1 /* Copyright (c) 2018, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #include "test_state.h" 16 17 #include <openssl/ssl.h> 18 19 #include "../../crypto/internal.h" 20 #include "../internal.h" 21 22 using namespace bssl; 23 24 static CRYPTO_once_t g_once = CRYPTO_ONCE_INIT; 25 static int g_state_index = 0; 26 // Some code treats the zero time special, so initialize the clock to a 27 // non-zero time. 28 static timeval g_clock = { 1234, 1234 }; 29 30 static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, 31 int index, long argl, void *argp) { 32 delete ((TestState *)ptr); 33 } 34 35 static void init_once() { 36 g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree); 37 if (g_state_index < 0) { 38 abort(); 39 } 40 } 41 42 struct timeval *GetClock() { 43 CRYPTO_once(&g_once, init_once); 44 return &g_clock; 45 } 46 47 void AdvanceClock(unsigned seconds) { 48 CRYPTO_once(&g_once, init_once); 49 g_clock.tv_sec += seconds; 50 } 51 52 bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) { 53 CRYPTO_once(&g_once, init_once); 54 // |SSL_set_ex_data| takes ownership of |state| only on success. 55 if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) { 56 state.release(); 57 return true; 58 } 59 return false; 60 } 61 62 TestState *GetTestState(const SSL *ssl) { 63 CRYPTO_once(&g_once, init_once); 64 return (TestState *)SSL_get_ex_data(ssl, g_state_index); 65 } 66 67 static void ssl_ctx_add_session(SSL_SESSION *session, void *void_param) { 68 SSL_CTX *ctx = reinterpret_cast<SSL_CTX *>(void_param); 69 UniquePtr<SSL_SESSION> new_session = SSL_SESSION_dup( 70 session, SSL_SESSION_INCLUDE_NONAUTH | SSL_SESSION_INCLUDE_TICKET); 71 if (new_session != nullptr) { 72 SSL_CTX_add_session(ctx, new_session.get()); 73 } 74 } 75 76 void CopySessions(SSL_CTX *dst, const SSL_CTX *src) { 77 lh_SSL_SESSION_doall_arg(src->sessions, ssl_ctx_add_session, dst); 78 } 79 80 static void push_session(SSL_SESSION *session, void *arg) { 81 auto s = reinterpret_cast<std::vector<SSL_SESSION *> *>(arg); 82 s->push_back(session); 83 } 84 85 bool SerializeContextState(SSL_CTX *ctx, CBB *cbb) { 86 CBB out, ctx_sessions, ticket_keys; 87 uint8_t keys[48]; 88 if (!CBB_add_u24_length_prefixed(cbb, &out) || 89 !CBB_add_u16(&out, 0 /* version */) || 90 !SSL_CTX_get_tlsext_ticket_keys(ctx, &keys, sizeof(keys)) || 91 !CBB_add_u8_length_prefixed(&out, &ticket_keys) || 92 !CBB_add_bytes(&ticket_keys, keys, sizeof(keys)) || 93 !CBB_add_asn1(&out, &ctx_sessions, CBS_ASN1_SEQUENCE)) { 94 return false; 95 } 96 std::vector<SSL_SESSION *> sessions; 97 lh_SSL_SESSION_doall_arg(ctx->sessions, push_session, &sessions); 98 for (const auto &sess : sessions) { 99 if (!ssl_session_serialize(sess, &ctx_sessions)) { 100 return false; 101 } 102 } 103 return CBB_flush(cbb); 104 } 105 106 bool DeserializeContextState(CBS *cbs, SSL_CTX *ctx) { 107 CBS in, sessions, ticket_keys; 108 uint16_t version; 109 constexpr uint16_t kVersion = 0; 110 if (!CBS_get_u24_length_prefixed(cbs, &in) || 111 !CBS_get_u16(&in, &version) || 112 version > kVersion || 113 !CBS_get_u8_length_prefixed(&in, &ticket_keys) || 114 !SSL_CTX_set_tlsext_ticket_keys(ctx, CBS_data(&ticket_keys), 115 CBS_len(&ticket_keys)) || 116 !CBS_get_asn1(&in, &sessions, CBS_ASN1_SEQUENCE)) { 117 return false; 118 } 119 while (CBS_len(&sessions)) { 120 UniquePtr<SSL_SESSION> session = 121 SSL_SESSION_parse(&sessions, ctx->x509_method, ctx->pool); 122 if (!session) { 123 return false; 124 } 125 SSL_CTX_add_session(ctx, session.get()); 126 } 127 return true; 128 } 129 130 bool TestState::Serialize(CBB *cbb) const { 131 CBB out, pending, text; 132 if (!CBB_add_u24_length_prefixed(cbb, &out) || 133 !CBB_add_u16(&out, 0 /* version */) || 134 !CBB_add_u24_length_prefixed(&out, &pending) || 135 (pending_session && 136 !ssl_session_serialize(pending_session.get(), &pending)) || 137 !CBB_add_u16_length_prefixed(&out, &text) || 138 !CBB_add_bytes( 139 &text, reinterpret_cast<const uint8_t *>(msg_callback_text.data()), 140 msg_callback_text.length()) || 141 !CBB_flush(cbb)) { 142 return false; 143 } 144 return true; 145 } 146 147 std::unique_ptr<TestState> TestState::Deserialize(CBS *cbs, SSL_CTX *ctx) { 148 CBS in, pending_session, text; 149 std::unique_ptr<TestState> out_state(new TestState()); 150 uint16_t version; 151 constexpr uint16_t kVersion = 0; 152 if (!CBS_get_u24_length_prefixed(cbs, &in) || 153 !CBS_get_u16(&in, &version) || 154 version > kVersion || 155 !CBS_get_u24_length_prefixed(&in, &pending_session) || 156 !CBS_get_u16_length_prefixed(&in, &text)) { 157 return nullptr; 158 } 159 if (CBS_len(&pending_session)) { 160 out_state->pending_session = SSL_SESSION_parse( 161 &pending_session, ctx->x509_method, ctx->pool); 162 if (!out_state->pending_session) { 163 return nullptr; 164 } 165 } 166 out_state->msg_callback_text = std::string( 167 reinterpret_cast<const char *>(CBS_data(&text)), CBS_len(&text)); 168 return out_state; 169 } 170