mode = SSL_VERIFY_PEER | SSL_VERIFY_PEER_IF_NO_OBC |
2029 SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
2030 }
2031 if (use_custom_verify_callback) {
2032 SSL_set_custom_verify(ssl.get(), mode, CustomVerifyCallback);
2033 } else if (mode != SSL_VERIFY_NONE) {
2034 SSL_set_verify(ssl.get(), mode, NULL);
2035 }
2036 if (false_start) {
2037 SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_FALSE_START);
2038 }
2039 if (cbc_record_splitting) {
2040 SSL_set_mode(ssl.get(), SSL_MODE_CBC_RECORD_SPLITTING);
2041 }
2042 if (partial_write) {
2043 SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
2044 }
2045 if (reverify_on_resume) {
2046 SSL_CTX_set_reverify_on_resume(ssl_ctx, 1);
2047 }
2048 if (ignore_rsa_key_usage) {
2049 SSL_set_enforce_rsa_key_usage(ssl.get(), 0);
2050 }
2051 if (no_check_client_certificate_type) {
2052 SSL_set_check_client_certificate_type(ssl.get(), 0);
2053 }
2054 if (no_check_ecdsa_curve) {
2055 SSL_set_check_ecdsa_curve(ssl.get(), 0);
2056 }
2057 if (no_tls13) {
2058 SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3);
2059 }
2060 if (no_tls12) {
2061 SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2);
2062 }
2063 if (no_tls11) {
2064 SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1);
2065 }
2066 if (no_tls1) {
2067 SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1);
2068 }
2069 if (no_ticket) {
2070 SSL_set_options(ssl.get(), SSL_OP_NO_TICKET);
2071 }
2072 if (!expect_channel_id.empty() || enable_channel_id) {
2073 SSL_set_tls_channel_id_enabled(ssl.get(), 1);
2074 }
2075 if (enable_ech_grease) {
2076 SSL_set_enable_ech_grease(ssl.get(), 1);
2077 }
2078 if (static_cast<int>(fips_202205) + static_cast<int>(wpa_202304) > 1) {
2079 fprintf(stderr, "Multiple policy options given\n");
2080 return nullptr;
2081 }
2082 if (fips_202205 && !SSL_set_compliance_policy(
2083 ssl.get(), ssl_compliance_policy_fips_202205)) {
2084 fprintf(stderr, "SSL_set_compliance_policy failed\n");
2085 return nullptr;
2086 }
2087 if (wpa_202304 && !SSL_set_compliance_policy(
2088 ssl.get(), ssl_compliance_policy_wpa3_192_202304)) {
2089 fprintf(stderr, "SSL_set_compliance_policy failed\n");
2090 return nullptr;
2091 }
2092 if (!ech_config_list.empty() &&
2093 !SSL_set1_ech_config_list(
2094 ssl.get(), reinterpret_cast<const uint8_t *>(ech_config_list.data()),
2095 ech_config_list.size())) {
2096 return nullptr;
2097 }
2098 if (ech_server_configs.size() != ech_server_keys.size() ||
2099 ech_server_configs.size() != ech_is_retry_config.size()) {
2100 fprintf(stderr,
2101 "-ech-server-config, -ech-server-key, and -ech-is-retry-config "
2102 "flags must match.\n");
2103 return nullptr;
2104 }
2105 if (!ech_server_configs.empty()) {
2106 bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new());
2107 if (!keys) {
2108 return nullptr;
2109 }
2110 for (size_t i = 0; i < ech_server_configs.size(); i++) {
2111 const std::string &ech_config = ech_server_configs[i];
2112 const std::string &ech_private_key = ech_server_keys[i];
2113 const int is_retry_config = ech_is_retry_config[i];
2114 bssl::ScopedEVP_HPKE_KEY key;
2115 if (!EVP_HPKE_KEY_init(
2116 key.get(), EVP_hpke_x25519_hkdf_sha256(),
2117 reinterpret_cast<const uint8_t *>(ech_private_key.data()),
2118 ech_private_key.size()) ||
2119 !SSL_ECH_KEYS_add(
2120 keys.get(), is_retry_config,
2121 reinterpret_cast<const uint8_t *>(ech_config.data()),
2122 ech_config.size(), key.get())) {
2123 return nullptr;
2124 }
2125 }
2126 if (!SSL_CTX_set1_ech_keys(ssl_ctx, keys.get())) {
2127 return nullptr;
2128 }
2129 }
2130 if (!send_channel_id.empty()) {
2131 bssl::UniquePtr<EVP_PKEY> pkey = LoadPrivateKey(send_channel_id);
2132 if (!pkey || !SSL_set1_tls_channel_id(ssl.get(), pkey.get())) {
2133 return nullptr;
2134 }
2135 }
2136 if (!host_name.empty() &&
2137 !SSL_set_tlsext_host_name(ssl.get(), host_name.c_str())) {
2138 return nullptr;
2139 }
2140 if (!advertise_alpn.empty() &&
2141 SSL_set_alpn_protos(
2142 ssl.get(), reinterpret_cast<const uint8_t *>(advertise_alpn.data()),
2143 advertise_alpn.size()) != 0) {
2144 return nullptr;
2145 }
2146 if (!defer_alps) {
2147 for (const auto &pair : application_settings) {
2148 if (!SSL_add_application_settings(
2149 ssl.get(), reinterpret_cast<const uint8_t *>(pair.first.data()),
2150 pair.first.size(),
2151 reinterpret_cast<const uint8_t *>(pair.second.data()),
2152 pair.second.size())) {
2153 return nullptr;
2154 }
2155 }
2156 }
2157 if (!psk.empty()) {
2158 SSL_set_psk_client_callback(ssl.get(), PskClientCallback);
2159 SSL_set_psk_server_callback(ssl.get(), PskServerCallback);
2160 }
2161 if (!psk_identity.empty() &&
2162 !SSL_use_psk_identity_hint(ssl.get(), psk_identity.c_str())) {
2163 return nullptr;
2164 }
2165 if (!srtp_profiles.empty() &&
2166 !SSL_set_srtp_profiles(ssl.get(), srtp_profiles.c_str())) {
2167 return nullptr;
2168 }
2169 if (enable_ocsp_stapling) {
2170 SSL_enable_ocsp_stapling(ssl.get());
2171 }
2172 if (enable_signed_cert_timestamps) {
2173 SSL_enable_signed_cert_timestamps(ssl.get());
2174 }
2175 if (min_version != 0 &&
2176 !SSL_set_min_proto_version(ssl.get(), min_version)) {
2177 return nullptr;
2178 }
2179 if (max_version != 0 &&
2180 !SSL_set_max_proto_version(ssl.get(), max_version)) {
2181 return nullptr;
2182 }
2183 if (mtu != 0) {
2184 SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU);
2185 SSL_set_mtu(ssl.get(), mtu);
2186 }
2187 if (install_ddos_callback) {
2188 SSL_CTX_set_dos_protection_cb(ssl_ctx, DDoSCallback);
2189 }
2190 SSL_set_shed_handshake_config(ssl.get(), true);
2191 if (renegotiate_once) {
2192 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_once);
2193 }
2194 if (renegotiate_freely || forbid_renegotiation_after_handshake) {
2195 // |forbid_renegotiation_after_handshake| will disable renegotiation later.
2196 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely);
2197 }
2198 if (renegotiate_ignore) {
2199 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_ignore);
2200 }
2201 if (renegotiate_explicit) {
2202 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_explicit);
2203 }
2204 if (!check_close_notify) {
2205 SSL_set_quiet_shutdown(ssl.get(), 1);
2206 }
2207 if (!curves.empty() &&
2208 !SSL_set1_group_ids(ssl.get(), curves.data(), curves.size())) {
2209 return nullptr;
2210 }
2211 if (initial_timeout_duration_ms > 0) {
2212 DTLSv1_set_initial_timeout_duration(ssl.get(), initial_timeout_duration_ms);
2213 }
2214 if (max_cert_list > 0) {
2215 SSL_set_max_cert_list(ssl.get(), max_cert_list);
2216 }
2217 if (retain_only_sha256_client_cert) {
2218 SSL_set_retain_only_sha256_of_client_certs(ssl.get(), 1);
2219 }
2220 if (max_send_fragment > 0) {
2221 SSL_set_max_send_fragment(ssl.get(), max_send_fragment);
2222 }
2223 if (alps_use_new_codepoint) {
2224 SSL_set_alps_use_new_codepoint(ssl.get(), 1);
2225 }
2226 if (quic_use_legacy_codepoint != -1) {
2227 SSL_set_quic_use_legacy_codepoint(ssl.get(), quic_use_legacy_codepoint);
2228 }
2229 if (!quic_transport_params.empty()) {
2230 if (!SSL_set_quic_transport_params(
2231 ssl.get(),
2232 reinterpret_cast<const uint8_t *>(quic_transport_params.data()),
2233 quic_transport_params.size())) {
2234 return nullptr;
2235 }
2236 }
2237 if (jdk11_workaround) {
2238 SSL_set_jdk11_workaround(ssl.get(), 1);
2239 }
2240
2241 if (session != NULL) {
2242 if (!is_server) {
2243 if (SSL_set_session(ssl.get(), session) != 1) {
2244 return nullptr;
2245 }
2246 } else if (async) {
2247 // The internal session cache is disabled, so install the session
2248 // manually.
2249 SSL_SESSION_up_ref(session);
2250 GetTestState(ssl.get())->pending_session.reset(session);
2251 }
2252 }
2253
2254 if (!quic_early_data_context.empty() &&
2255 !SSL_set_quic_early_data_context(
2256 ssl.get(),
2257 reinterpret_cast<const uint8_t *>(quic_early_data_context.data()),
2258 quic_early_data_context.size())) {
2259 return nullptr;
2260 }
2261
2262 return ssl;
2263 }
2264